From 54f68f3cd70d3ade60cbc338d83dda05665f94b1 Mon Sep 17 00:00:00 2001 From: Christopher Yoo Date: Fri, 7 Jun 2019 16:39:45 -0700 Subject: [PATCH 001/395] Call out for those without Store on their machine --- windows/privacy/diagnostic-data-viewer-overview.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index ec0ba4cd4a..92b7cb467a 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -44,6 +44,9 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn ### Download the Diagnostic Data Viewer Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. + >[!Important] + >It's possible that your Windows machine may not have the Microsoft Store available (e.g. Windows Server). If this is the case, please check out [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). + ### Start the Diagnostic Data Viewer You can start this app from the **Settings** panel. From 571ede347299e39f7d762b0972120a1482b33e39 Mon Sep 17 00:00:00 2001 From: mapalko Date: Mon, 10 Jun 2019 11:59:23 -0700 Subject: [PATCH 002/395] Updating CDF references Removing some of the CDF section. This should not be recommended to meet FIPS compliance. --- .../threat-protection/windows-10-mobile-security-guide.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index cadf290d91..cd1f4442c5 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -72,8 +72,6 @@ The biometric image collected at enrollment is converted into an algorithmic for A Windows Hello companion device enables a physical device, like a wearable, to serve as a factor for validating the user’s identity before granting them access to their credentials. For instance, when the user has physical possession of a companion device they can easily, possibly even automatically, unlock their PC and authenticate with apps and websites. This type of device can be useful for smartphones or tablets that don’t have integrated biometric sensors or for industries where users need a faster, more convenient sign-in experience, such as retail. -In some cases, the companion device for Windows Hello enables a physical device, like a phone, wearable, or other types of device to store all of the user’s credentials. Storage of the credentials on a mobile device makes it possible to use them on any supporting device, like a kiosk or family PC, and eliminates the need to enroll Windows Hello on each device. Companion devices also help enable organizations to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS 140-2). - ### Standards-based approach The Fast Identity Online (FIDO) Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices and the problems users face in creating and remembering multiple user names and passwords. FIDO standards help reduce reliance on passwords to authenticate users of online services securely, allowing any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms. From 97758f49989d22ddb32f17778cddd58b24b01394 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 12 Jun 2019 15:20:26 -0700 Subject: [PATCH 003/395] Changed "machine" to "device." --- windows/privacy/diagnostic-data-viewer-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 92b7cb467a..44a4dba799 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -45,7 +45,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. >[!Important] - >It's possible that your Windows machine may not have the Microsoft Store available (e.g. Windows Server). If this is the case, please check out [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). + >It's possible that your Windows device doesn't have the Microsoft Store available (e.g. Windows Server). If this is the case, please check out [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). ### Start the Diagnostic Data Viewer You can start this app from the **Settings** panel. From fd0654a2fc5932f30eb1ed084295ef93f66b5b83 Mon Sep 17 00:00:00 2001 From: Marcelo di Iorio Date: Thu, 13 Jun 2019 10:22:37 +0200 Subject: [PATCH 004/395] Update hello-hybrid-cert-whfb-settings-pki.md In line 114, shouldn't we say "Exchange Enrollment Agent (Offline request)"? --- .../hello-for-business/hello-hybrid-cert-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 6e3126b3c7..d4233e1945 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -111,7 +111,7 @@ Sign-in a certificate authority or management workstations with *Domain Admin* e 1. Open the **Certificate Authority** management console. 2. Right-click **Certificate Templates** and click **Manage**. -3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**. +3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent (Offline request)** template in the details pane and click **Duplicate Template**. 4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list. 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs. 6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**. From b4e06f0a5db03e0f2067a1e1cb37a305f370b705 Mon Sep 17 00:00:00 2001 From: Chris Kibble <39386226+ChrisKibble@users.noreply.github.com> Date: Thu, 13 Jun 2019 08:40:54 -0400 Subject: [PATCH 005/395] Fixed end comment in previous suggested file change. --- windows/deployment/update/feature-update-user-install.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md index 489c2fcbfd..f46f295f30 100644 --- a/windows/deployment/update/feature-update-user-install.md +++ b/windows/deployment/update/feature-update-user-install.md @@ -69,6 +69,7 @@ foreach ($k in $iniSetupConfigKeyValuePair.Keys) #Write content to file New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force +<# Disclaimer Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without @@ -78,6 +79,7 @@ Microsoft, its authors, or anyone else involved in the creation, production, or for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script or documentation, even if Microsoft has been advised of the possibility of such damages. +#> ``` >[!NOTE] From b3c063d4b024220067f446b815bd0e5ae78294bf Mon Sep 17 00:00:00 2001 From: karthigb Date: Thu, 20 Jun 2019 09:35:16 -0700 Subject: [PATCH 006/395] Update create-windows-firewall-rules-in-intune.md --- .../create-windows-firewall-rules-in-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 8de4021830..bf20974a75 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -123,8 +123,8 @@ Default is Any address. [Learn more](https://aka.ms/intunefirewallremotaddressrule) -## Edge traversal (coming soon) -Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. +## Edge traversal (UI coming soon) +Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. This setting can only be configured via Intune Graph at this time. [Learn more](https://aka.ms/intunefirewalledgetraversal) From 57d788db8fd09445942c9531569f719ccd8f5242 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Oliveira?= Date: Tue, 25 Jun 2019 16:12:33 +0100 Subject: [PATCH 007/395] Update enterprise-mode-schema-version-2-guidance.md Added more details on the release of Windows 10 for which schema v2 applies. allow-redirect flag is only available starting from RS3 (v 1709) --- .../enterprise-mode-schema-version-2-guidance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index 187ba67198..186b96bd2c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -19,11 +19,11 @@ ms.date: 12/04/2017 **Applies to:** -- Windows 10 +- Windows 10 (>= v1709) - Windows 8.1 - Windows 7 -Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. +Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10 (>= v1709), using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app. **Important**
If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md). From b74a68a6420d250082bf2cd1cc478167d7ae80a7 Mon Sep 17 00:00:00 2001 From: skycommand Date: Wed, 26 Jun 2019 11:33:29 +0430 Subject: [PATCH 008/395] Unfurl the list, perform link maintenance From top to bottom, I propose the following changes without prejudice: 1. Converted the heaped mass of links was into an accessible list, compliant with Microsoft Docs guideline. 2. Deleted the second, redundant instance of the link to "Release Notes for MBAM 2.5". 3. Deleted the link to "MDOP TechCenter Page". This page is now deleted. The link redirects to "MDOP Information Experience" to which there is already link in the page. 4. Deleted feedback links (email, Twitter, and Facebook). These channels have been defunct since 2015. 5. Deleted the entire "Got a suggestion for MBAM" section. Both links in it are dead. The UserVoice channel and TechNet subforum have been gone for a long time now. --- mdop/mbam-v25/index.md | 84 ++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 44 deletions(-) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 9e5c96e03d..81d7b89f5e 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -16,61 +16,57 @@ ms.date: 04/19/2017 Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md). -To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). +To obtain MBAM, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) +## Outline -[About MBAM 2.5](about-mbam-25.md)**|**[Release Notes for MBAM 2.5](release-notes-for-mbam-25.md)**|**[About MBAM 2.5 SP1](about-mbam-25-sp1.md)**|**[Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md)**|**[Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md)**|**[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md)**|**[Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md)**|**[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md)**|**[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md)**|**[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md)**|**[Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md)**|**[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md)**|**[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md)**|**[Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md)**|**[MBAM 2.5 Security Considerations](mbam-25-security-considerations.md)**|**[MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md)**|**[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md)**|**[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md)**|**[MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md)**|**[Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md)**|**[Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Administering MBAM 2.5 Features](administering-mbam-25-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md)**|**[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md)**|**[Maintaining MBAM 2.5](maintaining-mbam-25.md)**|**[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Client Event Logs](client-event-logs.md)**|**[Server Event Logs](server-event-logs.md) +- [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) + - [About MBAM 2.5](about-mbam-25.md) + - [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) + - [About MBAM 2.5 SP1](about-mbam-25-sp1.md) + - [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md) + - [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md) + - [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) + - [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) +- [Planning for MBAM 2.5](planning-for-mbam-25.md) + - [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) + - [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) + - [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) + - [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) + - [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md) + - [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) + - [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) + - [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md) + - [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md) + - [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) +- [Deploying MBAM 2.5](deploying-mbam-25.md) + - [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md) + - [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) + - [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) + - [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md) + - [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md) + - [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) +- [Operations for MBAM 2.5](operations-for-mbam-25.md) + - [Administering MBAM 2.5 Features](administering-mbam-25-features.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) + - [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) + - [Maintaining MBAM 2.5](maintaining-mbam-25.md) + - [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) +- [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) +- [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) + - [Client Event Logs](client-event-logs.md) + - [Server Event Logs](server-event-logs.md) ### More Information -- [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) - - View updated product information and known issues for MBAM 2.5. - -- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) - - Learn about the latest MDOP information and resources. - - [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). + Find documentation, videos, and other resources for MDOP technologies. - [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. - + - [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) Guide of how to apply MBAM 2.5 SP1 Server hotfixes - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - From 1ea33cd8c4c6663abc74215f5e83eef5de8a33d1 Mon Sep 17 00:00:00 2001 From: skycommand Date: Wed, 26 Jun 2019 17:23:57 +0430 Subject: [PATCH 009/395] Link maintenance\ --- mdop/mbam-v25/index.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 81d7b89f5e..244e0ae818 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -10,13 +10,11 @@ ms.prod: w10 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 2.5 - Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md). -To obtain MBAM, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). +To obtain MBAM, see [How Do I Get MDOP](index.md#how-to-get-mdop). ## Outline @@ -57,16 +55,16 @@ To obtain MBAM, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId= - [Client Event Logs](client-event-logs.md) - [Server Event Logs](server-event-logs.md) -### More Information +## More Information -- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) +- [MDOP Information Experience](index.md) - Find documentation, videos, and other resources for MDOP technologies. + Find documentation, videos, and other resources for MDOP technologies. -- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) +- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) - Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. + Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. -- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) +- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) - Guide of how to apply MBAM 2.5 SP1 Server hotfixes + Guide of how to apply MBAM 2.5 SP1 Server hotfixes From 6bea2eb3189bf5a38be88cc26b88d3b21c0fc990 Mon Sep 17 00:00:00 2001 From: skycommand Date: Wed, 26 Jun 2019 17:29:21 +0430 Subject: [PATCH 010/395] Unfurl the list, perform link maintenance From top to bottom, I propose the following changes without prejudice: 1. Convert the heaped mass of links into an accessible list, compliant with Microsoft Docs guideline. 2. Delete the second, redundant instance of the link to "Release Notes for MBAM 2.0". 3. Delete the link to "MDOP TechCenter Page". This page is now deleted. The link redirects to "MDOP Information Experience" to which there is already a link in the page. 4. Delete feedback links (email, Twitter, and Facebook). These channels have been defunct since 2015. --- mdop/mbam-v2/index.md | 62 +++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/mdop/mbam-v2/index.md b/mdop/mbam-v2/index.md index 5337db9b65..7f73c171c5 100644 --- a/mdop/mbam-v2/index.md +++ b/mdop/mbam-v2/index.md @@ -10,43 +10,47 @@ ms.prod: w8 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide - Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) +## Outline -[About MBAM 2.0](about-mbam-20-mbam-2.md)**|**[Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md)**|**[About MBAM 2.0 SP1](about-mbam-20-sp1.md)**|**[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md)**|**[Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md)**|**[High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md)**|**[Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) +- [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) + - [About MBAM 2.0](about-mbam-20-mbam-2.md) + - [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) + - [About MBAM 2.0 SP1](about-mbam-20-sp1.md) + - [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md) + - [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md) + - [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md) + - [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) +- [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) + - [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) + - [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) + - [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) + - [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) + - [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) +- [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) + - [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) + - [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) + - [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) + - [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md) + - [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) +- [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) + - [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) + - [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) + - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) + - [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) + - [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) + - [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) +- [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) +## More Information -[Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md)**|**[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md)**|**[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md)**|**[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md)**|**[MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) +- [MDOP Information Experience](index.md) -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md)**|**[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md)**|**[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md)**|**[MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md)**|**[Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md)**|**[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md)**|**[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md)**|**[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md)**|** [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -### More Information - -- [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) - - View updated product information and known issues for MBAM 2.0. - -- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) - - Learn about the latest MDOP information and resources. - -- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - - Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). + Find documentation, videos, and other resources for MDOP technologies.   From 69e37cd6f1ef7879544099001d0c42d98e9fc845 Mon Sep 17 00:00:00 2001 From: skycommand Date: Thu, 27 Jun 2019 14:32:01 +0430 Subject: [PATCH 011/395] Unfurl the list, perform link maintenance From top to bottom, I propose the following changes without prejudice: 1. Convert the heaped mass of links into an accessible list, compliant with Microsoft Docs guideline. 2. Move the link to "Release Notes for MBAM 1.0" into the outline for consistency with the other MBAM admin guides. 3. Delete the link to "MDOP TechCenter Page". This page is now deleted. The link redirects to "MDOP Information Experience" to which there is already a link in the page. 4. Delete feedback links (email, Twitter, and Facebook). These channels have been defunct since 2015. --- mdop/mbam-v1/index.md | 66 ++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/mdop/mbam-v1/index.md b/mdop/mbam-v1/index.md index f7646af27e..4424f1bfa5 100644 --- a/mdop/mbam-v1/index.md +++ b/mdop/mbam-v1/index.md @@ -10,46 +10,36 @@ ms.prod: w8 ms.date: 04/19/2017 --- - # Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide - Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes. -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -[About MBAM 1.0](about-mbam-10.md)**|**[Evaluating MBAM 1.0](evaluating-mbam-10.md)**|**[High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md)**|**[Accessibility for MBAM 1.0](accessibility-for-mbam-10.md)**|**[Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) - -[Planning for MBAM 1.0](planning-for-mbam-10.md) - -[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md)**|**[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)**|**[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md)**|**[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md)**|**[MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) - -[Deploying MBAM 1.0](deploying-mbam-10.md) - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md)**|**[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md)**|**[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md)**|**[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md)**|**[MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md)**|**[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md)**|**[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md)**|**[Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) - -[Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -### More Information - -[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) -View updated product information and known issues for MBAM 1.0. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - +- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) + - [About MBAM 1.0](about-mbam-10.md) + - [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) + - [Evaluating MBAM 1.0](evaluating-mbam-10.md) + - [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md) + - [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md) + - [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) +- [Planning for MBAM 1.0](planning-for-mbam-10.md) + - [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) + - [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) + - [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) + - [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) + - [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) +- [Deploying MBAM 1.0](deploying-mbam-10.md) + - [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) + - [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) + - [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) + - [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) + - [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) +- [Operations for MBAM 1.0](operations-for-mbam-10.md) + - [Administering MBAM 1.0 Features](administering-mbam-10-features.md) + - [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) + - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) + - [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) +- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) +## More Information +- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) + Find documentation, videos, and other resources for MDOP technologies. From c5158881016392ecf9eb060399d86f82659f7b7e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 27 Jun 2019 21:55:49 +0530 Subject: [PATCH 012/395] Just now added corresponding registry key and download link for templates I taken example from windows 10 v1903, i found the corresponding registry keys for hide all notifications and hide non-critical notifications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications] "DisableNotifications"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications] "DisableEnhancedNotifications"=dword:00000001 Also i added the download link for latest administrative templates for Windows 10 v1809. So please add these registry keys and download link as my contribution in this document. Thanking you --- .../wdsc-hide-notifications.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 9ae361f1fd..008876e723 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -56,6 +56,10 @@ This can only be done in Group Policy. > >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. +0. Download the latest Administrative templates for windows 10 v1809 from below Microsoft official site + **https://www.microsoft.com/en-us/download/details.aspx?id=57576** + + 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. @@ -74,6 +78,8 @@ You can hide all notifications that are sourced from the Windows Security app. T This can only be done in Group Policy. >[!IMPORTANT] + + >### Requirements > >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. @@ -86,4 +92,14 @@ This can only be done in Group Policy. 6. Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**. -7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). +7. Corresponding registry key for **Hide all notifications** + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableNotifications"=dword:00000001** + +8. Corresponding registry key for **Hide not-critical notifications** + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableEnhancedNotifications"=dword:00000001** + +9. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). From a2d96c43e065d29a1e49bfd6c36fff16e45bf528 Mon Sep 17 00:00:00 2001 From: illfated Date: Mon, 10 Jun 2019 09:48:26 +0200 Subject: [PATCH 013/395] Windows/Security: update passwordless-strategy.md - Grammar corrections - Simplification of double spacing between sentences - Typo corrections - Removal of trailing spaces Closes #3959 --- .../passwordless-strategy.md | 186 +++++++++--------- 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 284982d26b..8e163285dc 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -14,7 +14,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/20/2018 -ms.reviewer: +ms.reviewer: --- # Password-less Strategy @@ -25,184 +25,184 @@ Over the past few years, Microsoft has continued their commitment to enabling a ### 1. Develop a password replacement offering -Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single-sign on to Azure Active Directory and Active Directory. +Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. -Deploying Windows Hello for Business is the first step towards password-less. With Windows Hello for Business deployed, it coexists with password nicely. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. +Deploying Windows Hello for Business is the first step towards password-less. Windows Hello for Business deployed coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. ### 2. Reduce user-visible password surface area -With Windows Hello for Business and passwords coexisting in your environment, the next step towards password-less is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. +With Windows Hello for Business and passwords coexisting in your environment, the next step towards password-less is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. ### 3. Transition into a password-less deployment -Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: +Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: - the user never types their password - the user never changes their password - the user does not know their password -In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. +In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. ### 4. Eliminate passwords from the identity directory -The final step of the password-less story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly password-less environment. +The final step of the password-less story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly password-less environment. ## Methodology -The four steps to password-less provides a overall view of how Microsoft envisions the road to password-less. But the road to password-less is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of password-less, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish password-less, here is one recommendation based on several years of research, investigation, and customer conversations. +The four steps to password-less provides a overall view of how Microsoft envisions the road to password-less. But the road to password-less is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of password-less, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish password-less, here is one recommendation based on several years of research, investigation, and customer conversations. -### Prepare for the Journey -The road to password-less is a journey. The duration of that journey varies from each organization. It is important for IT decision makers to understand the criteria that influences the length of the journey. +### Prepare for the Journey +The road to password-less is a journey. The duration of that journey varies from each organization. It is important for IT decision makers to understand the criteria that influences the length of the journey. -The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size. One way to break down the size of the organization is: +The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size. One way to break down the size of the organization is: - Number of departments -- Organization or department hierarchy +- Organization or department hierarchy - Number and type of applications and services - Number of work personas - Organization's IT structure -#### Number of departments -The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. +#### Number of departments +The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computer (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. +You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computer (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will you and your staff on the road to password-less. Realistically, many of us lose sight of our organization chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will you and your staff on the road to password-less. Realistically, many of us lose sight of our organization chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. #### Organization or department hierarchy -Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. +Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. #### Number and type of applications and services -The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. +The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. -Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacture and the version. Also, do not forget web-based applications or services when inventorying applications. +Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacture and the version. Also, do not forget web-based applications or services when inventorying applications. #### Number of work personas -Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. +Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. -A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. +A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. -Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. +Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. -Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or that needs a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. +Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or that needs a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. #### Organization's IT structure -IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password-less will likely have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password-less. Ensure there is a password-less stakeholder on each of these teams and that the effort is understood and funded. +IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password-less will likely have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password-less. Ensure there is a password-less stakeholder on each of these teams and that the effort is understood and funded. #### Assess your Organization -You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? +You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? -By now you can see why its a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple-- meaning a solution already exists in the environment and its a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. +By now you can see why its a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple-- meaning a solution already exists in the environment and its a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. -How long does it take to reach password-less? The answer is "it depends". It depends on the organizational alignment of a password-less strategy. Top-down agreement that password-less is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement on password-less as a priority within the ranks of other on-going IT projects helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the password-less effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: +How long does it take to reach password-less? The answer is "it depends". It depends on the organizational alignment of a password-less strategy. Top-down agreement that password-less is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement on password-less as a priority within the ranks of other on-going IT projects helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the password-less effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: - work through the work personas - organize and deploy user acceptance testing - evaluate user acceptance testing results for user-visible password surfaces - work with stakeholders to create solutions that mitigate user-visible password surfaces - add the solution to the project backlog and prioritize against other projects -- deploy solution +- deploy solution - User acceptance testing to confirm the solution mitigates the user-visible password surface - Repeat as needed -Your organization's journey to password-less may take some time to get there. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go password-less today is *n*, then it is likely that to go password-less tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to password-less. +Your organization's journey to password-less may take some time to get there. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go password-less today is *n*, then it is likely that to go password-less tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to password-less. ### Where to start? -What is the best guidance for kicking off the journey to password-less? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your password-less journey. Keeping password-less top of mind and showing consistent progress keeps everyone focused. +What is the best guidance for kicking off the journey to password-less? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your password-less journey. Keeping password-less top of mind and showing consistent progress keeps everyone focused. -#### Work persona -You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the password-less steps. +#### Work persona +You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the password-less steps. > [!IMPORTANT] -> Avoid using any work personas from your IT department. This is probably the worst way to start the password-less journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. +> Avoid using any work personas from your IT department. This is probably the worst way to start the password-less journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. -Review your collection of work personas. Early in your password-less journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. +Review your collection of work personas. Early in your password-less journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. -Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. +Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. -You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your time line. +You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your time line. ## The Process -The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like +The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like -1. Password-less replacement offering (Step 1) - 1. Identify test users that represent the targeted work persona. +1. Password-less replacement offering (Step 1) + 1. Identify test users representing the targeted work persona. 2. Deploy Windows Hello for Business to test users. - 3. Validate password and Windows Hello for Business work. + 3. Validate that passwords and Windows Hello for Business work. 2. Reduce User-visible Password Surface (Step 2) 1. Survey test user workflow for password usage. 2. Identify password usage and plan, develop, and deploy password mitigations. 3. Repeat until all user password usage is mitigated. - 4. Remove password capabilities from the Windows. - 5. Validate **all** workflows do not need passwords. + 4. Remove password capabilities from Windows. + 5. Validate that **none of the workflows** need passwords. 3. Transition into a password-less (Step 3) - 1. Awareness campaign and user education. - 2. Including remaining users that fit the work persona. - 3. Validate **all** users of the work personas do not need passwords. - 4. Configure user accounts to disallow password authentication. + 1. Awareness campaign and user education. + 2. Including remaining users that fit the work persona. + 3. Validate that **none of the users** of the work personas need passwords. + 4. Configure user accounts to disallow password authentication. -After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. +After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. ### Password-less replacement offering (Step 1) -THe first step to password-less is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. +The first step to password-less is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona -A successful transition to password-less heavily relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. +A successful transition to password-less heavily relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. #### Deploy Windows Hello for Business to test users -Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the password-less journey. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learn which deployment is best for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. +Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the password-less journey. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learn which deployment is best for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. -With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. +With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. > [!NOTE] -> There are many different ways to connect a device to Azure. Deployments may vary based on how the device is joined to Azure Active Directory. Review your planning guide and deployment guide to ensure additional infrastructure is not needed for an additional Azure joined devices. +> There are many different ways to connect a device to Azure. Deployments may vary based on how the device is joined to Azure Active Directory. Review your planning guide and deployment guide to ensure additional infrastructure is not needed for an additional Azure joined devices. -#### Validate password and Windows Hello for Business work -In this first step, passwords and Windows Hello for Business must coexist. You want to validate that while your targeted work personas can sign in and unlock using Windows Hello for Business, but they can also sign-in, unlock, and use passwords as needed. Reducing the user-visible password surface too soon can create frustration and confusion with your targeted user personas. +#### Validate that passwords and Windows Hello for Business work +In this first step, passwords and Windows Hello for Business must coexist. You want to validate that while your targeted work personas can sign in and unlock using Windows Hello for Business, but they can also sign-in, unlock, and use passwords as needed. Reducing the user-visible password surface too soon can create frustration and confusion with your targeted user personas. ### Reduce User-visible Password Surface (Step 2) Before you move to step 2, ensure you have: -- selected your targeted work persona. +- selected your targeted work persona. - identified your test users that represented the targeted work persona. - deployed Windows Hello for Business to test users. - validated passwords and Windows Hello for Business both work for the test users. #### Survey test user workflow for password usage -Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as your further your progress through step 2. +Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as your further your progress through step 2. -Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simply task. Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is: +Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simply task. Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is: - What is the name of the application that asked for a password?. - Why do they use the application that asked for a password? (Example: is there more than one application that can do the same thing?). - What part of their workflow makes them use the application? Try to be as specific as possible (I use application x to issue credit card refunds for amounts over y.). - How frequently do you use this application in a given day? week? -- Is the password you type into the application the same as the password you use to sign-in to Windows? +- Is the password you type into the application the same as the password you use to sign-in to Windows? -Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt which could delay the transition to password-less. +Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt which could delay the transition to password-less. #### Identify password usage and plan, develop, and deploy password mitigations -Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. +Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. -Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If its policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. +Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If its policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. -Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they low percentage scenarios. Remember to include scenarios like: +Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they low percentage scenarios. Remember to include scenarios like: - Provisioning a new brand new user without a password. - Users who forget the PIN or other remediation flows when the strong credential is unusable. -Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions-- whichever of the two is easier or quicker. This will certainly vary by organization. +Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions-- whichever of the two is easier or quicker. This will certainly vary by organization. -Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. A overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed either infrastructure or code changes-- the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. +Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. A overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed either infrastructure or code changes-- the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. Mitigating password usage with applications is one or the more challenging obstacle in the journey to password-less. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). -The ideal mitigation for applications that prompt the user for a password is to enable those enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once-- when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. +The ideal mitigation for applications that prompt the user for a password is to enable those enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once-- when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. -Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authenticate. +Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authentication. #### Repeat until all user password usage is mitigated -Some or all of your mitigations are in place. You need to validate your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If your stuck, others might be too. Use the forums from various sources or your network of IT colleague to describe your problem and see how others are solving it. If your out of options, contact Microsoft for assistance. +Some or all of your mitigations are in place. You need to validate your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If your stuck, others might be too. Use the forums from various sources or your network of IT colleague to describe your problem and see how others are solving it. If your out of options, contact Microsoft for assistance. -#### Remove password capabilities from the Windows -You believe you have mitigates all the password usage for the targeted work persona. Now comes the true test-- configure Windows so the user cannot use a password. +#### Remove password capabilities from Windows +You believe you have mitigates all the password usage for the targeted work persona. Now comes the true test-- configure Windows so the user cannot use a password. -Windows provides two ways to prevent your users from using passwords. You can use an interactive logon security policy to only allow Windows Hello for Business sign-in and unlocks, or you can exclude the password credential provider. +Windows provides two ways to prevent your users from using passwords. You can use an interactive logon security policy to only allow Windows Hello for Business sign-in and unlocks, or you can exclude the password credential provider. -##### Security Policy -You can use Group Policy to deploy an interactive logon security policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Windows Settings > Local Policy > Security Options**. The name of the policy setting depends on the version of the operating systems you use to configure Group Policy. +##### Security Policy +You can use Group Policy to deploy an interactive logon security policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Windows Settings > Local Policy > Security Options**. The name of the policy setting depends on the version of the operating systems you use to configure Group Policy. ![securityPolicyLocation](images/passwordless/00-securityPolicy.png) **Windows Server 2016 and earlier** @@ -213,32 +213,32 @@ The policy name for these operating systems is **Interactive logon: Require smar The policy name for these operating systems is **Interactive logon: Require Windows Hello for Business or smart card**. ![securityPolicyRSAT](images/passwordless/00-updatedsecuritypolicytext.png) -When you enables this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. +When you enables this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. #### Excluding the password credential provider -You can use Group Policy to deploy an administrative template policy settings to the computer. This policy settings is found under **Computer Configuration > Policies > Administrative Templates > Logon** +You can use Group Policy to deploy an administrative template policy settings to the computer. This policy settings is found under **Computer Configuration > Policies > Administrative Templates > Logon** ![HideCredProvPolicy](images/passwordless/00-hidecredprov.png) -The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**. +The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**. ![HideCredProvPolicy2](images/passwordless/01-hidecredprov.png) -Excluding the password credential provider hides the password credential provider from Windows and any application that attempts to load it. This prevents the user from entering a password using the credential provider. However, this does not prevent applications from creating their own password collection dialogs and prompting the user for a password using custom dialogs. +Excluding the password credential provider hides the password credential provider from Windows and any application that attempts to load it. This prevents the user from entering a password using the credential provider. However, this does not prevent applications from creating their own password collection dialogs and prompting the user for a password using custom dialogs. -#### Validate all workflows do not need passwords -This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a passwords. Users will be blocked is any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. +#### Validate that none of the workflows need passwords +This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. -### Transition into a password-less deployment (Step 3) -Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated the targeted work-persona is ready to go where the user no longer needs to know or use their password. You are just few steps away from declaring success. +### Transition into a password-less deployment (Step 3) +Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated the targeted work-persona is ready to go where the user no longer needs to know or use their password. You are just few steps away from declaring success. #### Awareness and user education In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. -An awareness campaign is introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide user education, where you can show the users the changes and, if your environment allows, enable the users to try the experience out. +An awareness campaign is introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide user education, where you can show the users the changes and, if your environment allows, enable the users to try the experience out. #### Including remaining users that fit the work persona -You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. +You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. -#### Validate **all** users of the work personas do not need passwords. +#### Validate that none of the users of the work personas need passwords You have successfully transitioned all users for the targeted work persona to password-less. Monitor the users within the work persona to ensure they do not encounter any issues while working in a password-less environment. Track all reported issues. Set priority and severity to each reported issue and have your team triage the issues appropriately. As you triage issues, some things to consider are: @@ -247,24 +247,24 @@ Track all reported issues. Set priority and severity to each reported issue and - Is the outage a result of a misconfiguration? - Is the outage a overlooked gap from step 2? -Each organization's priority and severity will differ however most organizations consider work stoppages fairly significant. Your team should pre-define levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it and less time on process. +Each organization's priority and severity will differ however most organizations consider work stoppages fairly significant. Your team should pre-define levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it and less time on process. -Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating. +Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating. #### Configure user accounts to disallow password authentication. -You transitioned all the users for the targeted work persona to a password-less environment and you have successfully validated all their workflows. The last step to complete the password-less transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. +You transitioned all the users for the targeted work persona to a password-less environment and you have successfully validated all their workflows. The last step to complete the password-less transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. You can change the user's password to random data and prevent domain controllers from allowing users to use passwords for interactive sign-ins using an account configuration on the user object. The account options on a user account includes an option -- **Smart card is required for interactive logon**, also known as (SCRIL). > [!NOTE] -> Do not confuse the Interactive Logon security policy for SCRIL. Security policies are enforced on the client (locally). A user account configured for SCRIL is enforced at the domain controller. +> Do not confuse the Interactive Logon security policy for SCRIL. Security policies are enforced on the client (locally). A user account configured for SCRIL is enforced at the domain controller. ![SCRIL setting on AD Users and Computers](images/passwordless/00-scril-dsa.png) **SCRIL setting for a user on Active Directory Users and Computers.** -When you configure an user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users is effectively password-less because: +When you configure an user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users is effectively password-less because: - the do not know their password. - their password is 128 random bits of data and is likely to include non-typable characters. - the user is not asked to change their password @@ -274,7 +274,7 @@ When you configure an user account for SCRIL, Active Directory changes the affec **SCRIL setting for a user in Active Directory Administrative Center on Windows Server 2012.** > [!NOTE] -> Although a SCRIL user's password never expires in early domains, you can toggle the SCRIL configuration on a user account (clear the check box, save the settings, select the check box and save the settings) to generate a new random 128 bit password. However, you should consider upgrading the domain to Windows Server 2016 domain forest functional level and allow the domain controller to do this for you automatically. +> Although a SCRIL user's password never expires in early domains, you can toggle the SCRIL configuration on a user account (clear the check box, save the settings, select the check box and save the settings) to generate a new random 128 bit password. However, you should consider upgrading the domain to Windows Server 2016 domain forest functional level and allow the domain controller to do this for you automatically. ![SCRIL setting from ADAC on Windows Server 2016](images/passwordless/01-scril-adac-2016.png) **SCRIL setting for a user in Active Directory Administrative Center on Windows Server 2016.** @@ -283,14 +283,14 @@ When you configure an user account for SCRIL, Active Directory changes the affec > Windows Hello for Business was formerly known as Microsoft Passport. ##### Automatic password change for SCRIL configured users -Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for a SCRIL enabled users by configuring the domain to automatically change the password for SCRIL users. +Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for a SCRIL enabled users by configuring the domain to automatically change the password for SCRIL users. -In this configuration, passwords for SCRIL configured users expired based on Active Directory password policy settings. When the SCRIL user authentication from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or experience any authentication outages. +In this configuration, passwords for SCRIL configured users expired based on Active Directory password policy settings. When the SCRIL user authentication from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or experience any authentication outages. ![Rotate Password 2016](images/passwordless/02-rotate-scril-2016.png) > [!NOTE] -> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability with while reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. +> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability with while reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. ## The Road Ahead -The information presented here is just the beginning. We will update this guide with improved tool and methods and scenarios, like Azure AD joined and MDM managed environments, As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). +The information presented here is just the beginning. We will update this guide with improved tool and methods and scenarios, like Azure AD joined and MDM managed environments, As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). From 1c707b838f34e0d7c04a773788170be8e8e33b96 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Mon, 10 Jun 2019 23:45:06 +0200 Subject: [PATCH 014/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md * "password-less" changed to passwordless Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 8e163285dc..18107d412e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -16,7 +16,7 @@ localizationpriority: medium ms.date: 08/20/2018 ms.reviewer: --- -# Password-less Strategy +# Passwordless Strategy ## Four steps to Password-less From a8898d572f56ca6e8c7311e43a9da1215e91821d Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 10 Jun 2019 23:54:02 +0200 Subject: [PATCH 015/395] Update passwordless-strategy.md - "Password-less" in the heading replaced with 'password freedom' - "Password-less" in the image comment contracted to 'passwordless' --- .../hello-for-business/passwordless-strategy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 18107d412e..d4a553671e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -18,10 +18,10 @@ ms.reviewer: --- # Passwordless Strategy -## Four steps to Password-less +## Four steps to password freedom Over the past few years, Microsoft has continued their commitment to enabling a world without passwords. At Microsoft Ignite 2017, we shared our four-step approach to password-less. -![Password-less approach](images/four-steps-passwordless.png) +![Passwordless approach](images/four-steps-passwordless.png) ### 1. Develop a password replacement offering From 0648ea96971ef6998db3fa86e2837360dc5f3bf7 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:39:38 +0200 Subject: [PATCH 016/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - correction in line 63 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index d4a553671e..225c7f44e9 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -60,7 +60,7 @@ The most intuitive answer is the size of the organization, and that would be cor #### Number of departments The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computer (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. +You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will you and your staff on the road to password-less. Realistically, many of us lose sight of our organization chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. From 1f38acc0c83b939bf3773564a1ffaadfae66218f Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:41:27 +0200 Subject: [PATCH 017/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - correction in line 65 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 225c7f44e9..cdbda1bf4d 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -62,7 +62,7 @@ The number of departments within an organization varies. Most organizations have You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will you and your staff on the road to password-less. Realistically, many of us lose sight of our organization chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the road to password-less. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. #### Organization or department hierarchy Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. From 5800d73a93ec51e4d748b841a4e9b686d0d6b237 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:42:42 +0200 Subject: [PATCH 018/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - correction in line 73 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index cdbda1bf4d..362b41a5a6 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -70,7 +70,7 @@ Organization and department hierarchy is the management layers within the depart #### Number and type of applications and services The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. -Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacture and the version. Also, do not forget web-based applications or services when inventorying applications. +Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. #### Number of work personas Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. From e4afb2da405da663f44c918d3200f7ef6df1676b Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:43:30 +0200 Subject: [PATCH 019/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - punctuation in line 78 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 362b41a5a6..c20390c1a3 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -75,7 +75,7 @@ Capturing the number of applications used is easier once you have the department #### Number of work personas Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. -A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. +A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. From 948118e668aefc62adfcd4a681050c5374f05f29 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:46:21 +0200 Subject: [PATCH 020/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - punctuation in line 90 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index c20390c1a3..ef7f71019c 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -87,7 +87,7 @@ IT department structures can vary more than the organization. Some IT department #### Assess your Organization You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? -By now you can see why its a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple-- meaning a solution already exists in the environment and its a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. +By now you can see why it's a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple - meaning a solution already exists in the environment and it's a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. How long does it take to reach password-less? The answer is "it depends". It depends on the organizational alignment of a password-less strategy. Top-down agreement that password-less is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement on password-less as a priority within the ranks of other on-going IT projects helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the password-less effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: - work through the work personas From 4ca65d872c67ff16b2f871e9aaddcb56c68ff548 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:47:15 +0200 Subject: [PATCH 021/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections in line 117 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index ef7f71019c..96ea10e3dd 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -114,7 +114,7 @@ Review your collection of work personas. Early in your password-less journey, id Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. -You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your time line. +You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always a good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your timeline. ## The Process From b8cc24c5007b7aff32843c54a4ecdc50af860b67 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:49:15 +0200 Subject: [PATCH 022/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - added " this:" to the end of line 121 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 96ea10e3dd..6cb845ddbf 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -118,7 +118,7 @@ You will want to balance testing in a lab with providing results to management q ## The Process -The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like +The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: 1. Password-less replacement offering (Step 1) 1. Identify test users representing the targeted work persona. From 1dc0a0dccb4823419cecf488b27ece40a143e65b Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:49:50 +0200 Subject: [PATCH 023/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction in line 135 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 6cb845ddbf..3d638a913e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -132,7 +132,7 @@ The journey to password-less is to take each work persona through each password- 5. Validate that **none of the workflows** need passwords. 3. Transition into a password-less (Step 3) 1. Awareness campaign and user education. - 2. Including remaining users that fit the work persona. + 2. Include remaining users that fit the work persona. 3. Validate that **none of the users** of the work personas need passwords. 4. Configure user accounts to disallow password authentication. From dc69ad9566ac53f2179655e14aff8dec4580b018 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:50:45 +0200 Subject: [PATCH 024/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction in line 182 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 3d638a913e..e796bf83fe 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -179,7 +179,7 @@ Your test users have provided you valuable information that describes the how, w Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If its policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. -Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they low percentage scenarios. Remember to include scenarios like: +Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they are low percentage scenarios. Remember to include scenarios like: - Provisioning a new brand new user without a password. - Users who forget the PIN or other remediation flows when the strong credential is unusable. From fd9c68a97a4838772486582a2981c1bc2d30be5c Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:51:48 +0200 Subject: [PATCH 025/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - punctuation adjustment in line 186 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index e796bf83fe..e9b21afa27 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -183,7 +183,7 @@ Keep in mind your test users will not uncover all scenarios. Some scenarios you - Provisioning a new brand new user without a password. - Users who forget the PIN or other remediation flows when the strong credential is unusable. -Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions-- whichever of the two is easier or quicker. This will certainly vary by organization. +Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions - whichever of the two is easier or quicker. This will certainly vary by organization. Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. A overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed either infrastructure or code changes-- the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. From a9d059d811477b0d9b940462deedbe504e5f7591 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:54:25 +0200 Subject: [PATCH 026/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction ("A" to An) in line 188 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index e9b21afa27..514bbbca61 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -185,7 +185,7 @@ Keep in mind your test users will not uncover all scenarios. Some scenarios you Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions - whichever of the two is easier or quicker. This will certainly vary by organization. -Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. A overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed either infrastructure or code changes-- the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. +Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. An overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed, either infrastructure or code changes, the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. Mitigating password usage with applications is one or the more challenging obstacle in the journey to password-less. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). From c0b9fce31e03d5548dac97f2f614c8b7c7426e07 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:57:06 +0200 Subject: [PATCH 027/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - word duplication removal + punctuation adjustment in line 192 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 514bbbca61..2b811f0b73 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -189,7 +189,7 @@ Start mitigating password usages based on the workflows of your targeted persona Mitigating password usage with applications is one or the more challenging obstacle in the journey to password-less. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). -The ideal mitigation for applications that prompt the user for a password is to enable those enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once-- when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. +The ideal mitigation for applications that prompt the user for a password is to enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authentication. From 5829b2c3a321c1500aac00eeea4e6d2c8d2e097d Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:58:53 +0200 Subject: [PATCH 028/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections in line 197 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 2b811f0b73..570bd01ddf 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -194,7 +194,7 @@ The ideal mitigation for applications that prompt the user for a password is to Each scenario on your master list should now have a problem statement, an investigation as to why the password was used, and a mitigation plan on how to make the password usage go away. Armed with this data, one-by-one, close the gaps on user-visible passwords. Change policies and procedures as needed, make infrastructure changes where possible. Convert in-house applications to use federated identities or Windows integrated authentication. Work with third-party software vendors to update their software to support federated identities or Windows integrated authentication. #### Repeat until all user password usage is mitigated -Some or all of your mitigations are in place. You need to validate your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If your stuck, others might be too. Use the forums from various sources or your network of IT colleague to describe your problem and see how others are solving it. If your out of options, contact Microsoft for assistance. +Some or all of your mitigations are in place. You need to validate that your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all of the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If you are stuck, others might be too. Use the forums from various sources or your network of IT colleagues to describe your problem and see how others are solving it. If you are out of options, contact Microsoft for assistance. #### Remove password capabilities from Windows You believe you have mitigates all the password usage for the targeted work persona. Now comes the true test-- configure Windows so the user cannot use a password. From c45befa44f1b3cfdfc653aa2b9706da224e1a1b1 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 07:59:45 +0200 Subject: [PATCH 029/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar + punctuation correction in line 200 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 570bd01ddf..66e43a918d 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -197,7 +197,7 @@ Each scenario on your master list should now have a problem statement, an invest Some or all of your mitigations are in place. You need to validate that your solutions have solved their problem statements. This is where you rely on your test users. You want to keep a good portion of your first test users, but this is a good opportunity to replace a few or add a few. Survey test users workflow for password usage. If all goes well, you have closed most or all of the gaps. A few are likely to remain. Evaluate your solutions and what went wrong, change your solution as needed until you reach a solution that removes your user's need to type a password. If you are stuck, others might be too. Use the forums from various sources or your network of IT colleagues to describe your problem and see how others are solving it. If you are out of options, contact Microsoft for assistance. #### Remove password capabilities from Windows -You believe you have mitigates all the password usage for the targeted work persona. Now comes the true test-- configure Windows so the user cannot use a password. +You believe you have mitigated all the password usage for the targeted work persona. Now comes the true test - configure Windows so the user cannot use a password. Windows provides two ways to prevent your users from using passwords. You can use an interactive logon security policy to only allow Windows Hello for Business sign-in and unlocks, or you can exclude the password credential provider. From d8e11458716d26aa40e2877aa699324144319dd8 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 08:00:32 +0200 Subject: [PATCH 030/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar/typo correction in line 216 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 66e43a918d..a637f3fdfe 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -213,7 +213,7 @@ The policy name for these operating systems is **Interactive logon: Require smar The policy name for these operating systems is **Interactive logon: Require Windows Hello for Business or smart card**. ![securityPolicyRSAT](images/passwordless/00-updatedsecuritypolicytext.png) -When you enables this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. +When you enable this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. #### Excluding the password credential provider You can use Group Policy to deploy an administrative template policy settings to the computer. This policy settings is found under **Computer Configuration > Policies > Administrative Templates > Logon** From aaf6de66b46715a4e687cbcc7f412db745ef61a7 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 08:01:41 +0200 Subject: [PATCH 031/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar + punctuation correction in line 231 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index a637f3fdfe..59affc9a4a 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -228,7 +228,7 @@ Excluding the password credential provider hides the password credential provide This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. ### Transition into a password-less deployment (Step 3) -Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated the targeted work-persona is ready to go where the user no longer needs to know or use their password. You are just few steps away from declaring success. +Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. From 3fdde5fc4fd48d50b025528894b4387bfbeb8bf2 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 08:02:35 +0200 Subject: [PATCH 032/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections in line 236 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 59affc9a4a..9c3e8f09bf 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -233,7 +233,7 @@ Congratulations! You are ready to transition one or more portions of your organ #### Awareness and user education In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. -An awareness campaign is introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide user education, where you can show the users the changes and, if your environment allows, enable the users to try the experience out. +An awareness campaign introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide with user education, where you can show the users the changes and, if your environment allows, enable the users to try out the experience. #### Including remaining users that fit the work persona You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. From 08bfea5bb27cb32aa394aa97a63b4d699e8d3b60 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 08:03:33 +0200 Subject: [PATCH 033/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction in line 241 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 9c3e8f09bf..08ca0c4975 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -238,7 +238,7 @@ An awareness campaign introduces the users to the new way of authenticating to t #### Including remaining users that fit the work persona You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. -#### Validate that none of the users of the work personas need passwords +#### Validate that none of the users of the work personas needs passwords You have successfully transitioned all users for the targeted work persona to password-less. Monitor the users within the work persona to ensure they do not encounter any issues while working in a password-less environment. Track all reported issues. Set priority and severity to each reported issue and have your team triage the issues appropriately. As you triage issues, some things to consider are: From 68b0467247d61ca9350c0c14df12539aed9591ee Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:28:37 +0200 Subject: [PATCH 034/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - add missing word at the end of line 252 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 08ca0c4975..611d453547 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -249,7 +249,7 @@ Track all reported issues. Set priority and severity to each reported issue and Each organization's priority and severity will differ however most organizations consider work stoppages fairly significant. Your team should pre-define levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it and less time on process. -Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating. +Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. #### Configure user accounts to disallow password authentication. You transitioned all the users for the targeted work persona to a password-less environment and you have successfully validated all their workflows. The last step to complete the password-less transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. From f353e7f771d8d81fe5626f678b8b9289b3c5ffad Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:32:43 +0200 Subject: [PATCH 035/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - 2 grammar corrections in line 267 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 611d453547..b5c133806d 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -264,7 +264,7 @@ The account options on a user account includes an option -- **Smart card is requ ![SCRIL setting on AD Users and Computers](images/passwordless/00-scril-dsa.png) **SCRIL setting for a user on Active Directory Users and Computers.** -When you configure an user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users is effectively password-less because: +When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively password-less because: - the do not know their password. - their password is 128 random bits of data and is likely to include non-typable characters. - the user is not asked to change their password From ff48adfa44ddb5e0a27bcdad3ae9f6dad9d40f76 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:33:32 +0200 Subject: [PATCH 036/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - single grammar correction in line 286 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index b5c133806d..48e6d384ca 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -283,7 +283,7 @@ When you configure a user account for SCRIL, Active Directory changes the affect > Windows Hello for Business was formerly known as Microsoft Passport. ##### Automatic password change for SCRIL configured users -Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for a SCRIL enabled users by configuring the domain to automatically change the password for SCRIL users. +Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for SCRIL-enabled users by configuring the domain to automatically change the password for SCRIL users. In this configuration, passwords for SCRIL configured users expired based on Active Directory password policy settings. When the SCRIL user authentication from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or experience any authentication outages. ![Rotate Password 2016](images/passwordless/02-rotate-scril-2016.png) From 2e04972a9e2f55cbffea39932eafbcce9f8a40c2 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:36:24 +0200 Subject: [PATCH 037/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - various grammar corrections in line 288 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 48e6d384ca..390311c324 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -285,7 +285,7 @@ When you configure a user account for SCRIL, Active Directory changes the affect ##### Automatic password change for SCRIL configured users Domains configured for Windows Server 2016 domain functional level can further secure the unknown password for SCRIL-enabled users by configuring the domain to automatically change the password for SCRIL users. -In this configuration, passwords for SCRIL configured users expired based on Active Directory password policy settings. When the SCRIL user authentication from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or experience any authentication outages. +In this configuration, passwords for SCRIL-configured users expire based on Active Directory password policy settings. When the SCRIL user authenticates from a domain controller, the domain controller recognizes the password has expired, and automatically generates a new random 128 bit password for the user as part of the authentication. What is great about this feature is your users do not experience any change password notifications or any authentication outages. ![Rotate Password 2016](images/passwordless/02-rotate-scril-2016.png) > [!NOTE] From 111505ef9eed1ee775e38315d1588cdf8de2e915 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:37:56 +0200 Subject: [PATCH 038/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - structural grammar correction in line 292 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 390311c324..2769cfa228 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -289,7 +289,7 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti ![Rotate Password 2016](images/passwordless/02-rotate-scril-2016.png) > [!NOTE] -> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability with while reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. +> Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability by reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. ## The Road Ahead The information presented here is just the beginning. We will update this guide with improved tool and methods and scenarios, like Azure AD joined and MDM managed environments, As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). From 16bcc67eaaa69d280f8eae501f864731253e6b97 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:53:13 +0200 Subject: [PATCH 039/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - well needed punctuation corrections in line 295 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 2769cfa228..561a121ec9 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -292,5 +292,5 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti > Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability by reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. ## The Road Ahead -The information presented here is just the beginning. We will update this guide with improved tool and methods and scenarios, like Azure AD joined and MDM managed environments, As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). +The information presented here is just the beginning. We will update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). From 0e2b598e45276438b2c19d612254145e664deef6 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 11 Jun 2019 19:58:35 +0200 Subject: [PATCH 040/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - combine corrections from JohanFreelancer9 with my own --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 561a121ec9..acd249a15e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -247,7 +247,7 @@ Track all reported issues. Set priority and severity to each reported issue and - Is the outage a result of a misconfiguration? - Is the outage a overlooked gap from step 2? -Each organization's priority and severity will differ however most organizations consider work stoppages fairly significant. Your team should pre-define levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it and less time on process. +Each organization's priority and severity will differ. However, most organizations consider work stoppages to be fairly significant. Your team should predefine levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority, and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it, and less time on the process. Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. From d450d0d28cfbd43142a30050fa61e4b066b66ff4 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:40:24 +0200 Subject: [PATCH 041/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction in line 30 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index acd249a15e..b01918cfd7 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -27,7 +27,7 @@ Over the past few years, Microsoft has continued their commitment to enabling a ### 1. Develop a password replacement offering Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. -Deploying Windows Hello for Business is the first step towards password-less. Windows Hello for Business deployed coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. +Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. ### 2. Reduce user-visible password surface area With Windows Hello for Business and passwords coexisting in your environment, the next step towards password-less is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. From 26135c92257299aecd6e980209ca9470e0c0a931 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:42:22 +0200 Subject: [PATCH 042/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - readability simplification in line 33 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index b01918cfd7..9940c4bdd0 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -30,7 +30,7 @@ Before you move away from passwords, you need something to replace them. With Wi Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. ### 2. Reduce user-visible password surface area -With Windows Hello for Business and passwords coexisting in your environment, the next step towards password-less is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. +With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. ### 3. Transition into a password-less deployment Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: From 819b07f6fd4d63e1eab326ab69a210f0881669d6 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:43:34 +0200 Subject: [PATCH 043/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - heading format corrections in line 35 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 9940c4bdd0..e86cef3768 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -32,7 +32,7 @@ Deploying Windows Hello for Business is the first step towards a passwordless en ### 2. Reduce user-visible password surface area With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. -### 3. Transition into a password-less deployment +### 3. Transition into a passwordless deployment Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: - the user never types their password - the user never changes their password From d0ae5347d59217147703d3e82739262037c68bf3 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:44:41 +0200 Subject: [PATCH 044/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => passwordless in line 36 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index e86cef3768..1a4a88c244 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -33,7 +33,7 @@ Deploying Windows Hello for Business is the first step towards a passwordless en With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. ### 3. Transition into a passwordless deployment -Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a password-less world. A world where: +Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where: - the user never types their password - the user never changes their password - the user does not know their password From db8b536a211dcf3e0214a5fc17d8a91e7957a777 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:45:30 +0200 Subject: [PATCH 045/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - 2x "password-less" => passwordless in line 44 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 1a4a88c244..ba18f2dbc4 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -41,7 +41,7 @@ Once the user-visible password surface has been eliminated, your organization ca In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. ### 4. Eliminate passwords from the identity directory -The final step of the password-less story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly password-less environment. +The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment. ## Methodology The four steps to password-less provides a overall view of how Microsoft envisions the road to password-less. But the road to password-less is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of password-less, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish password-less, here is one recommendation based on several years of research, investigation, and customer conversations. From 9cb6ebdba87f334dbec0f4d96692404f43fe4627 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:47:00 +0200 Subject: [PATCH 046/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - readability improvement in line 47 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index ba18f2dbc4..b3968d3355 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -44,7 +44,7 @@ In this world, the user signs in to Windows 10 using Windows Hello for Business The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment. ## Methodology -The four steps to password-less provides a overall view of how Microsoft envisions the road to password-less. But the road to password-less is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of password-less, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish password-less, here is one recommendation based on several years of research, investigation, and customer conversations. +Four steps to password freedom provides an overall view of how Microsoft envisions the road to eliminating passwords. But this road is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of achieving a passwordless environment, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish freedom from passwords, here is one recommendation based on several years of research, investigation, and customer conversations. ### Prepare for the Journey The road to password-less is a journey. The duration of that journey varies from each organization. It is important for IT decision makers to understand the criteria that influences the length of the journey. From 1aa853886bb9a08cd7c42d2a914b6cbb0036f961 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:48:12 +0200 Subject: [PATCH 047/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections in line 50 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index b3968d3355..96e7c243dd 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -47,7 +47,7 @@ The final step of the passwordless story is where passwords simply do not exist. Four steps to password freedom provides an overall view of how Microsoft envisions the road to eliminating passwords. But this road is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of achieving a passwordless environment, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish freedom from passwords, here is one recommendation based on several years of research, investigation, and customer conversations. ### Prepare for the Journey -The road to password-less is a journey. The duration of that journey varies from each organization. It is important for IT decision makers to understand the criteria that influences the length of the journey. +The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria that influence the length of the journey. The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size. One way to break down the size of the organization is: - Number of departments From a45d3197b600d6431e01d12d40c3114e01a4d41e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:48:44 +0200 Subject: [PATCH 048/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - punctuation correction in line 52 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 96e7c243dd..35744f5215 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -49,7 +49,7 @@ Four steps to password freedom provides an overall view of how Microsoft envisio ### Prepare for the Journey The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria that influence the length of the journey. -The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size. One way to break down the size of the organization is: +The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is: - Number of departments - Organization or department hierarchy - Number and type of applications and services From 31af310df1fe8c474ef35183e49acfc87a698055 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:50:23 +0200 Subject: [PATCH 049/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - readability improvement (simplification) at the end of line 63 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 35744f5215..a4fd3640a5 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -60,7 +60,7 @@ The most intuitive answer is the size of the organization, and that would be cor #### Number of departments The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable for password-less. +You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable. Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the road to password-less. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. From d7ecdc25ac1ef2da9658d323f2482db3cfff12fe Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:52:38 +0200 Subject: [PATCH 050/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar correction in line 65 (might need removal of 1 space) Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index a4fd3640a5..b293c1e2a6 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -62,7 +62,7 @@ The number of departments within an organization varies. Most organizations have You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the road to password-less. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-less, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your password-less strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. From ee11f61f7fdd6b453df7d621ad237fd2dd774a16 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:56:43 +0200 Subject: [PATCH 051/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 68 (also should be updated later with "differently from" instead of "differently than") Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index b293c1e2a6..75f91de16e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -65,7 +65,7 @@ You need to know all the departments within your organization and you need to kn Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy -Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct password-less strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those use cases are likely different than how an individual contributor in the customer service department uses their device. +Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. From 01ff56b01a8ee17041d3f8c2b9a0e488a3d19d8f Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:57:40 +0200 Subject: [PATCH 052/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 71 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 75f91de16e..36b3b6d7d1 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -68,7 +68,7 @@ Your count of the departments must be thorough and accurate, as well as knowing Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services -The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your password-less assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. +The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. From ed1abd1ade8c801b2448b9cf0b301ba62745d37e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 19:59:26 +0200 Subject: [PATCH 053/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections in line 78 (might need to add one or two commas here later) Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 36b3b6d7d1..aad6e3c128 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -75,7 +75,7 @@ Capturing the number of applications used is easier once you have the department #### Number of work personas Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. -A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high possibility and probability that you will have many work personas. These work personas will become units of work an you will refer to them in documentation and in meetings. You need to give them a name. +A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high probability that you will have many work personas. These work personas will become units of work and you will refer to them in documentation and in meetings. You need to give them a name. Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. From cacf39a5875955711635c30fe53a3c6defe45123 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:00:46 +0200 Subject: [PATCH 054/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - semantic improvement in line 82 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index aad6e3c128..8851e977ab 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -79,7 +79,7 @@ A work persona classifies a category of user, title or role (individual contribu Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. -Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or that needs a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. +Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. #### Organization's IT structure IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password-less will likely have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password-less. Ensure there is a password-less stakeholder on each of these teams and that the effort is understood and funded. From 6edb7070e14d9bf4ba011095274c990f9c31e40d Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:02:42 +0200 Subject: [PATCH 055/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - multiple corrections of "password-less" => 'passwordless' also with a couple of words added in line 85 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 8851e977ab..f1ef213674 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -82,7 +82,7 @@ Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. #### Organization's IT structure -IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password-less will likely have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password-less. Ensure there is a password-less stakeholder on each of these teams and that the effort is understood and funded. +IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to being passwordless will probably have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to being passwordless. Ensure there is a passwordless stakeholder on each of these teams, and that the effort is understood and funded. #### Assess your Organization You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? From b94a3f8b78e0e79f650f999f70c85d4de1ecbc9e Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:07:18 +0200 Subject: [PATCH 056/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - multiple corrections of "password-less" ('passwordless' or improving the semantics by replacing the words) Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index f1ef213674..09569176b9 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -89,7 +89,7 @@ You have a ton of information. You have created your work personas, you identifi By now you can see why it's a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple - meaning a solution already exists in the environment and it's a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. -How long does it take to reach password-less? The answer is "it depends". It depends on the organizational alignment of a password-less strategy. Top-down agreement that password-less is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement on password-less as a priority within the ranks of other on-going IT projects helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the password-less effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: +How long does it take to become passwordless? The answer is "it depends". It depends on the organizational alignment of a passwordless strategy. Top-down agreement that a passwordless environment is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement, as a priority within the ranks of other on-going IT projects, helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the passwordless effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: - work through the work personas - organize and deploy user acceptance testing - evaluate user acceptance testing results for user-visible password surfaces From 59ae4bc850eda787123077d799b72c43d014b866 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:09:44 +0200 Subject: [PATCH 057/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections and punctuation improvements in line 102 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 09569176b9..f583d3c80a 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -99,7 +99,7 @@ How long does it take to become passwordless? The answer is "it depends". It de - User acceptance testing to confirm the solution mitigates the user-visible password surface - Repeat as needed -Your organization's journey to password-less may take some time to get there. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go password-less today is *n*, then it is likely that to go password-less tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to password-less. +Your organization's journey to being passwordless may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. ### Where to start? What is the best guidance for kicking off the journey to password-less? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your password-less journey. Keeping password-less top of mind and showing consistent progress keeps everyone focused. From c1ba62b192f3532adb62ba331c3abf6b9ce44e7d Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:10:48 +0200 Subject: [PATCH 058/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar corrections and semantic improvements in line 105 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index f583d3c80a..a26a2124ae 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -102,7 +102,7 @@ How long does it take to become passwordless? The answer is "it depends". It de Your organization's journey to being passwordless may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. ### Where to start? -What is the best guidance for kicking off the journey to password-less? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your password-less journey. Keeping password-less top of mind and showing consistent progress keeps everyone focused. +What is the best guidance for kicking off the passwordless journey? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your passwordless journey. Keeping your passwordless strategy top of mind and showing consistent progress keeps everyone focused. #### Work persona You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the password-less steps. From c0b74942ad5c66909391efb1c26eeb6d65c70b3f Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:11:56 +0200 Subject: [PATCH 059/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 108 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index a26a2124ae..5ba7909b91 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -105,7 +105,7 @@ Your organization's journey to being passwordless may take some time. Counting t What is the best guidance for kicking off the passwordless journey? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your passwordless journey. Keeping your passwordless strategy top of mind and showing consistent progress keeps everyone focused. #### Work persona -You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the password-less steps. +You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the passwordless steps. > [!IMPORTANT] > Avoid using any work personas from your IT department. This is probably the worst way to start the password-less journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. From 7d2401d85709361c7969f7a812053dc2c5142eac Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:12:32 +0200 Subject: [PATCH 060/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 111 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 5ba7909b91..891f2b248e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -108,7 +108,7 @@ What is the best guidance for kicking off the passwordless journey? You will wa You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the passwordless steps. > [!IMPORTANT] -> Avoid using any work personas from your IT department. This is probably the worst way to start the password-less journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. +> Avoid using any work personas from your IT department. This is probably the worst way to start the passwordless journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. Review your collection of work personas. Early in your password-less journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. From 1ca09e1e7f018514859e0f0d4b05ccf1f1a64f39 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:13:03 +0200 Subject: [PATCH 061/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 113 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 891f2b248e..b8714f89a9 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -110,7 +110,7 @@ You begin with your work personas. These were part of your preparation process. > [!IMPORTANT] > Avoid using any work personas from your IT department. This is probably the worst way to start the passwordless journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. -Review your collection of work personas. Early in your password-less journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. +Review your collection of work personas. Early in your passwordless journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. From ddf3841e76a79b3d974053e1b3b411b3e0cb1551 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:14:29 +0200 Subject: [PATCH 062/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'a password-free strategy' in line 115 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index b8714f89a9..1c34b1ee92 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -112,7 +112,7 @@ You begin with your work personas. These were part of your preparation process. Review your collection of work personas. Early in your passwordless journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. -Most organizations host their proof of concept in a test lab or environment. To do that with password-less may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. +Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always a good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your timeline. From fc6fc54c72c94b30aee236476ea6783df1f933b0 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:15:49 +0200 Subject: [PATCH 063/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - 2 "password-less" corrections + 1 word added in line 121 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 1c34b1ee92..89d029e35e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -118,7 +118,7 @@ You will want to balance testing in a lab with providing results to management q ## The Process -The journey to password-less is to take each work persona through each password-less step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: +The journey to being passwordless is to take each work persona through each passwordless step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: 1. Password-less replacement offering (Step 1) 1. Identify test users representing the targeted work persona. From 3c550a7a38f4ef050a9e3dc6da8c4b11e8712862 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:17:34 +0200 Subject: [PATCH 064/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "Password-less" => 'Passwordless' in line 123 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 89d029e35e..2a0047ddc2 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -120,7 +120,7 @@ You will want to balance testing in a lab with providing results to management q The journey to being passwordless is to take each work persona through each passwordless step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: -1. Password-less replacement offering (Step 1) +1. Passwordless replacement offering (Step 1) 1. Identify test users representing the targeted work persona. 2. Deploy Windows Hello for Business to test users. 3. Validate that passwords and Windows Hello for Business work. From 62577a1488f95b4a6af09de77de7f614fa8edc31 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:18:21 +0200 Subject: [PATCH 065/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "Password-less" => 'Passwordless' in line 141 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 2a0047ddc2..01b6573b1f 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -138,7 +138,7 @@ The journey to being passwordless is to take each work persona through each pass After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. -### Password-less replacement offering (Step 1) +### Passwordless replacement offering (Step 1) The first step to password-less is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona From 5cfdf4dcdf5df8e1f5a75b3fd632353774803412 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:19:18 +0200 Subject: [PATCH 066/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'password freedom' in line 142 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 01b6573b1f..90a8521d72 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -139,7 +139,7 @@ The journey to being passwordless is to take each work persona through each pass After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. ### Passwordless replacement offering (Step 1) -The first step to password-less is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. +The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona A successful transition to password-less heavily relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. From 598c9e3e44ef1112f4529de48b84bb93d71ac918 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:20:25 +0200 Subject: [PATCH 067/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - readability improvement (removal of "password-less") in line 145 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 90a8521d72..63192115fe 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -142,7 +142,7 @@ After successfully moving a work persona to password-less, you can prioritize th The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona -A successful transition to password-less heavily relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. +A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. #### Deploy Windows Hello for Business to test users Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the password-less journey. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learn which deployment is best for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. From 196c4ff45b6ee6bb7f8833a142698c2e5691dd72 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:21:24 +0200 Subject: [PATCH 068/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - semantic improvement (including "password-less" => 'passwordless') in line 190 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 63192115fe..c0184a9f9b 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -187,7 +187,7 @@ Next, review your master list of scenarios. You can start with the workflows tha Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. An overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed, either infrastructure or code changes, the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. -Mitigating password usage with applications is one or the more challenging obstacle in the journey to password-less. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). +Mitigating password usage with applications is one or the more challenging obstacle in the passwordless journey. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). The ideal mitigation for applications that prompt the user for a password is to enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. From aad240c225f5a1098e25a0738fac7ec38c421104 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:22:21 +0200 Subject: [PATCH 069/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 230 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index c0184a9f9b..e2a52e5fd2 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -227,7 +227,7 @@ Excluding the password credential provider hides the password credential provide #### Validate that none of the workflows need passwords This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. -### Transition into a password-less deployment (Step 3) +### Transition into a passwordless deployment (Step 3) Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education From 2c64492583099129f7eed6c11359cc9e1922b594 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:23:07 +0200 Subject: [PATCH 070/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 231 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index e2a52e5fd2..007105df76 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -228,7 +228,7 @@ Excluding the password credential provider hides the password credential provide This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. ### Transition into a passwordless deployment (Step 3) -Congratulations! You are ready to transition one or more portions of your organization to a password-less deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. +Congratulations! You are ready to transition one or more portions of your organization to a passwordless deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. From d911333b88d04ccb185424e2337c8565629bf3fe Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:23:57 +0200 Subject: [PATCH 071/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - 2x "password-less" => 'passwordless' in line 255 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 007105df76..36ab994644 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -252,7 +252,7 @@ Each organization's priority and severity will differ. However, most organizatio Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. #### Configure user accounts to disallow password authentication. -You transitioned all the users for the targeted work persona to a password-less environment and you have successfully validated all their workflows. The last step to complete the password-less transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. +You transitioned all the users for the targeted work persona to a passwordless environment and you have successfully validated all their workflows. The last step to complete the passwordless transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. You can change the user's password to random data and prevent domain controllers from allowing users to use passwords for interactive sign-ins using an account configuration on the user object. From 93da7499512b6275b9949ae06d246e88ebb378c6 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:24:55 +0200 Subject: [PATCH 072/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => 'passwordless' in line 267 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 36ab994644..2023b4d469 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -264,7 +264,7 @@ The account options on a user account includes an option -- **Smart card is requ ![SCRIL setting on AD Users and Computers](images/passwordless/00-scril-dsa.png) **SCRIL setting for a user on Active Directory Users and Computers.** -When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively password-less because: +When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account do not allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level do not expire. The users are effectively passwordless because: - the do not know their password. - their password is 128 random bits of data and is likely to include non-typable characters. - the user is not asked to change their password From 49f41cefb13cae9d927c57bd0a0b242bf6a9c70c Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 12 Jun 2019 20:26:11 +0200 Subject: [PATCH 073/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "password-less" => "a passwordless future" in line 295 Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 2023b4d469..10e2239dcb 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -292,5 +292,5 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti > Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability by reducing the usage surface while Microsoft continues to close the gaps to remove the password completely. ## The Road Ahead -The information presented here is just the beginning. We will update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in password-less, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). +The information presented here is just the beginning. We will update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a passwordless future, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback). From 4ac7ebed1c557f9f88c6239ce8c2ff23e5e1eeab Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 20:34:45 +0200 Subject: [PATCH 074/395] Update hello-for-business/passwordless-strategy.md - "password-less" => 'password freedom' in line 23 (to keep it in tune with the preceding headline) --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 10e2239dcb..34b853b30b 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -20,7 +20,7 @@ ms.reviewer: ## Four steps to password freedom -Over the past few years, Microsoft has continued their commitment to enabling a world without passwords. At Microsoft Ignite 2017, we shared our four-step approach to password-less. +Over the past few years, Microsoft has continued their commitment to enabling a world without passwords. At Microsoft Ignite 2017, we shared our four-step approach to password freedom. ![Passwordless approach](images/four-steps-passwordless.png) From f2706af5217d547d26f1e967f63719efea9f712c Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 20:51:35 +0200 Subject: [PATCH 075/395] Update hello-for-business/passwordless-strategy.md Further corrections in line 65: - reduced a double space to single space from previous changes - "organizations" => organization (our own organization is singular in the reader's perspective) --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 34b853b30b..c9bb8cdad0 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -62,7 +62,7 @@ The number of departments within an organization varies. Most organizations have You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organizations goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. From 40d4c5e8d4916e0597f1e1eaf1041d4918b9cfb7 Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 21:06:40 +0200 Subject: [PATCH 076/395] Update hello-for-business/passwordless-strategy.md Correction in line 68: - "differently than" => 'differently compared to' Correct use cases are usually "different than" or "different from", but "differently" needs more details in the comparison. --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index c9bb8cdad0..c59aefdb5a 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -65,7 +65,7 @@ You need to know all the departments within your organization and you need to kn Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy -Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently than a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. +Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently compared to a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. From 44507a5280204180300b48c2709e38b7952d9faf Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 21:09:46 +0200 Subject: [PATCH 077/395] Update hello-for-business/passwordless-strategy.md Correction in line 78: 1 comma added to maintain structural semantics. --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index c59aefdb5a..8927498ca0 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -75,7 +75,7 @@ Capturing the number of applications used is easier once you have the department #### Number of work personas Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. -A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high probability that you will have many work personas. These work personas will become units of work and you will refer to them in documentation and in meetings. You need to give them a name. +A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high probability that you will have many work personas. These work personas will become units of work, and you will refer to them in documentation and in meetings. You need to give them a name. Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. From b2336814df149421626b6e98a59608779aa7fc5d Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 22:53:30 +0200 Subject: [PATCH 078/395] Update hello-for-business/passwordless-strategy.md Add some changes in the lines 98-100 to make each bullet point work as a complete sentence starting with "Those resources will [...]" --- .../hello-for-business/passwordless-strategy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 8927498ca0..a87e88a60f 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -95,9 +95,9 @@ How long does it take to become passwordless? The answer is "it depends". It de - evaluate user acceptance testing results for user-visible password surfaces - work with stakeholders to create solutions that mitigate user-visible password surfaces - add the solution to the project backlog and prioritize against other projects -- deploy solution -- User acceptance testing to confirm the solution mitigates the user-visible password surface -- Repeat as needed +- deploy the solution +- perform user acceptance testing to confirm that the solution mitigates the user-visible password surface +- repeat the testing as needed Your organization's journey to being passwordless may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. From 968acf48e98fd243d91c3c6c7ed308620fc36b9a Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 23:01:16 +0200 Subject: [PATCH 079/395] Update hello-for-business/passwordless-strategy.md Change in line 33: "the user knows they have a password" replaced with "the users know they have a password" to match the plural 'users' referenced elsewhere. --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index a87e88a60f..6b375fe6dc 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -30,7 +30,7 @@ Before you move away from passwords, you need something to replace them. With Wi Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. ### 2. Reduce user-visible password surface area -With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the user knows they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. +With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the users know they have a password, but they never use it. This state helps decondition users from providing a password any time a password prompt shows on their computer. This is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm. ### 3. Transition into a passwordless deployment Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where: From 1098a4cd9e67bdf035e1524545e5e220f91736ec Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 23:07:35 +0200 Subject: [PATCH 080/395] Update hello-for-business/passwordless-strategy.md Changes in the lines 37-39: user => users (along with the verbs corrected to plural) to match the plural 'users' referenced elsewhere. --- .../hello-for-business/passwordless-strategy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 6b375fe6dc..f872f56909 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -34,9 +34,9 @@ With Windows Hello for Business and passwords coexisting in your environment, th ### 3. Transition into a passwordless deployment Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where: - - the user never types their password - - the user never changes their password - - the user does not know their password + - the users never type their password + - the users never change their password + - the users do not know their password In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. From 310179b7b35c256d93d6c143ba7d9e51b58c7d0d Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 12 Jun 2019 23:56:44 +0200 Subject: [PATCH 081/395] Update hello-for-business/passwordless-strategy.md Multiple scattered changes, including: - "password-less" => passwordless - both in titles and sentences (should resolve all remaining occurrences of "password-less") - semantics improvements - punctuation adjustments (mainly comma placements) - singular/plural corrections based on general reference - added some missing structural words --- .../passwordless-strategy.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index f872f56909..7426c2c6dc 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -1,5 +1,5 @@ --- -title: Password-less Strategy +title: Passwordless Strategy description: Reducing Password Usage Surface keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 @@ -60,7 +60,7 @@ The most intuitive answer is the size of the organization, and that would be cor #### Number of departments The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed it is not applicable. +You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed that it is not applicable. Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. @@ -68,7 +68,7 @@ Your count of the departments must be thorough and accurate, as well as knowing Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently compared to a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services -The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical item in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedure and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. +The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical items in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedures and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. @@ -114,7 +114,7 @@ Review your collection of work personas. Early in your passwordless journey, ide Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. -You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your password-less journey is always a good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your timeline. +You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your journey to being passwordless is always a good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your timeline. ## The Process @@ -130,13 +130,13 @@ The journey to being passwordless is to take each work persona through each pass 3. Repeat until all user password usage is mitigated. 4. Remove password capabilities from Windows. 5. Validate that **none of the workflows** need passwords. -3. Transition into a password-less (Step 3) +3. Transition into a passwordless scenario (Step 3) 1. Awareness campaign and user education. - 2. Include remaining users that fit the work persona. + 2. Include remaining users who fit the work persona. 3. Validate that **none of the users** of the work personas need passwords. 4. Configure user accounts to disallow password authentication. -After successfully moving a work persona to password-less, you can prioritize the remaining work personas, and repeat the process. +After successfully moving a work persona to being passwordless, you can prioritize the remaining work personas, and repeat the process. ### Passwordless replacement offering (Step 1) The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. @@ -145,9 +145,9 @@ The first step to password freedom is providing an alternative to passwords. Win A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. #### Deploy Windows Hello for Business to test users -Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the password-less journey. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learn which deployment is best for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. +Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the journey to becoming passwordless. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learning which deployment is best suited for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. -With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. +With the Windows Hello for Business infrastructure in place, you can limit Windows Hello for Business enrollments to the targeted work personas. The great news is that you will only need to deploy the infrastructure once. When other targeted work personas need to provision Windows Hello for Business, you can simply add them to a group. You will use the first work persona to validate your Windows Hello for Business deployment. > [!NOTE] > There are many different ways to connect a device to Azure. Deployments may vary based on how the device is joined to Azure Active Directory. Review your planning guide and deployment guide to ensure additional infrastructure is not needed for an additional Azure joined devices. @@ -172,7 +172,7 @@ Test users create the workflows associated with the targeted work persona. Their - How frequently do you use this application in a given day? week? - Is the password you type into the application the same as the password you use to sign-in to Windows? -Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt which could delay the transition to password-less. +Some organizations will empower their users to write this information while some may insist on having a member of the IT department shadow them. An objective viewer may notice a password prompt that the user overlooks simply because of muscle memory. As previously mentioned, this information is critical. You could miss one password prompt that could delay the transition to being passwordless. #### Identify password usage and plan, develop, and deploy password mitigations Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. @@ -231,15 +231,15 @@ This is the big moment. You have identified password usage, developed solutions Congratulations! You are ready to transition one or more portions of your organization to a passwordless deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education -In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password-less. Before you do this, you want to invest in an awareness campaign. +In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of being passwordless. Before you do this, you want to invest in an awareness campaign. An awareness campaign introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide with user education, where you can show the users the changes and, if your environment allows, enable the users to try out the experience. #### Including remaining users that fit the work persona -You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to password-less. Add the remaining users that match the targeted work persona to your deployment. +You have implemented the awareness campaign for the targeted users. These users are informed and ready to transition to being passwordless. Add the remaining users that match the targeted work persona to your deployment. #### Validate that none of the users of the work personas needs passwords -You have successfully transitioned all users for the targeted work persona to password-less. Monitor the users within the work persona to ensure they do not encounter any issues while working in a password-less environment. +You have successfully transitioned all users for the targeted work persona to being passwordless. Monitor the users within the work persona to ensure they do not encounter any issues while working in a passwordless environment. Track all reported issues. Set priority and severity to each reported issue and have your team triage the issues appropriately. As you triage issues, some things to consider are: - Is the reporting user performing a task outside the work persona? @@ -249,7 +249,7 @@ Track all reported issues. Set priority and severity to each reported issue and Each organization's priority and severity will differ. However, most organizations consider work stoppages to be fairly significant. Your team should predefine levels of priority and severity. With each of these levels, create service level agreements (SLAs) for each combination of severity and priority, and hold everyone accountable to those agreements. Reactive planning enables people to spend more time on the issue and resolving it, and less time on the process. -Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal but, do not let this slow your password-less momentum. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. +Resolve the issues per your service level agreements. Higher severity items may require returning some or all of the user's password surface. Clearly this is not the end goal, but do not let this slow down your momentum towards becoming passwordless. Refer to how you reduced the user's password surface in step 2 and progress forward to a solution, deploying that solution and validating it. #### Configure user accounts to disallow password authentication. You transitioned all the users for the targeted work persona to a passwordless environment and you have successfully validated all their workflows. The last step to complete the passwordless transition is to remove the user's knowledge of the password and prevent the authenticating authority from accepting passwords. From f8d8da725333c8abef7c62545d2c27a6e5603f9a Mon Sep 17 00:00:00 2001 From: illfated Date: Thu, 13 Jun 2019 00:58:18 +0200 Subject: [PATCH 082/395] Update hello-for-business/passwordless-strategy.md Another round of multiple scattered changes. Multiple occurrences of 'passwordless' replaced with "password freedom", specifically where "the journey to password freedom" fits better. --- .../passwordless-strategy.md | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 7426c2c6dc..d448e47f84 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -44,12 +44,12 @@ In this world, the user signs in to Windows 10 using Windows Hello for Business The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment. ## Methodology -Four steps to password freedom provides an overall view of how Microsoft envisions the road to eliminating passwords. But this road is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of achieving a passwordless environment, but can easily become overwhelmed in any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish freedom from passwords, here is one recommendation based on several years of research, investigation, and customer conversations. +Four steps to password freedom provides an overall view of how Microsoft envisions the road to eliminating passwords. But this road is frequently traveled and derailed by many. The scope of work is vast and filled with many challenges and frustrations. Nearly everyone wants the instant gratification of achieving a passwordless environment, but can easily become overwhelmed by any of the steps. You are not alone and Microsoft understands. While there are many ways to accomplish freedom from passwords, here is one recommendation based on several years of research, investigation, and customer conversations. ### Prepare for the Journey -The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria that influence the length of the journey. +The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria influencing the length of that journey. -The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is: +The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is by creating a summary of the - Number of departments - Organization or department hierarchy - Number and type of applications and services @@ -58,38 +58,38 @@ The most intuitive answer is the size of the organization, and that would be cor - Organization's IT structure #### Number of departments -The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. +The number of departments within an organization varies. Most organizations have a common set of departments such as executive leadership, human resources, accounting, sales, and marketing. Other organizations will have those departments and additional ones such research and development or support. Small organizations may not segment their departments this explicitly, while larger ones may. Additionally, there may be sub-departments, and sub-departments of those sub-departments as well. -You need to know all the departments within your organization and you need to know which departments use computers and which do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed that it is not applicable. +You need to know all the departments within your organization and you need to know which departments use computers and which ones do not. It is fine if a department does not use computers (probably rare, but acceptable). This is one less department with which you need to concern yourself. Nevertheless, ensure this department is in your list and you have assessed that it is not applicable. -Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the passwordless road. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. +Your count of the departments must be thorough and accurate, as well as knowing the stakeholders for those departments that will put you and your staff on the road to password freedom. Realistically, many of us lose sight of our organizational chart and how it grows or shrinks over time. This is why you need to inventory all of them. Also, do not forget to include external departments such as vendors or federated partners. If your organization goes password-free, but your partners continue to use passwords and then access your corporate resources, you should know about it and include them in your passwordless strategy. #### Organization or department hierarchy -Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used most likely differ between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently compared to a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. +Organization and department hierarchy is the management layers within the departments or the organization as a whole. How the device is used, what applications and how they are used, most likely differs between each department, but also within the structure of the department. To determine the correct passwordless strategy, you need to know these differences across your organization. An executive leader is likely to use their device differently compared to a member of middle management in the sales department. Both of those user cases are probably different to how an individual contributor in the customer service department uses their device. #### Number and type of applications and services The number of applications within an organization is simply astonishing and rarely is there one centralized list that is accurate. Applications and services are the most critical items in your passwordless assessment. Applications and services take considerable effort to move to a different type of authentication. That is not to say changing policies and procedures is not a daunting task, but there is something to be said of updating a company's set of standard operating procedures and security policies compared to changing 100 lines (or more) of authentication code in the critical path of your internally developed CRM application. -Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the later, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. +Capturing the number of applications used is easier once you have the departments, their hierarchy, and their stakeholders. In this approach, you should have an organized list of departments and the hierarchy in each. You can now associate the applications that are used by all levels within each department. You'll also want to document whether the application is internally developed or commercially available off-the-shelf (COTS). If the latter, document the manufacturer and the version. Also, do not forget web-based applications or services when inventorying applications. #### Number of work personas Work personas is where the three previous efforts converge. You know the departments, the organizational levels within each department, the numbers of applications used by each, respectively, and the type of application. From this you want to create a work persona. A work persona classifies a category of user, title or role (individual contributor, manager, middle manager, etc.), within a specific department to a collection of applications used. There is a high probability that you will have many work personas. These work personas will become units of work, and you will refer to them in documentation and in meetings. You need to give them a name. -Give your personas easy and intuitive name like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. +Give your personas easy and intuitive names like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments, then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. #### Organization's IT structure -IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to being passwordless will probably have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to being passwordless. Ensure there is a passwordless stakeholder on each of these teams, and that the effort is understood and funded. +IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password freedom will probably have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password freedom. Ensure there is a passwordless stakeholder on each of these teams, and that the effort is understood and funded. #### Assess your Organization -You have a ton of information. You have created your work personas, you identified your stakeholders throughout the different IT groups. Now what? +You have a ton of information. You have created your work personas, you have identified your stakeholders throughout the different IT groups. Now what? -By now you can see why it's a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple - meaning a solution already exists in the environment and it's a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project that must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. +By now you can see why it is a journey and not a weekend project. You need to investigate user-visible password surfaces for each of your work personas. Once you have identified the password surfaces, you need to mitigate them. Resolving some password surfaces are simple - meaning a solution already exists in the environment and it is only a matter of moving users to it. Resolution to some passwords surfaces may exist, but are not deployed in your environment. That resolution results in a project which must be planned, tested, and then deployed. That is likely to span multiple IT departments with multiple people, and potentially one or more distributed systems. Those types of projects take time and need dedicated cycles. This same sentiment is true with in-house software development. Even with agile development methodologies, changing the way someone authenticates to an application is critical. Without the proper planning and testing, it has the potential to severely impact productivity. -How long does it take to become passwordless? The answer is "it depends". It depends on the organizational alignment of a passwordless strategy. Top-down agreement that a passwordless environment is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement, as a priority within the ranks of other on-going IT projects, helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the passwordless effort. The organization allocates resources based on the priority (after they agreed on the strategy). Those resources will: +How long does it take to become passwordless? The answer is "it depends". It depends on the organizational alignment of a passwordless strategy. Top-down agreement that a passwordless environment is the organization's goal makes conversations much easier. Easier conversations means less time spent convincing people and more time spent moving forward toward the goal. Top-down agreement, as a priority within the ranks of other on-going IT projects, helps everyone understand how to prioritize existing projects. Agreeing on priorities should reduce and minimize manager and executive level escalations. After these organizational discussions, modern project management techniques are used to continue the passwordless effort. The organization allocates resources based on the priority (after they have agreed on the strategy). Those resources will: - work through the work personas - organize and deploy user acceptance testing - evaluate user acceptance testing results for user-visible password surfaces @@ -99,26 +99,26 @@ How long does it take to become passwordless? The answer is "it depends". It de - perform user acceptance testing to confirm that the solution mitigates the user-visible password surface - repeat the testing as needed -Your organization's journey to being passwordless may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. +Your organization's journey to password freedom may take some time. Counting the number of work personas and the number of applications is probably a good indicator of the investment. Hopefully, your organization is growing, which means that the list of personas and the list of applications is unlikely to shrink. If the work to go passwordless today is *n*, then it is likely that to go passwordless tomorrow is *n x 2* or perhaps more, *n x n*. Do not let the size or duration of the project be a distraction. As you progress through each work persona, the actions and tasks will become more familiar for you and your stakeholders. Scope the project to sizable, realistic phases, pick the correct work personas, and soon you will see parts of your organization transition to a passwordless state. ### Where to start? -What is the best guidance for kicking off the passwordless journey? You will want to show you management a proof of concept as soon as possible. Ideally, you want to show this at each step of your passwordless journey. Keeping your passwordless strategy top of mind and showing consistent progress keeps everyone focused. +What is the best guidance for kicking off the journey to password freedom? You will want to show your management a proof of concept as soon as possible. Ideally, you want to show this at each step of your passwordless journey. Keeping your passwordless strategy top of mind and showing consistent progress keeps everyone focused. #### Work persona -You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications that Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the passwordless steps. +You begin with your work personas. These were part of your preparation process. They have a persona name, such as Abby Accounting II, or any other naming convention your organization defined. That work persona includes a list of all the applications Abby uses to perform her assigned duties in the accounting department. To start, you need to pick a work persona. This is the targeted work persona you will enable to climb the steps to password freedom. > [!IMPORTANT] > Avoid using any work personas from your IT department. This is probably the worst way to start the passwordless journey. IT roles are very difficult and time consuming. IT workers typically have multiple credentials, run a multitude of scripts and custom applications, and are the worst offenders of password usage. It is better to save these work personas for the middle or end of your journey. -Review your collection of work personas. Early in your passwordless journey, identify personas that have the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. +Review your collection of work personas. Early in your passwordless journey, identify personas with the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. -Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could be a few days or several weeks depending on the complexity of targeted work persona. +Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could take a few days or several weeks, depending on the complexity of targeted work persona. -You will want to balance testing in a lab with providing results to management quickly. Continuing to show forward progress on your journey to being passwordless is always a good thing. If there are ways you can test in production with low or now risk, that may be advantageous to your timeline. +You will want to balance lab testing with providing results to management quickly. Continuing to show forward progress on your journey to password freedom is always a good thing. If there are ways you can test in production with low or no risk, it may be advantageous to your timeline. ## The Process -The journey to being passwordless is to take each work persona through each passwordless step. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: +The journey to password freedom is to take each work persona through each step of the process. In the beginning, we encourage working with one persona at a time to ensure team members and stakeholders are familiar with the process. Once comfortable with the process, you can cover as many work personas in parallel as resources allow. The process looks something like this: 1. Passwordless replacement offering (Step 1) 1. Identify test users representing the targeted work persona. @@ -136,13 +136,13 @@ The journey to being passwordless is to take each work persona through each pass 3. Validate that **none of the users** of the work personas need passwords. 4. Configure user accounts to disallow password authentication. -After successfully moving a work persona to being passwordless, you can prioritize the remaining work personas, and repeat the process. +After successfully moving a work persona to password freedom, you can prioritize the remaining work personas and repeat the process. ### Passwordless replacement offering (Step 1) The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona -A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or to accurately validate them. You need to enlist the help of users that fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. +A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or how to accurately validate them. You need to enlist the help of users who fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. #### Deploy Windows Hello for Business to test users Next, you will want to plan your Windows Hello for Business deployment. Your test users will need an alternative way to sign-in during step 2 of the journey to becoming passwordless. Use the [Windows Hello for Business Planning Guide](hello-planning-guide.md) to help learning which deployment is best suited for your environment. Next, use the [Windows Hello for Business deployment guides](hello-deployment-guide.md) to deploy Windows Hello for Business. @@ -158,14 +158,14 @@ In this first step, passwords and Windows Hello for Business must coexist. You w ### Reduce User-visible Password Surface (Step 2) Before you move to step 2, ensure you have: - selected your targeted work persona. -- identified your test users that represented the targeted work persona. +- identified your test users who represent the targeted work persona. - deployed Windows Hello for Business to test users. - validated passwords and Windows Hello for Business both work for the test users. #### Survey test user workflow for password usage Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as your further your progress through step 2. -Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simply task. Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is: +Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simple task: Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is to ask yourself the following set of questions: - What is the name of the application that asked for a password?. - Why do they use the application that asked for a password? (Example: is there more than one application that can do the same thing?). - What part of their workflow makes them use the application? Try to be as specific as possible (I use application x to issue credit card refunds for amounts over y.). @@ -231,7 +231,7 @@ This is the big moment. You have identified password usage, developed solutions Congratulations! You are ready to transition one or more portions of your organization to a passwordless deployment. You have validated that the targeted work persona is ready to go where the user no longer needs to know or use their password. You are just a few steps away from declaring success. #### Awareness and user education -In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of being passwordless. Before you do this, you want to invest in an awareness campaign. +In this last step, you are going to include the remaining users that fit the targeted work persona to the wonderful world of password freedom. Before you do this, you want to invest in an awareness campaign. An awareness campaign introduces the users to the new way of authenticating to their device, such as using Windows Hello for Business. The idea of the campaign is to positively promote the change to the users in advance. Explain the value and why your company is changing. The campaign should provide dates and encourage questions and feedback. This campaign can coincide with user education, where you can show the users the changes and, if your environment allows, enable the users to try out the experience. From e109dd02a04562e5b10f4da6311c0b4421e1f378 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:23:46 +0200 Subject: [PATCH 083/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - single semantic addition ("the") in line 115 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index d448e47f84..903207c8a6 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -112,7 +112,7 @@ You begin with your work personas. These were part of your preparation process. Review your collection of work personas. Early in your passwordless journey, identify personas with the fewest applications. These work personas could represent an entire department or two. These are the perfect work personas for your proof-of-concept or pilot. -Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could take a few days or several weeks, depending on the complexity of targeted work persona. +Most organizations host their proof of concept in a test lab or environment. To do that with a password-free strategy may be more challenging and take more time. To test in a lab, you must first duplicate the environment of the targeted persona. This could take a few days or several weeks, depending on the complexity of the targeted work persona. You will want to balance lab testing with providing results to management quickly. Continuing to show forward progress on your journey to password freedom is always a good thing. If there are ways you can test in production with low or no risk, it may be advantageous to your timeline. From 428824d490176d67ffa6835a5fb0a27fb42e3e00 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:24:42 +0200 Subject: [PATCH 084/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "your => you" typo correction in line 166 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 903207c8a6..aa86612a39 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -163,7 +163,7 @@ Before you move to step 2, ensure you have: - validated passwords and Windows Hello for Business both work for the test users. #### Survey test user workflow for password usage -Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as your further your progress through step 2. +Now is the time to learn more about the targeted work persona. You have a list of applications they use, but you do not know what, why, when, and how frequently. This information is important as you further your progress through step 2. Test users create the workflows associated with the targeted work persona. Their initial goal is to do one simple task: Document password usage. This list is not a comprehensive one, but it gives you an idea of the type of information you want. The general idea is to learn about all the scenarios in which that work persona encounters a password. A good approach is to ask yourself the following set of questions: - What is the name of the application that asked for a password?. From 399dde0af66b31c438cae7bf01197087a4de6de1 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:25:25 +0200 Subject: [PATCH 085/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "its => it is" correction in line 180 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index aa86612a39..522e711308 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -177,7 +177,7 @@ Some organizations will empower their users to write this information while some #### Identify password usage and plan, develop, and deploy password mitigations Your test users have provided you valuable information that describes the how, what, why and when they use a password. It is now time for your team to identify each of these password use cases and understand why the user must use a password. -Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If its policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. +Create a master list of the scenarios. Each scenario should have a clear problem statement. Name the scenario with a one-sentence summary of the problem statement. Include in the scenario the results of your team's investigation as to why the user is prompted by a password. Include relevant, but accurate details. If it is policy or procedure driven, then include the name and section of the policy that dictates why the workflow uses a password. Keep in mind your test users will not uncover all scenarios. Some scenarios you will need to force on your users because they are low percentage scenarios. Remember to include scenarios like: - Provisioning a new brand new user without a password. From cba2d309655b6562e7cd0fa565e72149a90599cd Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:25:59 +0200 Subject: [PATCH 086/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - punctuation (comma) correction in line 186 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 522e711308..d8550c51dd 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -183,7 +183,7 @@ Keep in mind your test users will not uncover all scenarios. Some scenarios you - Provisioning a new brand new user without a password. - Users who forget the PIN or other remediation flows when the strong credential is unusable. -Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy or, you can begin with workflows that need technical solutions - whichever of the two is easier or quicker. This will certainly vary by organization. +Next, review your master list of scenarios. You can start with the workflows that are dictated by process or policy, or you can begin with workflows that need technical solutions - whichever of the two is easier or quicker. This will certainly vary by organization. Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. An overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed, either infrastructure or code changes, the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. From 621092136c770a03f790fe60f286e13192397b35 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:27:05 +0200 Subject: [PATCH 087/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - grammar & typo correction in line 190 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index d8550c51dd..1448ed5051 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -187,7 +187,7 @@ Next, review your master list of scenarios. You can start with the workflows tha Start mitigating password usages based on the workflows of your targeted personas. Document the mitigation as a solution to your scenario. Don't worry about the implementation details for the solution. An overview of the changes needed to reduce the password usages is all you need. If there are technical changes needed, either infrastructure or code changes, the exact details will likely be included in the project documentation. However your organization tracks projects, create a new project in that system. Associate your scenario to that project and start the processes needed to get that project funded. -Mitigating password usage with applications is one or the more challenging obstacle in the passwordless journey. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). +Mitigating password usage with applications is one of the more challenging obstacles in the passwordless journey. If your organization develops the application, then you are in better shape the common-off-the-shelf software (COTS). The ideal mitigation for applications that prompt the user for a password is to enable those applications to use an existing authenticated identity, such as Azure Active Directory or Active Directory. Work with the applications vendors to have them add support for Azure identities. For on-premises applications, have the application use Windows integrated authentication. The goal for your users should be a seamless single sign-on experience where each user authenticates once when they sign-in to Windows. Use this same strategy for applications that store their own identities in their own databases. From 053573452deae36adaf5d466aed84068377c3cef Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:28:04 +0200 Subject: [PATCH 088/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - singular/plural correction (setting) in line 219 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 1448ed5051..1b6ed949d7 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -216,7 +216,7 @@ The policy name for these operating systems is **Interactive logon: Require Wind When you enable this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. #### Excluding the password credential provider -You can use Group Policy to deploy an administrative template policy settings to the computer. This policy settings is found under **Computer Configuration > Policies > Administrative Templates > Logon** +You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > Logon** ![HideCredProvPolicy](images/passwordless/00-hidecredprov.png) The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**. From a7d08cc1bc3166ec67d772b78a702235d6d5c744 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:33:09 +0200 Subject: [PATCH 089/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - "none" taking singular verb -- line 227 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 1b6ed949d7..480d0d5c10 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -224,7 +224,7 @@ The name of the policy setting is **Exclude credential providers**. The value to Excluding the password credential provider hides the password credential provider from Windows and any application that attempts to load it. This prevents the user from entering a password using the credential provider. However, this does not prevent applications from creating their own password collection dialogs and prompting the user for a password using custom dialogs. -#### Validate that none of the workflows need passwords +#### Validate that none of the workflows needs passwords This is the big moment. You have identified password usage, developed solutions to mitigate password usage, and have removed or disabled password usage from Windows. In this configuration, your users will not be able to use a password. Users will be blocked if any of their workflows ask them for a password. Ideally, your test users should be able to complete all the work flows of the targeted work persona without any password usage. Do not forget those low percentage work flows, such as provisioning a new user or a user that forgot their PIN or cannot use their strong credential. Ensure those scenarios are validated as well. ### Transition into a passwordless deployment (Step 3) From 9768384a4c9fc43c3d8dee88527b310074a17129 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 13 Jun 2019 18:34:09 +0200 Subject: [PATCH 090/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - addition of colon before a following list -- line 52 Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 480d0d5c10..c4eaab4612 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -49,7 +49,7 @@ Four steps to password freedom provides an overall view of how Microsoft envisio ### Prepare for the Journey The road to being passwordless is a journey. The duration of that journey varies for each organization. It is important for IT decision-makers to understand the criteria influencing the length of that journey. -The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is by creating a summary of the +The most intuitive answer is the size of the organization, and that would be correct. However, what exactly determines size? One way to break down the size of the organization is by creating a summary of the: - Number of departments - Organization or department hierarchy - Number and type of applications and services From 0aaad1aaf624370d867380cbe8cb3ea317132cee Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 2 Jul 2019 23:48:54 +0200 Subject: [PATCH 091/395] Update windows/security/identity-protection/hello-for-business/passwordless-strategy.md - remove 2 commas and substitute the last one with "and". --- .../hello-for-business/passwordless-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index c4eaab4612..dad7dbf3f8 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -79,7 +79,7 @@ A work persona classifies a category of user, title or role (individual contribu Give your personas easy and intuitive names like Abby Accounting, Mark Marketing, or Sue Sales. If the organization levels are common across departments, then decide on a first name that represents the common levels in a department. For example, Abby could be the first name of an individual contributor in any given department, while the first name Sue could represent someone from middle management in any given department. Additionally, you can use suffixes such as (I, II, Senior, etc.) to further define departmental structure for a given persona. -Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person, who is in that department, who uses that specific software. +Ultimately, create a naming convention that does not require your stakeholders and partners to read through a long list of tables or a secret decoder ring. Also, if possible, try to keep the references as names of people. After all, you are talking about a person who is in that department and who uses that specific software. #### Organization's IT structure IT department structures can vary more than the organization. Some IT departments are centralized while others are decentralized. Also, the road to password freedom will probably have you interacting with the client authentication team, the deployment team, the security team, the PKI team, the Active Directory team, the cloud team, and the list continues. Most of these teams will be your partner on your journey to password freedom. Ensure there is a passwordless stakeholder on each of these teams, and that the effort is understood and funded. From a1cfdd776d2ba81e4bbba32079c30f5b859f37fd Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Thu, 4 Jul 2019 11:38:05 +0200 Subject: [PATCH 092/395] Update waas-overview.md Added additional link. --- windows/deployment/update/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 787af15764..e1523a2e7f 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -145,7 +145,7 @@ Specialized systems—such as PCs that control medical equipment, point-of-sale Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. >[!NOTE] ->Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). +>Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products) and [Windows Processor Requirements.](https://docs.microsoft.com/windows-hardware/design/minimum/windows-processor-requirements) The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading. From 5f59ccc20acedca416f9af20ecfcce9cd7d41428 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Sun, 7 Jul 2019 13:26:09 +0200 Subject: [PATCH 093/395] Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/update/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index e1523a2e7f..0b135a319f 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -145,7 +145,7 @@ Specialized systems—such as PCs that control medical equipment, point-of-sale Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. >[!NOTE] ->Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products) and [Windows Processor Requirements.](https://docs.microsoft.com/windows-hardware/design/minimum/windows-processor-requirements) +>Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products) and [Windows Processor Requirements](https://docs.microsoft.com/windows-hardware/design/minimum/windows-processor-requirements). The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading. From 8ac9ffb2ca15db5e67cedfbd7e2abbf0acdae760 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Sun, 7 Jul 2019 18:56:44 +0200 Subject: [PATCH 094/395] Update set-up-mdt-for-bitlocker.md Edits for clarity, adds note format, resolves https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4266 --- .../deploy-windows-mdt/set-up-mdt-for-bitlocker.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index f61b25241d..e0b049b416 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -136,12 +136,14 @@ cscript.exe SetConfig.vbs SecurityChip Active ``` ## Configure the Windows 10 task sequence to enable BitLocker -When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions: +When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). + +We added these five actions to the task sequence: - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false. - **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf. - **Note**   - It is common for organizations wrapping these tools in scripts to get additional logging and error handling. - + + > [!NOTE] + > It is common for organizations wrapping these tools in scripts to get additional logging and error handling. - **Restart computer.** Self-explanatory, reboots the computer. - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time. - **Enable BitLocker.** Runs the built-in action to activate BitLocker. From 88960816c21441b15ad48bc2a67e8d43124047ed Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Sun, 7 Jul 2019 19:43:46 +0200 Subject: [PATCH 095/395] Update windows/deployment/update/waas-overview.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/update/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 0b135a319f..07acf89db8 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -145,7 +145,7 @@ Specialized systems—such as PCs that control medical equipment, point-of-sale Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. >[!NOTE] ->Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products) and [Windows Processor Requirements](https://docs.microsoft.com/windows-hardware/design/minimum/windows-processor-requirements). +>Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information about Windows support for the latest processor and chipsets, see [Windows Processor Requirements](https://docs.microsoft.com/windows-hardware/design/minimum/windows-processor-requirements). The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading. From 69713821d072e07ab97c8347ec877effc64fd70e Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Sun, 7 Jul 2019 23:40:38 +0200 Subject: [PATCH 096/395] Update set-up-mdt-for-bitlocker.md Note clarified --- .../deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index e0b049b416..2d6089ad5e 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -143,7 +143,7 @@ We added these five actions to the task sequence: - **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf. > [!NOTE] - > It is common for organizations wrapping these tools in scripts to get additional logging and error handling. + > It is common for organizations to wrap these tools in scripts to get additional logging and error handling. - **Restart computer.** Self-explanatory, reboots the computer. - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time. - **Enable BitLocker.** Runs the built-in action to activate BitLocker. From 240578799f5e72ade5587d58df31d8a2dd177a50 Mon Sep 17 00:00:00 2001 From: TokyoScarab Date: Tue, 9 Jul 2019 11:38:41 -0400 Subject: [PATCH 097/395] Acronym Expansion For Clearer Translation https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4270 --- .../update/waas-delivery-optimization-reference.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 415928e9ba..652a143a93 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -106,7 +106,7 @@ Download mode dictates which download sources clients are allowed to use when do | --- | --- | | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. | | LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then attempts to connect to other peers on the same network by using their private subnet IP.| -| Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. | +| Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and Active Directory Domain Services sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. | | Internet (3) | Enable Internet peer sources for Delivery Optimization. | | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. | |Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using SCCM. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. | @@ -116,7 +116,7 @@ Download mode dictates which download sources clients are allowed to use when do ### Group ID -By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. +By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. [//]: # (SCCM Boundary Group option; GroupID Source policy) @@ -128,7 +128,7 @@ By default, peer sharing on clients using the group download mode is limited to ### Select the source of Group IDs Starting in Windows 10, version 1803, set this policy to restrict peer selection to a specific source. The options are: - 0 = not set -- 1 = AD Site +- 1 = Authenticated Domain Site - 2 = Authenticated domain SID - 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID) - 4 = DNS Suffix From 37683cf7aea19fd50433d8f48cf376e211645e7b Mon Sep 17 00:00:00 2001 From: TokyoScarab Date: Tue, 9 Jul 2019 12:06:53 -0400 Subject: [PATCH 098/395] Adding Note Of Recent Changes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4085 --- .../hello-for-business/hello-key-trust-validate-deploy-mfa.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 732aada2b0..1eecb7cf9f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -18,6 +18,9 @@ ms.reviewer: --- # Validate and Deploy Multifactor Authentication Services (MFA) +> [!IMPORTANT] +> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. + **Applies to** - Windows 10, version 1703 or later - On-premises deployment From 32885dbfedf8d03fc6f794ff325ba67aeb91193e Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 9 Jul 2019 14:01:30 -0700 Subject: [PATCH 099/395] safety commit --- .../deployment/update/waas-mobile-updates.md | 36 ++++++------------- windows/deployment/update/waas-quick-start.md | 5 ++- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index 64cc697106..096224042e 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -4,10 +4,9 @@ description: tbd ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: greg-lindsay +author: jaimeo ms.localizationpriority: medium -ms.author: greglin -ms.date: 07/27/2017 +ms.author: jaimeo ms.reviewer: manager: laurawi ms.topic: article @@ -26,36 +25,22 @@ ms.topic: article >[!TIP] >If you're not familiar with the Windows 10 servicing or release channels, read [Servicing channels](waas-overview.md#servicing-channels) first. -Devices running Windows 10 Mobile and Windows 10 IoT Mobile receive updates from the Semi-annual channel unless you [enroll the device in the Windows Insider Program](waas-servicing-channels-windows-10-updates.md#enroll-devices-in-the-windows-insider-program) or assign the device to Current Branch for Business (CBB). Only devices running Windows 10 Mobile Enterprise or Windows 10 IoT Mobile can be assigned to CBB. +Devices running Windows 10 Mobile and Windows 10 IoT Mobile receive updates from the Semi-annual Channel unless you [enroll the device in the Windows Insider Program](waas-servicing-channels-windows-10-updates.md#enroll-devices-in-the-windows-insider-program). [Learn how to upgrade Windows 10 Mobile to Windows 10 Mobile Enterprise](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades) -
->[!IMPORTANT] ->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. -> ->In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. -| Windows 10 edition | CB | CBB | Insider Program | -| --- | --- | --- | --- | --- | -| Mobile | ![yes](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | -| Mobile Enterprise | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | -| IoT Mobile | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | +| Windows 10 edition | Semi-annual Channel | Insider Program | +| --- | --- | --- | --- | +| Mobile | ![no](images/crossmark.png) | ![yes](images/checkmark.png) | +| Mobile Enterprise | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | +| IoT Mobile | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | -
-Configuration of Windows 10 Mobile and Windows 10 IoT Mobile devices is limited to the feature set pertaining to Quality Updates only. That is, Windows Mobile Feature Updates are categorized the same as Quality Updates, and can only be deferred by setting the Quality Update deferral period, for a maximum period of 30 days. You can use mobile device management (MDM) to manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. Updates cannot be managed for Windows 10 Mobile. -## Windows 10, version 1511 +Configuration of Windows 10 Mobile and Windows 10 IoT Mobile devices is limited to the feature set pertaining to quality updates only. That is, Windows Mobile feature updates are categorized the same as quality updates, and can only be deferred by setting the quality update deferral period, for a maximum period of 30 days. You can use mobile device management (MDM) to manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. Updates cannot be managed for Windows 10 Mobile. -Only the following Windows Update for Business policies are supported for Windows 10 Mobile and Windows 10 IoT Mobile: - -- ../Vendor/MSFT/Policy/Config/Update/RequireDeferredUpgrade -- ../Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod -- ../Vendor/MSFT/Policy/Config/Update/PauseDeferrals - -To defer the update period or pause deferrals, the device must be configured for CBB servicing branch by applying the **RequireDeferredUpgrade** policy. ## Windows 10, version 1607 @@ -65,9 +50,8 @@ Only the following Windows Update for Business policies are supported for Window - ../Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesInDays - ../Vendor/MSFT/Policy/Config/Update/PauseQualityUpdates -In version 1607, you can defer and pause updates for devices on both the CB and CBB servicing branches. -If a device running Windows 10 Mobile Enterprise or Windows 10 IoT Mobile, version 1511, has Windows Update for Business policies applied and is then updated to version 1607, version 1511 policies continue to apply until version 1607 policies are applied. + diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 2c926db3d9..3b707751c0 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -5,10 +5,9 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: greg-lindsay +author: jaimeo ms.localizationpriority: medium -ms.author: greg-lindsay -ms.date: 10/17/2018 +ms.author: jaimeo ms.reviewer: manager: laurawi ms.topic: article From 30ff51b96e72101031d981c1522c93f787ad1865 Mon Sep 17 00:00:00 2001 From: Steve Burkett Date: Wed, 10 Jul 2019 14:04:40 +1200 Subject: [PATCH 100/395] Update hello-hybrid-aadj-sso-cert.md Couple of small corrections - Certificate Authorities now called Certificate Connectors in Intune portal; typo in NDES Connector test command. --- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 4baae2e5a4..1c768a8f42 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -535,7 +535,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 1. Sign-in to the [Azure Portal](https://portal.azure.com/). 2. Select **All Services**. Type **Intune** to filter the list of services. Click **Microsoft Intune**. ![Microsoft Intune Console](images/aadjcert/microsoftintuneconsole.png) -3. Select **Device Configuration**, and then select **Certificate Authority**. +3. Select **Device Configuration**, and then select **Certificate Connectors**. ![Intune Certificate Authority](images/aadjcert/intunedeviceconfigurationcertauthority.png) 4. Click **Add**, and then click **Download the certificate connector software** under the **Steps to install connector for SCEP** section. ![Intune Download Certificate connector](images/aadjcert/intunedownloadcertconnector.png) @@ -610,7 +610,7 @@ Sign-in the NDES server with access equivalent to _domain admin_. 1. Open a command prompt. 2. Type the following command to confirm the NDES Connector's last connection time is current.
-```reg query hklm\software\Micosoft\MicrosoftIntune\NDESConnector\ConnectionStatus```
+```reg query hklm\software\Microsoft\MicrosoftIntune\NDESConnector\ConnectionStatus```
3. Close the command prompt. 4. Open **Internet Explorer**. 5. In the navigation bar, type
From bc78f83a1ff9f560bb7470061c6b414706c59a81 Mon Sep 17 00:00:00 2001 From: Steve Burkett Date: Wed, 10 Jul 2019 14:26:06 +1200 Subject: [PATCH 101/395] Update hello-hybrid-aadj-sso-cert.md Minor changes: corrected 1 x typo and 1 x bad formatting. --- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 4baae2e5a4..50b9d742a4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -636,7 +636,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 8. Click **Members**. Use the **Select members** pane to add members to this group. When finished click **Select**. 9. Click **Create**. -### Create a SCEP Certificte Profile +### Create a SCEP Certificate Profile Sign-in a workstation with access equivalent to a _domain user_. 1. Sign-in to the [Azure Portal](https://portal.azure.com/). @@ -659,7 +659,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**. 14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority. ![WHFB SCEP certificate profile Trusted Certificate selection](images/aadjcert/intunewhfbscepprofile-01.png) -15. Under **Extended key usage**, type **Smart Card Logon** under Name. Type **1.3.6.1.4.1.311.20.2.2 under **Object identifier**. Click **Add**. +15. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Click **Add**. 16. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**. ![WHFB SCEP certificate Profile EKUs](images/aadjcert/intunewhfbscepprofile-03.png) 17. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll. Click **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests amongst the URLs listed in the SCEP certificate profile. From 2a7393b19ae320ba608d4d7c27e01ffa57242541 Mon Sep 17 00:00:00 2001 From: Reece Peacock <49645174+Reeced40@users.noreply.github.com> Date: Wed, 10 Jul 2019 15:32:27 +0200 Subject: [PATCH 102/395] Update remove-provisioned-apps-during-update.md Added apps. --- .../remove-provisioned-apps-during-update.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 371e401c1a..a828991d9d 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -162,9 +162,13 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe] -``` +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe] +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe] + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe] +``` [Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) [Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) From 33e13b0fde00ca8c57ebafe9a2d21a7645a80752 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 12 Jul 2019 11:53:02 +0500 Subject: [PATCH 103/395] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 960a7fb0ca..3e059d2d47 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -111,15 +111,16 @@ They could also choose to create a catalog that captures information about the u Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. -- New-CIPolicy parameters +- New-CIPolicy parameter - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) ```powershell - New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u + New-CIPolicy -FilePath .\mypolicy.xml -Level FileName -ScanPath -UserPEs ``` Optionally, add -UserWriteablePaths to ignore user writeability - + +- New-CIPolicyRule parameter - FilePathRule: create a rule where filepath string is directly set to value of \ ```powershell @@ -134,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD $rules = New-CIPolicyRule … $rules += New-CIPolicyRule … … - New-CIPolicyRule -f .\mypolicy.xml -u + New-CIPolicyRule -FilePath .\mypolicy.xml -UserPEs ``` - Wildcards supported @@ -149,6 +150,6 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: ```powershell - Set-RuleOption -o 18 .\policy.xml + Set-RuleOption -Option 18 .\policy.xml ``` From bb8cbe683de5601a10b98b411c6257eb6e3cefe7 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 12 Jul 2019 12:00:14 +0500 Subject: [PATCH 104/395] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 3e059d2d47..a040c9fc58 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -135,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD $rules = New-CIPolicyRule … $rules += New-CIPolicyRule … … - New-CIPolicyRule -FilePath .\mypolicy.xml -UserPEs + New-CIPolicy -FilePath .\mypolicy.xml -Rules $rules -UserPEs ``` - Wildcards supported From 680646be9ae7e8d6167977154c12d978dd401de9 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 12 Jul 2019 16:46:03 -0400 Subject: [PATCH 105/395] fix: MD037/no-space-in-emphasis Spaces inside emphasis markers --- mdop/appv-v4/app-v-45-sp2-release-notes.md | 4 ++-- ...nly-cache-on-the-app-v-client--rds--sp1.md | 2 +- ...ad-only-cache-on-the-app-v-client--vdi-.md | 2 +- ...ion-46-service-pack-2-privacy-statement.md | 24 +++++++++---------- mdop/appv-v4/planning-for-client-security.md | 4 ++-- .../security-and-protection-overview.md | 2 +- .../how-to-configure-image-pre-staging.md | 12 +++++----- .../get-started-with-ue-v-2x-new-uevv2.md | 2 +- .../mdm/policy-csp-applicationmanagement.md | 2 +- .../mdm/policy-csp-internetexplorer.md | 4 ++-- .../mdm/policy-csp-remotemanagement.md | 2 +- .../mdm/policy-csp-system.md | 4 ++-- .../troubleshoot-inaccessible-boot-device.md | 2 +- .../access-control/security-identifiers.md | 4 ++-- .../hello-for-business/hello-features.md | 2 +- .../threat-protection/auditing/event-4612.md | 4 ++-- .../threat-protection/auditing/event-4615.md | 2 +- .../threat-protection/auditing/event-4624.md | 2 +- .../threat-protection/auditing/event-4670.md | 2 +- .../threat-protection/auditing/event-4688.md | 2 +- .../threat-protection/auditing/event-4704.md | 2 +- .../threat-protection/auditing/event-4705.md | 2 +- .../threat-protection/auditing/event-4715.md | 2 +- .../threat-protection/auditing/event-4717.md | 2 +- .../threat-protection/auditing/event-4718.md | 2 +- .../threat-protection/auditing/event-4738.md | 2 +- .../threat-protection/auditing/event-4742.md | 2 +- .../threat-protection/auditing/event-4817.md | 4 ++-- .../threat-protection/auditing/event-4864.md | 2 +- .../threat-protection/auditing/event-4907.md | 2 +- .../threat-protection/auditing/event-4911.md | 2 +- .../threat-protection/auditing/event-4913.md | 2 +- .../threat-protection/auditing/event-5143.md | 2 +- .../threat-protection/auditing/event-5145.md | 2 +- .../threat-protection/auditing/event-5150.md | 2 +- .../threat-protection/auditing/event-5151.md | 2 +- .../threat-protection/auditing/event-6400.md | 2 +- .../threat-protection/auditing/event-6401.md | 2 +- .../threat-protection/auditing/event-6402.md | 2 +- .../threat-protection/auditing/event-6403.md | 2 +- .../threat-protection/auditing/event-6404.md | 2 +- .../threat-protection/auditing/event-6409.md | 2 +- .../get-user-related-alerts.md | 2 +- .../get-user-related-machines.md | 2 +- ...dit-the-access-of-global-system-objects.md | 2 +- ...-connections-windows-defender-antivirus.md | 6 ++--- .../using-event-viewer-with-applocker.md | 8 +++---- .../working-with-applocker-policies.md | 2 +- 48 files changed, 76 insertions(+), 76 deletions(-) diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md index dc5d8fafe0..881c7d1187 100644 --- a/mdop/appv-v4/app-v-45-sp2-release-notes.md +++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md @@ -73,11 +73,11 @@ When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.m When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP2 Desktop Client: -**    msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** +**msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client for Remote Desktop Services (formerly Terminal Services), use the following command: -**    msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** +**msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** **Note**   - The APPGUID parameter references the product code of the App-V Clients that you install or upgrade. The product code is unique for each Setup.msi. You can use the Orca Database Editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP2. diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md index 801b2d13bc..130a3ba1eb 100644 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md +++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md @@ -156,7 +156,7 @@ Instead of changing the AppFS key FILENAME value every time that a new cache fil 3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - **     fsutil behavior set SymlinkEvaluation R2R:1** + **fsutil behavior set SymlinkEvaluation R2R:1** **Note**   On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md index 2ee211e811..ab53e737d0 100644 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md +++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md @@ -167,7 +167,7 @@ Instead of modifying the AppFS key FILENAME value every time that a new cache fi 3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - **     fsutil behavior set SymlinkEvaluation R2R:1** + **fsutil behavior set SymlinkEvaluation R2R:1** **Note**   On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md index f7ffd9de24..11b0ee223a 100644 --- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md +++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md @@ -76,7 +76,7 @@ This section is divided into two parts: (1) features in all versions of App-V an Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . @@ -84,7 +84,7 @@ For information about the information collected, processed, or transmitted by Mi We use the error reporting data to solve customer problems and improve our software and services. -**Choice/Control: ** +**Choice/Control:** App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send Microsoft the information about the errors you encountered. When Microsoft needs additional data to analyze the problem, you will be prompted to review the data and choose whether or not to send it.  App-V will always respect your Microsoft Error Reporting settings. @@ -98,7 +98,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at . -**Choice/Control: ** +**Choice/Control:** If Microsoft Update is not enabled, you can opt-in during setup and subsequent checks for updates will follow the machine-wide schedule. You can update this option from the Microsoft Update Control Panel item. @@ -108,7 +108,7 @@ If Microsoft Update is not enabled, you can opt-in during setup and subsequent c The product will collect various configuration items, including UserID, MachineID and SecurityGroup details, to be able to enforce settings on managed nodes. The data is stored in the App-V SQL database and transmitted across the App-V server and client components to enforce the configuration on the managed node. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** User and machine information and configuration content @@ -116,7 +116,7 @@ User and machine information and configuration content The information is used to enforce the application access configuration on the managed nodes within the enterprise. The information does not leave the enterprise. -**Choice/Control: ** +**Choice/Control:** By default, the product does not have any data. All data is entered and enabled by the admin and can be viewed in the Management console. The feature cannot be disabled as this is the product functionality. To disable this, App-V will need to be uninstalled. @@ -130,7 +130,7 @@ None of this information is sent out of the enterprise. It captures package history and asset information as part of the package. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Information about the package and the sequencing environment is collected and stored in the package manifest during sequencing. @@ -138,7 +138,7 @@ Information about the package and the sequencing environment is collected and st The information will be used by the admin to track the updates done to a package during its lifecycle. It will also be used by software deployment systems to track the package deployments within the organization. -**Choice/Control: ** +**Choice/Control:** This feature is always enabled and cannot be turned off. @@ -152,7 +152,7 @@ This administrator information will be stored in the package and can be viewed b The product will collect a variety of reporting data points, including the username, to allow reporting on the usage of the product. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Information about the machine, package and application usage are collected from every machine that reporting is enabled on. @@ -160,7 +160,7 @@ Information about the machine, package and application usage are collected from The information is used to report on application usage within the enterprise. The information does not leave the enterprise. -**Choice/Control: ** +**Choice/Control:** By default, the product does not have any data. Data is only collected once the reporting feature is enabled on the App-V Client. To disable the collection of reporting data, the reporting feature must be disabled on all clients. @@ -178,7 +178,7 @@ This section addresses specific features available in App-V 4.6 SP1 and later. The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . @@ -186,7 +186,7 @@ For more information about the information collected, processed, or transmitted We use this information to improve the quality, reliability, and performance of Microsoft software and services. -**Choice/Control: ** +**Choice/Control:** CEIP is optional and the opt-in status can be updated during install or post install from the GUI.   @@ -196,7 +196,7 @@ CEIP is optional and the opt-in status can be updated during install or post ins Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications. -**Information Collected, Processed, or Transmitted: ** +**Information Collected, Processed, or Transmitted:** Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file. diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md index 6050d3895b..4d95a5a3b3 100644 --- a/mdop/appv-v4/planning-for-client-security.md +++ b/mdop/appv-v4/planning-for-client-security.md @@ -34,7 +34,7 @@ By default, at installation the App-V client is configured with the minimum perm By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see . -**Security Note:  ** +**Security Note:** Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown: @@ -50,7 +50,7 @@ During installation, you can use the **RequireAuthorizationIfCached** parameter Antivirus software running on an App-V Client computer can detect and report an infected file in the virtual environment. However, it cannot disinfect the file. If a virus is detected in the virtual environment, the antivirus software would perform the configured quarantine or repair operation in the cache, not in the actual package. Configure the antivirus software with an exception for the sftfs.fsd file. This file is the cache file that stores packages on the App-V Client. -**Security Note:  ** +**Security Note:** If a virus is detected in an application or package deployed in the production environment, replace the application or package with a virus-free version. diff --git a/mdop/appv-v4/security-and-protection-overview.md b/mdop/appv-v4/security-and-protection-overview.md index fc4bd7ab49..ccac6f1558 100644 --- a/mdop/appv-v4/security-and-protection-overview.md +++ b/mdop/appv-v4/security-and-protection-overview.md @@ -21,7 +21,7 @@ Microsoft Application Virtualization 4.5 provides the following enhanced securi - Application Virtualization now supports Transport Layer Security (TLS) using X.509 V3 certificates. Provided that a server certificate has been provisioned to the planned Application Virtualization Management or Streaming Server, the installation will default to secure, using the RTSPS protocol over port 322. Using RTSPS ensures that communication between the Application Virtualization Servers and the Application Virtualization Clients is signed and encrypted. If no certificate is assigned to the server during the Application Virtualization Server installation, the communication will be set to RTSP over port 554. - **Security Note:  ** + **Security Note:** To help provide a secure setup of the server, you must make sure that RTSP ports are disabled even if you have all packages configured to use RTSPS. diff --git a/mdop/medv-v1/how-to-configure-image-pre-staging.md b/mdop/medv-v1/how-to-configure-image-pre-staging.md index 5d736b92b9..36f12450ad 100644 --- a/mdop/medv-v1/how-to-configure-image-pre-staging.md +++ b/mdop/medv-v1/how-to-configure-image-pre-staging.md @@ -72,17 +72,17 @@ Image pre-staging is useful only for the initial image download. It is not suppo **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)** - **                                READ\_CONTROL** + **READ\_CONTROL** - **                                                                                SYNCHRONIZE** + **SYNCHRONIZE** - **                                                                                FILE\_GENERIC\_READ** + **FILE\_GENERIC\_READ** - **                                                                                                FILE\_READ\_DATA** + **FILE\_READ\_DATA** - **                                                                                FILE\_READ\_EA** + **FILE\_READ\_EA** - **                                                                                FILE\_READ\_ATTRIBUTES** + **FILE\_READ\_ATTRIBUTES** **NT AUTHORITY\\SYSTEM:(OI)(CI)F** diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md index a18ae22ef9..d918fb1b54 100644 --- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md +++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md @@ -193,7 +193,7 @@ You’ll need to deploy a settings storage location, a standard network share wh -**Security Note:  ** +**Security Note:** If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 29d419c3dd..3adcbafde8 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -537,7 +537,7 @@ Added in Windows 10, version 1607. Boolean value that disables the launch of al ADMX Info: -- GP English name: *Disable all apps from Microsoft Store * +- GP English name: *Disable all apps from Microsoft Store* - GP name: *DisableStoreApps* - GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 69b9a21645..0cb9a3b3d4 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -13428,7 +13428,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T ADMX Info: -- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * +- GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer* - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* @@ -16504,7 +16504,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. ADMX Info: -- GP English name: *Security Zones: Use only machine settings * +- GP English name: *Security Zones: Use only machine settings* - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index ba8a7d6310..f176045650 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -365,7 +365,7 @@ If you disable or do not configure this policy setting, the WinRM service will n The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. -You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. +You should use an asterisk (\*) to indicate that the service listens on all available IP addresses on the computer. When \* is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 99b3c5e4f3..11e0ca009c 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1068,7 +1068,7 @@ If you disable or don't configure this policy setting, the Delete diagnostic dat ADMX Info: -- GP English name: *Disable deleting diagnostic data * +- GP English name: *Disable deleting diagnostic data* - GP name: *DisableDeviceDelete* - GP element: *DisableDeviceDelete* - GP path: *Data Collection and Preview Builds* @@ -1131,7 +1131,7 @@ If you disable or don't configure this policy setting, the Diagnostic Data Viewe ADMX Info: -- GP English name: *Disable diagnostic data viewer. * +- GP English name: *Disable diagnostic data viewer.* - GP name: *DisableDiagnosticDataViewer* - GP element: *DisableDiagnosticDataViewer* - GP path: *Data Collection and Preview Builds* diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index c82c69f352..de195c15da 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -171,7 +171,7 @@ Run the following command to verify the Windows update installation and dates: Dism /Image:: /Get-packages ``` -After you run this command, you will see the **Install pending** and **Uninstall Pending ** packages: +After you run this command, you will see the **Install pending** and **Uninstall Pending** packages: ![Dism output](images/pendingupdate.png) diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index d8db3e63d2..c1d0c47fdc 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -194,9 +194,9 @@ The SECURITY\_NT\_AUTHORITY (S-1-5) predefined identifier authority produces SID | S-1-5-2 | Network | A group that includes all users who are logged on by means of a network connection. Access tokens for interactive users do not contain the Network SID.| | S-1-5-3 | Batch | A group that includes all users who have logged on by means of a batch queue facility, such as task scheduler jobs.| | S-1-5-4 | Interactive| A group that includes all users who log on interactively. A user can start an interactive logon session by logging on directly at the keyboard, by opening a Remote Desktop Services connection from a remote computer, or by using a remote shell such as Telnet. In each case, the user's access token contains the Interactive SID. If the user signs in by using a Remote Desktop Services connection, the user's access token also contains the Remote Interactive Logon SID.| -| S-1-5-5- *X *- *Y * | Logon Session| The *X * and *Y * values for these SIDs uniquely identify a particular logon session.| +| S-1-5-5- *X*-*Y* | Logon Session| The *X* and *Y* values for these SIDs uniquely identify a particular logon session.| | S-1-5-6 | Service| A group that includes all security principals that have signed in as a service.| -| S-1-5-7 | Anonymous Logon| A user who has connected to the computer without supplying a user name and password.
The Anonymous Logon identity is different from the identity that is used by Internet Information Services (IIS) for anonymous web access. IIS uses an actual account—by default, IUSR_ *ComputerName *, for anonymous access to resources on a website. Strictly speaking, such access is not anonymous because the security principal is known even though unidentified people are using the account. IUSR_ *ComputerName * (or whatever you name the account) has a password, and IIS logs on the account when the service starts. As a result, the IIS "anonymous" user is a member of Authenticated Users but Anonymous Logon is not.| +| S-1-5-7 | Anonymous Logon| A user who has connected to the computer without supplying a user name and password.
The Anonymous Logon identity is different from the identity that is used by Internet Information Services (IIS) for anonymous web access. IIS uses an actual account—by default, IUSR_ *ComputerName*, for anonymous access to resources on a website. Strictly speaking, such access is not anonymous because the security principal is known even though unidentified people are using the account. IUSR_ *ComputerName* (or whatever you name the account) has a password, and IIS logs on the account when the service starts. As a result, the IIS "anonymous" user is a member of Authenticated Users but Anonymous Logon is not.| | S-1-5-8| Proxy| Does not currently apply: this SID is not used.| | S-1-5-9 | Enterprise Domain Controllers| A group that includes all domain controllers in a forest of domains.| | S-1-5-10 | Self| A placeholder in an ACE for a user, group, or computer object in Active Directory. When you grant permissions to Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Self with the SID for the security principal that is represented by the object.| diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md index cc796078e6..edcd394519 100644 --- a/windows/security/identity-protection/hello-for-business/hello-features.md +++ b/windows/security/identity-protection/hello-for-business/hello-features.md @@ -147,7 +147,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10 ### On-premises Deployments -** Requirements** +**Requirements** * Active Directory * On-premises Windows Hello for Business deployment * Reset from settings - Windows 10, version 1703, Professional diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 163c584492..2ca7cca35a 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -30,9 +30,9 @@ There is no example of this event in this document. ***Event Schema:*** -*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. * +*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.* -*Number of audit messages discarded: %1 * +*Number of audit messages discarded: %1* *This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.* diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index be8925c8ba..9231f28b82 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -48,7 +48,7 @@ It appears that this event never occurs. *LPC Server Port Name:%6* -*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel." * +*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel."* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index f3c3ed088b..2ca7e8267c 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -138,7 +138,7 @@ This event generates when a logon session is created (on destination machine). I - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.” -**Logon Information** \[Version 2\]**: ** +**Logon Information** \[Version 2\]**:** - **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 95a2dfe34f..45dcd000c9 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -142,7 +142,7 @@ Before this event can generate, certain ACEs might need to be set in the object - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 8e1fe42fab..94d84a85cf 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -151,7 +151,7 @@ This event generates every time a new process starts. - **New Process Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the new process. -- **Token Elevation Type** \[Type = UnicodeString\]**: ** +- **Token Elevation Type** \[Type = UnicodeString\]**:** - **TokenElevationTypeDefault (1):** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index f9b06a7a3b..f78b83ef3c 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were assigned. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**New Right: ** +**New Right:** - **User Right** \[Type = UnicodeString\]: the list of assigned user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index d009b73786..09c240e026 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Removed Right: ** +**Removed Right:** - **User Right** \[Type = UnicodeString\]: the list of removed user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 38d46d5ace..c51f51c999 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -100,7 +100,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - **New Security Descriptor** \[Type = UnicodeString\]**:** new Security Descriptor Definition Language (SDDL) value for the audit policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index f04223bd5b..13f2c744aa 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were granted to mu - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was granted. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Granted: ** +**Access Granted:** - **Access Right** \[Type = UnicodeString\]: the name of granted logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a86f9f5168..9bb398d835 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were removed for m - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Removed: ** +**Access Removed:** - **Access Right** \[Type = UnicodeString\]: the name of removed logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 8597d956a6..faa3dcf853 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -266,7 +266,7 @@ For 4738(S): A user account was changed. |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Display Name**
**User Principal Name**
**Home Directory**
**Home Drive**
**Script Path**
**Profile Path**
**User Workstations**
**Password Last Set**
**Account Expires**
**Primary Group ID
Logon Hours** | We recommend monitoring all changes for these fields for critical domain and local accounts. | | **Primary Group ID** is not 513 | Typically, the **Primary Group** value is 513 for domain and local users. Other values should be monitored. | -| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following user account control flags: diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 22ae105d96..b39135ee00 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -276,7 +276,7 @@ For 4742(S): A computer account was changed. | **Display Name** is not -
**User Principal Name** is not -
**Home Directory** is not -
**Home Drive** is not -
**Script Path** is not -
**Profile Path** is not -
**User Workstations** is not -
**Account Expires** is not -
**Logon Hours** is not **-** | Typically these fields are **-** for computer accounts. Other values might indicate an anomaly and should be monitored. | | **Password Last Set** changes occur more often than usual | Changes that are more frequent than the default (typically once a month) might indicate an anomaly or attack. | | **Primary Group ID** is not 516, 521, or 515 | Typically, the **Primary Group ID** value is one of the following:
**516** for domain controllers
**521** for read only domain controllers (RODCs)
**515** for servers and workstations (domain computers)
Other values should be monitored. | -| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following account control flags: diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 74ffbb09b0..efdf01da8a 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -116,7 +116,7 @@ Separate events will be generated for “Registry” and “File system” polic | Job | Port | FilterConnectionPort | | | ALPC Port | Semaphore | Adapter | | -- **Object Name: ** +- **Object Name:** - Key – if “Registry” Global Object Access Auditing policy was changed. @@ -128,7 +128,7 @@ Separate events will be generated for “Registry” and “File system” polic - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the Global Object Access Auditing policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index e62c824d10..62ced88fe8 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -44,7 +44,7 @@ There is no example of this event in this document. *Security ID:%7* -*New Flags:%8 * +*New Flags:%8* ***Required Server Roles:*** Active Directory domain controller. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index f74c140ce4..34454c6d14 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -159,7 +159,7 @@ This event doesn't generate for Active Directory objects. - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index cc73362f36..d385a72649 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -152,7 +152,7 @@ Resource attributes for file or folder can be changed, for example, using Window - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new resource attributes. See more information in **Resource Attributes\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index f8dcd9f29b..3be7e9bec3 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -156,7 +156,7 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new Central Policy ID (for the policy that has been applied to the object). See more information in **Central Policy ID\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index 81e6052b16..c7f46521ae 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -141,7 +141,7 @@ This event generates every time network share object was modified. - **New SD** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for network share security descriptor. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 696faaadce..f5ec73669e 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -177,7 +177,7 @@ REQUESTED\_ACCESS: RESULT ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS. - ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS: the Security Descriptor Definition Language (SDDL) value for Access Control Entry (ACE), which granted or denied access. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 4d84e4bb68..c1f8d98680 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 25faaeb212..699a093def 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index d018fdee5e..7a379132bc 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -30,7 +30,7 @@ There is no example of this event in this document. *BranchCache: Received an incorrectly formatted response while discovering availability of content.* -*IP address of the client that sent this response:%1 * +*IP address of the client that sent this response:%1* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 9f647bcec8..1ce4c083dd 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Received invalid data from a peer. Data discarded. * +*BranchCache: Received invalid data from a peer. Data discarded.* *IP address of the client that sent this data:%1* diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 5002d2167c..dde20455d3 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The message to the hosted cache offering it data is incorrectly formatted. * +*BranchCache: The message to the hosted cache offering it data is incorrectly formatted.* *IP address of the client that sent this message: %1* diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 29629cb6a7..e8020581ad 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data. * +*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data.* *Domain name of the hosted cache is:%1* diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index 0505b241b2..43228f26be 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. * +*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.* *Domain name of the hosted cache:%1* diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 8f28ea3891..e1f76dbf69 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: A service connection point object could not be parsed. * +*BranchCache: A service connection point object could not be parsed.* *SCP object GUID: %1* diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 2b5551a0bb..92bc4c7650 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' GET /api/users/{id}/alerts ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts)** ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 341c605bbb..ca042a7e99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine GET /api/users/{id}/machines ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines)** ## Request headers diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index 4fcca719b6..ef5a46869a 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -102,7 +102,7 @@ If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is conf | 565 | Access was granted to an already existing object type. | | 567 | A permission associated with a handle was used.
**Note:** A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | | 569 | The resource manager in Authorization Manager attempted to create a client context. | -| 570 | A client attempted to access an object.
**Note: ** An event will be generated for every attempted operation on the object. | +| 570 | A client attempted to access an object.
**Note:** An event will be generated for every attempted operation on the object. | ## Security considerations diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index c06a9f2d2f..c1445cd23f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -54,10 +54,10 @@ As a cloud service, it is required that computers have access to the internet an | *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com *.wdcpalt.microsoft.com *.wd.microsoft.com| | *Microsoft Update Service (MU)*| Security intelligence and product updates |*.update.microsoft.com| | *Security intelligence updates Alternate Download Location (ADL)*| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| *.download.microsoft.com| -| *Malware submission storage *|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | +| *Malware submission storage*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | | *Certificate Revocation List (CRL)* |Used by Windows when creating the SSL connection to MAPS for updating the CRL | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs | -| *Symbol Store *|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | -| *Universal Telemetry Client* | Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: * vortex-win.data.microsoft.com * settings-win.data.microsoft.com| +| *Symbol Store*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | +| *Universal Telemetry Client* | Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: *vortex-win.data.microsoft.com* settings-win.data.microsoft.com| ## Validate connections between your network and the cloud diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 6fa4d92a72..a3834e3625 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -50,11 +50,11 @@ The following table contains information about the events that you can use to de | 8000 | Error| Application Identity Policy conversion failed. Status *<%1> *| Indicates that the policy was not applied correctly to the computer. The status message is provided for troubleshooting purposes.| | 8001 | Information| The AppLocker policy was applied successfully to this computer.| Indicates that the AppLocker policy was successfully applied to the computer.| | 8002 | Information| *<File name> * was allowed to run.| Specifies that the .exe or .dll file is allowed by an AppLocker rule.| -| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| +| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| | 8005| Information| *<File name> * was allowed to run.| Specifies that the script or .msi file is allowed by an AppLocker rule.| -| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| +| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| | 8008| Error| AppLocker disabled on the SKU.| Added in Windows Server 2012 and Windows 8.| | 8020| Information| Packaged app allowed.| Added in Windows Server 2012 and Windows 8.| | 8021| Information| Packaged app audited.| Added in Windows Server 2012 and Windows 8.| diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 8e77d3e330..d3c403d633 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -30,7 +30,7 @@ This topic for IT professionals provides links to procedural topics about creati | Topic | Description | | - | - | | [Configure the Application Identity service](configure-the-application-identity-service.md) | This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.| -| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only ** within your IT environment by using AppLocker.| +| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.| | [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) | This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.| | [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) | This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.| | [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) | This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.| From bd852f1b071700ed0186b4e668e2f7cea9298ec7 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 15 Jul 2019 15:55:14 +0500 Subject: [PATCH 106/395] Updated script line There was typo in the script variable and has been fixed. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4084 --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 3fe994764f..641e5878eb 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -208,7 +208,7 @@ You can also disable Windows Defender Credential Guard by using the [Windows Def DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot ``` > [!IMPORTANT] -> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. +> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. > This is a known issue. #### Disable Windows Defender Credential Guard for a virtual machine From 7205ec071f061b5db00d2245357abbcdd43a5104 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 15 Jul 2019 13:29:40 -0700 Subject: [PATCH 107/395] Update security-compliance-toolkit-10.md Updated link for Security blog since we moved it --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index c2c3f86318..7036973802 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -49,7 +49,7 @@ The Security Compliance Toolkit consists of: - Local Group Policy Object (LGPO) tool -You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/). +You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/bg-p/Microsoft-Security-Baselines). ## What is the Policy Analyzer tool? From 203aefd3a2ab6064194d1da41978f44bb2b4cf2c Mon Sep 17 00:00:00 2001 From: TokyoScarab Date: Mon, 15 Jul 2019 16:31:24 -0500 Subject: [PATCH 108/395] Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deployment/update/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 652a143a93..164db3333a 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -106,7 +106,7 @@ Download mode dictates which download sources clients are allowed to use when do | --- | --- | | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. | | LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then attempts to connect to other peers on the same network by using their private subnet IP.| -| Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and Active Directory Domain Services sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. | +| Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use the GroupID option to create your own custom group independently of domains and Active Directory Domain Services sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other methods to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. | | Internet (3) | Enable Internet peer sources for Delivery Optimization. | | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. | |Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using SCCM. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. | From 6cab2580cfde0853323f131314004de39dc3ab1c Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 16 Jul 2019 23:42:05 +0500 Subject: [PATCH 109/395] * was mistakenly there in the command Made a correction as * was mistakenly shown in the command. --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 641e5878eb..49f533818e 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -115,7 +115,7 @@ You can also enable Windows Defender Credential Guard by using the [Windows Defe DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot ``` > [!IMPORTANT] -> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. +> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. > This is a known issue. ### Review Windows Defender Credential Guard performance From f28e55c14725310c7f5ad92a83b3ced73f00e6c8 Mon Sep 17 00:00:00 2001 From: Brent Kendall Date: Tue, 16 Jul 2019 14:17:09 -0700 Subject: [PATCH 110/395] Made PKID instructions more accurate Previously, the requirements made it sound like the PKID should be entered into the SMBIOS, but it doesn't go there. So, I changed it to say the PKID (created by the OA3 Tool) should be submitted with the CBR report (not injected into the BIOS). --- .../windows-autopilot/autopilot-device-guidelines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md index 2997787bd1..a081a6f68e 100644 --- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -28,8 +28,8 @@ All devices used with Windows Autopilot should meet the [minimum hardware requir The following additional best practices ensure that devices can easily be provisioned by organizations as part of the Windows Autopilot deployment process: - Ensure that the TPM 2.0 is enabled and in a good state (not in Reduced Functionality Mode) by default on devices intended for Windows Autopilot self-deploying mode. -- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) or PKID + SmbiosSystemSerialNumber into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h). -- The OEM uploads 4K Hardware Hashes obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner. +- The OEM provisions unique tuple info (SmbiosSystemManufacturer, SmbiosSystemProductName, SmbiosSystemSerialNumber) into the [SMBIOS fields](https://docs.microsoft.com/windows-hardware/drivers/bringup/smbios) per Microsoft specification (Manufacturer, Product Name and Serial Number stored in SMBIOS Type 1 04h, Type 1 05h and Type 1 07h). +- The OEM uploads 4K Hardware Hashes that include the Product Key IDs (PKIDs) obtained using OA3 Tool RS3+ run in Audit mode on full OS to Microsoft via CBR report prior to shipping devices to an Autopilot customer or channel partner. - As a best practice, Microsoft requires that OEM shipping drivers are published to Windows Update within 30 days of the CBR being submitted, and system firmware and driver updates are published to Windows Update within 14 days - The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel. From 9494a283428b4a784e68901afcda7f6a4faba351 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 16 Jul 2019 23:45:57 +0200 Subject: [PATCH 111/395] Update windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index 2d6089ad5e..233354f110 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -138,7 +138,7 @@ cscript.exe SetConfig.vbs SecurityChip Active When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). -We added these five actions to the task sequence: +We have added these five actions to the task sequence: - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false. - **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf. From ec4aacc9ca9313d97404aa4e4331f6af552ae8f9 Mon Sep 17 00:00:00 2001 From: martyav Date: Wed, 17 Jul 2019 15:30:47 -0400 Subject: [PATCH 112/395] resolves #4409 --- .../wd-app-guard-overview.md | 66 +------------------ 1 file changed, 1 insertion(+), 65 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 4aadf6d205..bbec01b199 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -39,71 +39,7 @@ Application Guard has been created to target several types of systems: ## Frequently Asked Questions -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can I enable Application Guard on machines equipped with 4GB RAM? | -| **A:** | We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB. | - -
- - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees download documents from the Application Guard Edge session onto host devices? | -| **A:** | In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. | - -
- - -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees copy and paste between the host device and the Application Guard Edge session? | -| **A:** | Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. | - -
- - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why don't employees see their Favorites in the Application Guard Edge session? | -| **A:** | To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. | - -
- - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why aren’t employees able to see their Extensions in the Application Guard Edge session? | -| **A:** | Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. | - -
- - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? | -| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. | - -
- - -| | | -|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? | -| **A:** | This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature. | - -
- - -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | What is the WDAGUtilityAccount local account? | -| **A:** | This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. | - -
+Please see [Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md) for common user-submitted questions. ## Related topics From 75ecca9636b52818499780cd723d6b397fc3ccbb Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 17 Jul 2019 17:31:56 -0500 Subject: [PATCH 113/395] Update and rename configure-mssp-support-windows-defender-advanced-threat-protection.md to configure-mssp-support.md --- ...rotection.md => configure-mssp-support.md} | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) rename windows/security/threat-protection/windows-defender-atp/{configure-mssp-support-windows-defender-advanced-threat-protection.md => configure-mssp-support.md} (92%) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md similarity index 92% rename from windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md rename to windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md index 738c8f0548..7cf8f93bca 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md @@ -153,34 +153,28 @@ You'll need to create an application and grant it permissions to fetch alerts fr 2. Select **Azure Active Directory** > **App registrations**. -3. Click **New application registration**. +3. Click **New registration**. 4. Specify the following values: - Name: \ SIEM MSSP Connector (replace Tenant_name with the tenant display name) - - Application type: Web app / API - - Sign-on URL: `https://SiemMsspConnector` + - Supported account types: Account in this organizational directory only + - Redirect URI: Select Web and type `https:///SiemMsspConnector`(replace with the tenant name) -5. Click **Create**. The application is displayed in the list of applications you own. +5. Click **Register**. The application is displayed in the list of applications you own. -6. Select the application, then click **Settings** > **Properties**. +6. Select the application, then click **Overview**. -7. Copy the value from the **Application ID** field. +7. Copy the value from the **Application (client) ID** field to a safe place, you will need this on the next step. -8. Change the value in the **App ID URI** to: `https:///SiemMsspConnector` (replace \ with the tenant name. +8. Select **Certificate & secrets** in the new application panel. -9. Ensure that the **Multi-tenanted** field is set to **Yes**. - -10. In the **Settings** panel, select **Reply URLs** and add the following URL: `https://localhost:44300/wdatpconnector`. - -11. Click **Save**. - -12. Select **Keys** and specify the following values: +9. Click **New client secret**. - Description: Enter a description for the key. - Expires: Select **In 1 year** -13. Click **Save**. Save the value is a safe place, you'll need this +10. Click **Add**, copy the value of the client secret to a safe place, you will need this on the next step. ### Step 2: Get access and refresh tokens from your customer's tenant This section guides you on how to use a PowerShell script to get the tokens from your customer's tenant. This script uses the application from the previous step to get the access and refresh tokens using the OAuth Authorization Code Flow. @@ -249,9 +243,9 @@ After providing your credentials, you'll need to grant consent to the applicatio 6. Enter the following commands: `.\MsspTokensAcquisition.ps1 -clientId -secret -tenantId ` - - Replace \ with the Application ID you got from the previous step. - - Replace \ with the application key you created from the previous step. - - Replace \ with your customer's tenant ID. + - Replace \ with the **Application (client) ID** you got from the previous step. + - Replace \ with the **Client Secret** you created from the previous step. + - Replace \ with your customer's **Tenant ID**. 7. You'll be asked to provide your credentials and consent. Ignore the page redirect. From 4c9748fd846996a71e8830098673453bfcc5c28f Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 17 Jul 2019 20:32:01 -0500 Subject: [PATCH 114/395] Update apply-a-basic-audit-policy-on-a-file-or-folder.md --- ...ly-a-basic-audit-policy-on-a-file-or-folder.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 6622f7fc55..13f762f32c 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -36,6 +36,21 @@ To complete this procedure, you must be logged on as a member of the built-in Ad - To audit successful events, click **Success.** - To audit failure events, click **Fail.** - To audit all events, click **All.** +6. In the **Applies to** box, indicate to which object or objects the audit of events will apply, can be to: + - **This folder only.** + - **This folder, subfolders and files.** + - **This folder and subfolders.** + - **This folder and files.** + - **Subfolders and files only.** + - **Subfolders only** + - **Files only.** +7. By default the selected **Basic Permissions** to Audit are the following: + - **Read & Execute.** + - **List folder contents.** + - **Read.** + - You can additionally select the audit of **Full control**, **Modify** and/or **Write** permissions. With your desired combination. + + > **Important:**  Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.   From d16c927ac178164847a5a755406ed9f4dc170ccc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 09:05:30 +0530 Subject: [PATCH 115/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 008876e723..181c402c03 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -56,7 +56,7 @@ This can only be done in Group Policy. > >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. -0. Download the latest Administrative templates for windows 10 v1809 from below Microsoft official site +1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). **https://www.microsoft.com/en-us/download/details.aspx?id=57576** From d85aa5f07ab0d47adfcfa68584f67b2db1e610e6 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 09:06:17 +0530 Subject: [PATCH 116/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 181c402c03..3713800e19 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -57,7 +57,6 @@ This can only be done in Group Policy. >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). - **https://www.microsoft.com/en-us/download/details.aspx?id=57576** 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. From b3fe93ffa9006fd63e1377add4b1e109bae34cf2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 09:06:55 +0530 Subject: [PATCH 117/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 3713800e19..ab49b98816 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -58,7 +58,6 @@ This can only be done in Group Policy. 1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). - 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. From 98f883237f567ac2f183010d00e42cd6a838c108 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 09:07:35 +0530 Subject: [PATCH 118/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index ab49b98816..9ace2c3612 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -95,7 +95,7 @@ This can only be done in Group Policy. **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** **"DisableNotifications"=dword:00000001** -8. Corresponding registry key for **Hide not-critical notifications** +8. Use the following registry key and DWORD value to **Hide not-critical notifications** **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** **"DisableEnhancedNotifications"=dword:00000001** From ada58811038bd9e36805a5aecd83fa20551be230 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 09:08:21 +0530 Subject: [PATCH 119/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 9ace2c3612..4ddd16a1f3 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -90,7 +90,7 @@ This can only be done in Group Policy. 6. Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**. -7. Corresponding registry key for **Hide all notifications** +7. Use the following registry key and DWORD value to **Hide all notifications**. **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** **"DisableNotifications"=dword:00000001** From 4af3d5650c05e419ec2dd6a9ff5ff5a07e4db3a9 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Thu, 18 Jul 2019 01:24:10 -0400 Subject: [PATCH 120/395] fix: Replace syntax with langauge code 2 --- .../mdm/windowslicensing-csp.md | 12 +- .../mdm/windowssecurityauditing-csp.md | 2 +- .../customize-and-export-start-layout.md | 2 +- .../settings-that-can-be-locked-down.md | 2 +- ...v-application-template-schema-reference.md | 18 +-- ...anage-administrative-backup-and-restore.md | 4 +- ...plates-using-windows-powershell-and-wmi.md | 6 +- ...synchronizing-microsoft-office-with-uev.md | 2 +- .../assign-applications-using-roles-in-mdt.md | 4 +- ...d-environment-for-windows-10-deployment.md | 4 +- .../configure-mdt-deployment-share-rules.md | 10 +- .../configure-mdt-for-userexit-scripts.md | 4 +- .../create-a-windows-10-reference-image.md | 26 ++-- .../deploy-a-windows-10-image-using-mdt.md | 10 +- ...ntegrate-configuration-manager-with-mdt.md | 4 +- ...prepare-for-windows-deployment-with-mdt.md | 2 +- ...s-7-computer-with-a-windows-10-computer.md | 2 +- ...ows-10-deployment-in-a-test-environment.md | 2 +- .../use-web-services-in-mdt.md | 4 +- ...0-deployment-with-configuration-manager.md | 4 +- ...f-windows-10-with-configuration-manager.md | 2 +- windows/deployment/deploy-windows-to-go.md | 22 ++-- ...se-management-strategies-and-deployment.md | 2 +- .../usmt/offline-migration-reference.md | 4 +- .../usmt/understanding-migration-xml-files.md | 16 +-- .../deployment/usmt/usmt-best-practices.md | 2 +- .../deployment/usmt/usmt-configxml-file.md | 4 +- .../usmt/usmt-conflicts-and-precedence.md | 8 +- .../usmt/usmt-custom-xml-examples.md | 6 +- .../usmt/usmt-hard-link-migration-store.md | 2 +- .../usmt/usmt-include-files-and-settings.md | 18 +-- windows/deployment/usmt/usmt-log-files.md | 10 +- .../usmt/usmt-reroute-files-and-settings.md | 6 +- .../usmt/usmt-xml-elements-library.md | 122 +++++++++--------- .../deployment/usmt/xml-file-requirements.md | 6 +- .../use-vamt-in-windows-powershell.md | 2 +- .../windows-deployment-scenarios-and-tools.md | 4 +- .../additional-mitigations.md | 8 +- ...redential-guard-not-protected-scenarios.md | 10 +- .../credential-guard-scripts.md | 4 +- .../bitlocker/bitlocker-basic-deployment.md | 32 ++--- ...tlocker-how-to-deploy-on-windows-server.md | 12 +- .../bitlocker-how-to-enable-network-unlock.md | 2 +- .../bitlocker-recovery-guide-plan.md | 17 ++- ...ve-encryption-tools-to-manage-bitlocker.md | 30 ++--- ...nd-storage-area-networks-with-bitlocker.md | 18 +-- ...arding-to-assist-in-intrusion-detection.md | 5 +- ...r-policies-by-using-set-applockerpolicy.md | 2 +- ...to-end-ipsec-connections-by-using-ikev2.md | 6 +- ...-administration-with-windows-powershell.md | 76 +++++------ 50 files changed, 290 insertions(+), 292 deletions(-) diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index f5372d05f6..58a5040b72 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -196,7 +196,7 @@ Values: **CheckApplicability** -``` syntax +```xml @@ -223,7 +223,7 @@ Values: **Edition** -``` syntax +```xml @@ -241,7 +241,7 @@ Values: **LicenseKeyType** -``` syntax +```xml @@ -259,7 +259,7 @@ Values: **Status** -``` syntax +```xml @@ -277,7 +277,7 @@ Values: **UpgradeEditionWithProductKey** -``` syntax +```xml @@ -304,7 +304,7 @@ Values: **UpgradeEditionWithLicense** -``` syntax +```xml diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index ea9dd8e10a..ffd68aa965 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -39,7 +39,7 @@ Supported operations are Get and Replace. Enable logging of audit events. -``` syntax +```xml diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index aa221c4b9e..7ac4b1ff90 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -176,7 +176,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed 2. [Export the Start layout](#export-the-start-layout). 3. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows: - ``` syntax + ```xml ``` diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md index 5603c46bfa..4ea4c7f814 100644 --- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md +++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md @@ -462,7 +462,7 @@ Quick action buttons are locked down in exactly the same way as Settings pages/g You can specify the quick actions as follows: -``` syntax +```xml diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 299ba40be7..156e4af29b 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -241,7 +241,7 @@ Version identifies the version of the settings location template for administrat **Hint:** You can save notes about version changes using XML comment tags ``, for example: -``` syntax +```xml @@ -195,7 +195,7 @@ This table describes the behavior in the following example .xml file. -``` syntax +```xml File Migration Test @@ -231,7 +231,7 @@ This table describes the behavior in the following example .xml file. The behavior for this custom .xml file is described within the <`displayName`> tags in the code. -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 100e1e1f04..bbcdb94333 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -209,7 +209,7 @@ You must use the **/nocompress** option with the **/HardLink** option. The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 89b7d8fa3a..8d0ba60945 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -37,7 +37,7 @@ In this topic: The following .xml file migrates a single registry key. -``` syntax +```xml Component to migrate only registry value string @@ -63,7 +63,7 @@ The following examples show how to migrate a folder from a specific drive, and f - **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer. - ``` syntax + ```xml Component to migrate all Engineering Drafts Documents including subfolders @@ -82,7 +82,7 @@ The following examples show how to migrate a folder from a specific drive, and f - **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts. - ``` syntax + ```xml Component to migrate all Engineering Drafts Documents without subfolders @@ -103,7 +103,7 @@ The following examples show how to migrate a folder from a specific drive, and f The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated. -``` syntax +```xml Component to migrate all Engineering Drafts Documents folder on any drive on the computer @@ -123,7 +123,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated. -``` syntax +```xml Component to migrate all Engineering Drafts Documents EngineeringDrafts folder from where ever it exists on the C: drive @@ -146,7 +146,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer. -``` syntax +```xml All .mp3 files to My Documents @@ -176,7 +176,7 @@ The following examples show how to migrate a file from a specific folder, and ho - **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer. - ``` syntax + ```xml Component to migrate all Engineering Drafts Documents @@ -195,13 +195,13 @@ The following examples show how to migrate a file from a specific folder, and ho - **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the <pattern> element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated. - ``` syntax + ```xml C:\* [Sample.doc] ``` To migrate the Sample.doc file from any drive on the computer, use <script> as the following example shows. If multiple files exist with the same name, all files with this name are migrated. - ``` syntax + ```xml ``` diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index fad90a25bf..daba5ef2e2 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -294,7 +294,7 @@ To migrate these files you author the following migration XML: However, upon testing the migration you notice that the “New Text Document.txt” file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: -``` syntax +```xml @@ -315,13 +315,13 @@ Analysis of this XML section reveals the migunit that was created when the migra An analysis of the XML elements reference topic reveals that the <pattern> tag needs to be modified as follows: -``` syntax +```xml c:\data\* [*] ``` When the migration is preformed again with the modified tag, the diagnostic log reveals the following: -``` syntax +```xml @@ -396,7 +396,7 @@ You author the following migration XML: However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered: -``` syntax +```xml @@ -453,7 +453,7 @@ Upon reviewing the diagnostic log, you confirm that the files are still migratin Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log: -``` syntax +```xml diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index 4ea1caaac3..ea0c442a2a 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -31,7 +31,7 @@ In this topic: The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. -``` syntax +```xml Engineering Drafts Documents to Personal Folder @@ -60,7 +60,7 @@ The following custom .xml file migrates the directories and files from C:\\Engin The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer. -``` syntax +```xml All .mp3 files to My Documents @@ -88,7 +88,7 @@ The following custom .xml file reroutes .mp3 files located in the fixed drives o The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. -``` syntax +```xml Sample.doc into My Documents diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 13fcf0effc..d64010f54e 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -138,7 +138,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] @@ -212,7 +212,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] DWORD @@ -275,7 +275,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang] DWORD @@ -455,7 +455,7 @@ For example, In the code sample below, the <condition> elements, A and B, are joined together by the AND operator because they are in separate <conditions> sections. For example: -``` syntax +```xml A @@ -468,7 +468,7 @@ In the code sample below, the <condition> elements, A and B, are joined to However, in the code sample below, the <condition> elements, A and B, are joined together by the OR operator because they are in the same <conditions> section. -``` syntax +```xml A @@ -826,7 +826,7 @@ For example: ~~~ For example: -``` syntax +```xml MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","") ``` ~~~ @@ -914,7 +914,7 @@ For example: ~~~ For example: -``` syntax +```xml MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%") %CSIDL_FAVORITES%\* [*] @@ -1055,7 +1055,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml MigXmlHelper.IsNative64Bit() @@ -1152,13 +1152,13 @@ The following functions generate patterns out of the content of an object. These ~~~ For example: -``` syntax +```xml ``` and -``` syntax +```xml ``` ~~~ @@ -1243,7 +1243,7 @@ and ~~~ For example: -``` syntax +```xml @@ -1365,7 +1365,7 @@ The following functions change the content of objects as they are migrated. Thes ~~~ For example: -``` syntax +```xml HKCU\Control Panel\Desktop [ScreenSaveUsePassword] @@ -1622,7 +1622,7 @@ Syntax: The following code sample shows how the <description> element defines the "My custom component" description.: -``` syntax +```xml My custom component ``` @@ -1677,7 +1677,7 @@ Syntax: For example: -``` syntax +```xml HKCU\Software\Lotus\123\99.0\DDE Preferences\* [*] @@ -1807,7 +1807,7 @@ Syntax: The following example is from the MigApp.xml file. -``` syntax +```xml MigXmlHelper.DoesFileVersionMatch("%Lotus123InstPath%\123w.exe","ProductVersion","9.*") @@ -1878,7 +1878,7 @@ Syntax: For example: -``` syntax +```xml MigXmlHelper.DoesObjectExist("Registry","HKCU\Software\Adobe\Photoshop\8.0") @@ -1889,7 +1889,7 @@ For example: and -``` syntax +```xml @@ -1945,7 +1945,7 @@ Syntax: For example: -``` syntax +```xml Command Prompt settings ``` @@ -2012,7 +2012,7 @@ Syntax: In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example: -``` syntax +```xml @@ -2022,7 +2022,7 @@ In this scenario, you want to generate the location of objects at run time depen Then you can use an include rule as follows. You can use any of the [<script> functions](#scriptfunctions) to perform similar tasks. -``` syntax +```xml %INSTALLPATH%\ [*.xyz] @@ -2032,7 +2032,7 @@ Then you can use an include rule as follows. You can use any of the [<script& Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\]. -``` syntax +```xml @@ -2050,7 +2050,7 @@ Second, you can also filter registry values that contain data that you need. The In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following <include> rule in an .xml file: -``` syntax +```xml %SYSTEMDRIVE%\data\userdata\dir1\dir2 [File1.txt] @@ -2064,7 +2064,7 @@ In this scenario, you want to migrate five files named File1.txt, File2.txt, and Instead of typing the path five times, you can create a variable for the location as follows: -``` syntax +```xml %SYSTEMDRIVE%\data\userdata\dir1\dir2 @@ -2074,7 +2074,7 @@ Instead of typing the path five times, you can create a variable for the locatio Then, you can specify the variable in an <include> rule as follows: -``` syntax +```xml %DATAPATH% [File1.txt] @@ -2133,7 +2133,7 @@ Syntax: For example, from the MigUser.xml file: -``` syntax +```xml %CSIDL_MYMUSIC%\* [*] @@ -2190,7 +2190,7 @@ Syntax: Example: -``` syntax +```xml @@ -2297,7 +2297,7 @@ Syntax: For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the <component> element: -``` syntax +```xml doc @@ -2305,7 +2305,7 @@ For example, if you want to migrate all \*.doc files from the source computer, s is the same as specifying the following code below the <rules> element: -``` syntax +```xml @@ -2418,7 +2418,7 @@ Syntax: The following example is from the MigUser.xml file: -``` syntax +```xml My Video @@ -2501,7 +2501,7 @@ The following functions return a Boolean value. You can use them to migrate cert For example: - ``` syntax + ```xml %CSIDL_COMMON_VIDEO%\* [*] @@ -2517,7 +2517,7 @@ The following functions return a Boolean value. You can use them to migrate cert In the following example, HKCU\\Control Panel\\International \[Locale\] will be included in the store, but it will not be migrated to the destination computer: - ``` syntax + ```xml HKCU\Control Panel\International [Locale] @@ -2634,7 +2634,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] @@ -2695,7 +2695,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %CSIDL_APPDATA%\Microsoft\Office\ [Access10.pip] @@ -2740,7 +2740,7 @@ The following functions change the location of objects as they are migrated when ~~~ For example: -``` syntax +```xml HKCU\Keyboard Layout\Toggle [] @@ -2817,7 +2817,7 @@ For example: ~~~ For example: -``` syntax +```xml %CSIDL_COMMON_FAVORITES%\* [*] @@ -2923,7 +2923,7 @@ Syntax: The following example is from the MigUser.xml file: -``` syntax +```xml @@ -2948,7 +2948,7 @@ These functions control how collisions are resolved. For example: - ``` syntax + ```xml HKCU\Software\Microsoft\Office\9.0\PhotoDraw\ [MyPictures] @@ -3037,7 +3037,7 @@ These functions control how collisions are resolved. For example: - ``` syntax + ```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Publisher [UpgradeVersion] @@ -3097,7 +3097,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml ``` @@ -3138,7 +3138,7 @@ This filter helper function can be used to filter the migration of files based o -``` syntax +```xml File_size @@ -3194,7 +3194,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml %HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion] @@ -3230,7 +3230,7 @@ Syntax: The following example is from the MigUser.xml file: -``` syntax +```xml My Music @@ -3273,7 +3273,7 @@ This is an internal USMT element. Do not use this element. You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: -``` syntax +```xml C:\Folder\* [Sample.doc] ``` @@ -3336,13 +3336,13 @@ For example: - To migrate a single registry key: - ``` syntax + ```xml HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] ``` - To migrate the EngineeringDrafts folder and any subfolders from the C: drive: - ``` syntax + ```xml C:\EngineeringDrafts\* [*] ``` @@ -3352,13 +3352,13 @@ For example: - To migrate the Sample.doc file from C:\\EngineeringDrafts: - ``` syntax + ```xml C:\EngineeringDrafts\ [Sample.doc] ``` - To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. - ``` syntax + ```xml C:\* [Sample.doc] ``` @@ -3484,7 +3484,7 @@ Syntax: The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file: -``` syntax +```xml Start Menu @@ -3571,7 +3571,7 @@ Syntax: The following example is from the MigUser.xml file: -``` syntax +```xml My Music @@ -3679,7 +3679,7 @@ Examples: To migrate the Sample.doc file from any drive on the source computer, use <script> as follows. If multiple files exist with the same name, all such files will get migrated. -``` syntax +```xml ``` @@ -3744,7 +3744,7 @@ These functions return either a string or a pattern. ~~~ For example: -``` syntax +```xml @@ -3849,7 +3849,7 @@ If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called whil The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. -``` syntax +```xml @@ -3915,7 +3915,7 @@ This helper function invokes the document finder to scan the system for all file -``` syntax +```xml MigDocUser @@ -3942,7 +3942,7 @@ The following scripts have no return value. You can use the following errors wit - **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: - ``` syntax + ```xml @@ -3952,7 +3952,7 @@ The following scripts have no return value. You can use the following errors wit - **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example: - ``` syntax + ```xml @@ -3960,7 +3960,7 @@ The following scripts have no return value. You can use the following errors wit - **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example: - ``` syntax + ```xml @@ -3970,7 +3970,7 @@ The following scripts have no return value. You can use the following errors wit - **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example: - ``` syntax + ```xml @@ -4020,7 +4020,7 @@ Syntax: For example: -``` syntax +```xml %CSIDL_COMMON_APPDATA%\QuickTime @@ -4045,7 +4045,7 @@ Syntax: The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md). -``` syntax +```xml Test @@ -4116,7 +4116,7 @@ Syntax: The following example is from the MigApp.xml file: -``` syntax +```xml HKLM\Software @@ -4168,7 +4168,7 @@ Syntax: For example: -``` syntax +```xml 4.* ``` diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index 8baca0f103..89576c00a4 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -20,20 +20,20 @@ When creating custom .xml files, note the following requirements: - **The file must be in Unicode Transformation Format-8 (UTF-8).** You must save the file in this format, and you must specify the following syntax at the beginning of each .xml file: - ``` syntax + ```xml ``` - **The file must have a unique migration urlid**. The urlid of each file that you specify on the command line must be different. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following syntax at the beginning of each file: - ``` syntax + ```xml ``` - **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This is because the Config.xml file defines the components by the display name and the migration urlid. For example, specify the following syntax: - ``` syntax + ```xml My Application ``` diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index 034bbfc2c8..cc4e0d99a9 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -36,7 +36,7 @@ The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to p cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” ``` - Import the VAMT PowerShell module. To import the module, type the following at a command prompt: - ``` syntax + ```powershell Import-Module .\VAMT.psd1 ``` Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index dfab99ad78..31a483c26e 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -43,7 +43,7 @@ Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS In Windows 10, you can use Windows PowerShell for many of the functions performed by DISM.exe. The equivalent command in Windows 10 using PowerShell is: -``` syntax +```powershell Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All -Source D:\Sources\SxS -LimitAccess ``` @@ -132,7 +132,7 @@ Figure 6. The updated Volume Activation Management Tool. VAMT also can be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office 2010 and Office 2013 volume activation. VAMT also supports PowerShell (instead of the old command-line tool). For example, if you want to get information from the VAMT database, you can type: -``` syntax +```powershell Get-VamtProduct ``` diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index c67ea0ab51..870cc58a84 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -71,7 +71,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t **Enrolling devices in a certificate** Run the following command: -``` syntax +```powershell CertReq -EnrollCredGuardCert MachineAuthentication ``` @@ -87,7 +87,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\get-IssuancePolicy.ps1 –LinkedToGroup:All ``` @@ -96,7 +96,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" ``` @@ -143,7 +143,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index 2e1a83d9b7..582af34a67 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -96,7 +96,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t **Enrolling devices in a certificate** Run the following command: -``` syntax +```powershell CertReq -EnrollCredGuardCert MachineAuthentication ``` @@ -112,7 +112,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\get-IssuancePolicy.ps1 –LinkedToGroup:All ``` @@ -121,7 +121,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro - The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. From a Windows PowerShell command prompt, run the following command: - ``` syntax + ```powershell .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" ``` @@ -172,7 +172,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## @@ -363,7 +363,7 @@ write-host "There are no issuance policies which are not mapped to groups" Save the script file as set-IssuancePolicyToGroupLink.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index 0b6d13f777..dae9193c68 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -25,7 +25,7 @@ Here is a list of scripts mentioned in this topic. Save this script file as get-IssuancePolicy.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## @@ -216,7 +216,7 @@ write-host "There are no issuance policies which are not mapped to groups" Save the script file as set-IssuancePolicyToGroupLink.ps1. -``` syntax +```powershell ####################################### ## Parameters to be defined ## ## by the user ## diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 8029b9b1b9..acd70ac9ea 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -206,7 +206,7 @@ This command returns the volumes on the target, current encryption status and vo For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process. -``` syntax +```powershell manage-bde –protectors -add C: -startupkey E: manage-bde -on C: ``` @@ -237,7 +237,7 @@ Data volumes use the same syntax for encryption as operating system volumes but A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on. -``` syntax +```powershell manage-bde -protectors -add -pw C: manage-bde -on C: ``` @@ -382,13 +382,13 @@ Occasionally, all protectors may not be shown when using Get-BitLockerVo If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below: -``` syntax +```powershell $vol = Get-BitLockerVolume $keyprotectors = $vol.KeyProtector ``` Using this, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector. Using this information, we can then remove the key protector for a specific volume using the command: -``` syntax +```powershell Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" ``` > **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command. @@ -398,19 +398,19 @@ Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell. To enable BitLocker with just the TPM protector. This can be done using the command: -``` syntax +```powershell Enable-BitLocker C: ``` The example below adds one additional protector, the StartupKey protectors, and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot. -``` syntax +```powershell Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTest ``` ### Data volume Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins. -``` syntax +```powershell $pw = Read-Host -AsSecureString Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw @@ -423,12 +423,12 @@ The ADAccountOrGroup protector is an Active Directory SID-based protector. This To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G. -``` syntax +```powershell Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator ``` For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command: -``` syntax +```powershell get-aduser -filter {samaccountname -eq "administrator"} ``` > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature. @@ -437,7 +437,7 @@ get-aduser -filter {samaccountname -eq "administrator"} In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command: -``` syntax +```powershell Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "" ``` > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes. @@ -469,7 +469,7 @@ Administrators who prefer a command line interface can utilize manage-bde to che To check the status of a volume using manage-bde, use the following command: -``` syntax +```powershell manage-bde -status ``` > **Note:**  If no volume letter is associated with the -status command, all volumes on the computer display their status. @@ -480,7 +480,7 @@ Windows PowerShell commands offer another way to query BitLocker status for volu Using the Get-BitLockerVolume cmdlet, each volume on the system will display its current BitLocker status. To get information that is more detailed on a specific volume, use the following command: -``` syntax +```powershell Get-BitLockerVolume -Verbose | fl ``` This command will display information about the encryption method, volume type, key protectors, etc. @@ -506,12 +506,12 @@ Once decryption is complete, the drive will update its status in the control pan Decrypting volumes using manage-bde is very straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is: -``` syntax +```powershell manage-bde -off C: ``` This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If a user wishes to check the status of the decryption, they can use the following command: -``` syntax +```powershell manage-bde -status C: ``` ### Decrypting volumes using the BitLocker Windows PowerShell cmdlets @@ -520,12 +520,12 @@ Decryption with Windows PowerShell cmdlets is straightforward, similar to manage Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is: -``` syntax +```powershell Disable-BitLocker ``` If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is: -``` syntax +```powershell Disable-BitLocker -MountPoint E:,F:,G: ``` ## See also diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 70ba14d6a6..f8d1a6e1f9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -52,14 +52,14 @@ The `servermanager` Windows PowerShell module can use either the `Install-Window By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell. -``` syntax +```powershell Install-WindowsFeature BitLocker -WhatIf ``` The results of this command show that only the BitLocker Drive Encryption feature installs using this command. To see what would be installed with the BitLocker feature including all available management tools and sub-features, use the following command: -``` syntax +```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl ``` @@ -75,7 +75,7 @@ The result of this command displays the following list of all the administration The command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion is: -``` syntax +```powershell Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart ``` @@ -85,7 +85,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools - The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system. -``` syntax +```powershell Get-WindowsOptionalFeature -Online | ft ``` @@ -93,13 +93,13 @@ From this output, we can see that there are three BitLocker related optional fea To install BitLocker using the `dism` module, use the following command: -``` syntax +```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All ``` This command will prompt the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: -``` syntax +```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All ``` ## More information diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 6545ca0992..49b3e4f60f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -313,7 +313,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Verify the clients were rebooted after applying the policy. - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer: - ``` syntax + ```powershell manage-bde –protectors –get C: ``` >**Note:** Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index f21beec5e9..bde16da8e3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -278,26 +278,25 @@ You can reset the recovery password in two ways: 1. Remove the previous recovery password - ``` syntax + ```powershell Manage-bde –protectors –delete C: –type RecoveryPassword ``` 2. Add the new recovery password - ``` syntax + ```powershell Manage-bde –protectors –add C: -RecoveryPassword - ``` 3. Get the ID of the new recovery password. From the screen copy the ID of the recovery password. - ``` syntax + ```powershell Manage-bde –protectors –get C: -Type RecoveryPassword - ``` + 4. Backup the new recovery password to AD DS - ``` syntax + ```powershell Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692} ``` >**Warning:**  You must include the braces in the ID string. @@ -315,7 +314,7 @@ You can reset the recovery password in two ways: You can use the following sample script to create a VBScript file to reset the recovery passwords. -``` syntax +```vb ' Target drive letter strDriveLetter = "c:" ' Target computer name @@ -404,7 +403,7 @@ The following sample script exports all previously-saved key packages from AD D You can use the following sample script to create a VBScript file to retrieve the BitLocker key package from AD DS. -``` syntax +```vb ' -------------------------------------------------------------------------------- ' Usage ' -------------------------------------------------------------------------------- @@ -551,7 +550,7 @@ The following sample script exports a new key package from an unlocked, encrypte **cscript GetBitLockerKeyPackage.vbs -?** -``` syntax +```vb ' -------------------------------------------------------------------------------- ' Usage ' -------------------------------------------------------------------------------- diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 30fea18843..20ab73acfb 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -46,7 +46,7 @@ Listed below are examples of basic valid commands for operating system volumes. A good practice when using manage-bde is to determine the volume status on the target system. Use the following command to determine volume status: -``` syntax +```powershell manage-bde -status ``` This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume: @@ -55,7 +55,7 @@ This command returns the volumes on the target, current encryption status, encry The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process. -``` syntax +```powershell manage-bde –protectors -add C: -startupkey E: manage-bde -on C: ``` @@ -64,7 +64,7 @@ manage-bde -on C: An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command: -``` syntax +```powershell manage-bde -protectors -add C: -pw -sid ``` @@ -72,13 +72,13 @@ This command will require you to enter and then confirm the password protector b On computers with a TPM it is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is: -``` syntax +```powershell manage-bde -on C: ``` This will encrypt the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command: -``` syntax +```powershell manage-bde -protectors -get ``` ### Using manage-bde with data volumes @@ -87,7 +87,7 @@ Data volumes use the same syntax for encryption as operating system volumes but A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on. -``` syntax +```powershell manage-bde -protectors -add -pw C: manage-bde -on C: ``` @@ -257,7 +257,7 @@ If you want to remove the existing protectors prior to provisioning BitLocker on A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below: -``` syntax +```powershell $vol = Get-BitLockerVolume $keyprotectors = $vol.KeyProtector ``` @@ -266,7 +266,7 @@ Using this, you can display the information in the $keyprotectors variable to de Using this information, you can then remove the key protector for a specific volume using the command: -``` syntax +```powershell Remove-BitLockerKeyProtector : -KeyProtectorID "{GUID}" ``` @@ -278,13 +278,13 @@ Using the BitLocker Windows PowerShell cmdlets is similar to working with the ma The following example shows how to enable BitLocker on an operating system drive using only the TPM protector: -``` syntax +```powershell Enable-BitLocker C: - ``` + In the example below, adds one additional protector, the StartupKey protector and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot. -``` syntax +```powershell Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTest ``` @@ -293,7 +293,7 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath -SkipHardwareTes Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. -``` syntax +```powershell $pw = Read-Host -AsSecureString Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw @@ -306,7 +306,7 @@ The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2 To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G. -``` syntax +```powershell Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator ``` @@ -314,7 +314,7 @@ For users who wish to use the SID for the account or group, the first step is to >**Note:**  Use of this command requires the RSAT-AD-PowerShell feature. -``` syntax +```powershell get-aduser -filter {samaccountname -eq "administrator"} ``` @@ -322,7 +322,7 @@ get-aduser -filter {samaccountname -eq "administrator"} The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account: -``` syntax +```powershell Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500 ``` diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index e19f192e4c..01c9fe213f 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -66,13 +66,13 @@ BitLocker encryption is available for disks before or after addition to a cluste 2. Ensure the disk is formatted NTFS and has a drive letter assigned to it. 3. Identify the name of the cluster with Windows PowerShell. - ``` syntax + ```powershell Get-Cluster - ``` + 4. Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as: - ``` syntax + ```powershell Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` @@ -88,32 +88,32 @@ When the cluster service owns a disk resource already, it needs to be set into m 1. Install the BitLocker Drive Encryption feature if it is not already installed. 2. Check the status of the cluster disk using Windows PowerShell. - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" ``` 3. Put the physical disk resource into maintenance mode using Windows PowerShell. - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" | Suspend-ClusterResource ``` 4. Identify the name of the cluster with Windows PowerShell. - ``` syntax + ```powershell Get-Cluster ``` 5. Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as: - ``` syntax + ```powershell Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$ ``` >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster. 6. Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode: - ``` syntax + ```powershell Get-ClusterResource "Cluster Disk 1" | Resume-ClusterResource ``` @@ -146,7 +146,7 @@ You can also use manage-bde to enable BitLocker on clustered volumes. The steps 6. Once the disk is online in the storage pool, it can be added to a CSV by right clicking on the disk resource and choosing "**Add to cluster shared volumes**". CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below. -``` syntax +```powershell manage-bde -status "C:\ClusterStorage\volume1" ``` diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 44a4ae63d3..300f56c569 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -413,7 +413,7 @@ Here are the minimum steps for WEF to operate: ## Appendix E – Annotated baseline subscription event query -``` syntax +```xml @@ -578,8 +578,7 @@ Here are the minimum steps for WEF to operate: ## Appendix F – Annotated Suspect Subscription Event Query -``` syntax - +```xml diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 7ee34ff838..575ad0d393 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -41,6 +41,6 @@ You can also manually merge AppLocker policies. For the procedure to do this, se Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. -``` syntax +```powershell C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge ``` diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 9c6966b525..5ded02bd51 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -80,7 +80,7 @@ This script does the following: Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell # Create a Security Group for the computers that will get the policy $pathname = (Get-ADDomain).distinguishedname New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" ` @@ -120,7 +120,7 @@ Use a Windows PowerShell script similar to the following to create a local IPsec Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell #Set up the certificate $certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA" $myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop @@ -173,7 +173,7 @@ Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections: 6. Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file: - ``` syntax + ```xml ERROR_IPSEC_IKE_NO_CERT 32 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 79ee3e58bd..4daaa5d367 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -67,7 +67,7 @@ netsh advfirewall set allprofiles state on **Windows PowerShell** -``` syntax +```powershell Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True ``` @@ -88,7 +88,7 @@ netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFile Windows PowerShell -``` syntax +```powershell Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log ``` @@ -140,7 +140,7 @@ netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow ``` @@ -157,7 +157,7 @@ netsh advfirewall firewall add rule name="Block Outbound Telnet" dir=out program Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe –Protocol TCP –LocalPort 23 -Action Block –PolicyStore domain.contoso.com\gpo_name ``` @@ -169,7 +169,7 @@ The following performs the same actions as the previous example (by adding a Tel Windows PowerShell -``` syntax +```powershell $gpo = Open-NetGPO –PolicyStore domain.contoso.com\gpo_name New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\telnet.exe –Protocol TCP –LocalPort 23 -Action Block –GPOSession $gpo Save-NetGPO –GPOSession $gpo @@ -191,7 +191,7 @@ netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2 Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2 ``` @@ -205,7 +205,7 @@ In the following example, we assume the query returns a single firewall rule, wh Windows PowerShell -``` syntax +```powershell Get-NetFirewallPortFilter | ?{$_.LocalPort -eq 80} | Get-NetFirewallRule | ?{ $_.Direction –eq “Inbound” -and $_.Action –eq “Allow”} | Set-NetFirewallRule -RemoteAddress 192.168.0.2 ``` @@ -213,7 +213,7 @@ You can also query for rules using the wildcard character. The following example Windows PowerShell -``` syntax +```powershell Get-NetFirewallApplicationFilter -Program "*svchost*" | Get-NetFirewallRule ``` @@ -223,7 +223,7 @@ In the following example, we add both inbound and outbound Telnet firewall rules Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” ``` @@ -232,7 +232,7 @@ If the group is not specified at rule creation time, the rule can be added to th Windows PowerShell -``` syntax +```powershell $rule = Get-NetFirewallRule -DisplayName “Allow Inbound Telnet” $rule.Group = “Telnet Management” $rule | Set-NetFirewallRule @@ -250,7 +250,7 @@ netsh advfirewall firewall set rule group="Windows Defender Firewall remote mana Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” –Enabled True ``` @@ -258,7 +258,7 @@ There is also a separate `Enable-NetFirewallRule` cmdlet for enabling rules by g Windows PowerShell -``` syntax +```powershell Enable-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” -Verbose ``` @@ -276,7 +276,7 @@ netsh advfirewall firewall delete rule name=“Allow Web 80” Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Allow Web 80” ``` @@ -284,7 +284,7 @@ Like with other cmdlets, you can also query for rules to be removed. Here, all b Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –Action Block ``` @@ -292,7 +292,7 @@ Note that it may be safer to query the rules with the **Get** command and save i Windows PowerShell -``` syntax +```powershell $x = Get-NetFirewallRule –Action Block $x $x[0-3] | Remove-NetFirewallRule @@ -306,7 +306,7 @@ The following example returns all firewall rules of the persistent store on a de Windows PowerShell -``` syntax +```powershell Get-NetFirewallRule –CimSession RemoteDevice ``` @@ -314,7 +314,7 @@ We can perform any modifications or view rules on remote devices by simply usin Windows PowerShell -``` syntax +```powershell $RemoteSession = New-CimSession –ComputerName RemoteDevice Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm ``` @@ -342,7 +342,7 @@ netsh advfirewall consec add rule name="Require Inbound Authentication" endpoint Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -PolicyStore domain.contoso.com\gpo_name ``` @@ -365,7 +365,7 @@ netsh advfirewall consec add rule name="Require Outbound Authentication" endpoin Windows PowerShell -``` syntax +```powershell $AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP –AHHash SHA1 -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “ah:sha1+esp:sha1-des3” -Proposal $AHandESPQM –PolicyStore domain.contoso.com\gpo_name New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name –PolicyStore domain.contoso.com\gpo_name @@ -379,7 +379,7 @@ You can leverage IKEv2 capabilities in Windows Server 2012 by simply specifying Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway ``` @@ -395,7 +395,7 @@ Copying individual rules is a task that is not possible through the Netsh interf Windows PowerShell -``` syntax +```powershell $Rule = Get-NetIPsecRule –DisplayName “Require Inbound Authentication” $Rule | Copy-NetIPsecRule –NewPolicyStore domain.costoso.com\new_gpo_name $Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name @@ -407,7 +407,7 @@ To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAc Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98” –ErrorAction SilentlyContinue ``` @@ -415,7 +415,7 @@ Note that the use of wildcards can also suppress errors, but they could potentia Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” ``` @@ -423,7 +423,7 @@ When using wildcards, if you want to double-check the set of rules that is match Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –WhatIf ``` @@ -431,7 +431,7 @@ If you only want to delete some of the matched rules, you can use the *–Confir Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Confirm ``` @@ -439,7 +439,7 @@ You can also just perform the whole operation, displaying the name of each rule Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Verbose ``` @@ -457,7 +457,7 @@ netsh advfirewall consec show rule name=all Windows PowerShell -``` syntax +```powershell Show-NetIPsecRule –PolicyStore ActiveStore ``` @@ -473,7 +473,7 @@ netsh advfirewall monitor show mmsa all Windows PowerShell -``` syntax +```powershell Get-NetIPsecMainModeSA ``` @@ -485,7 +485,7 @@ For objects that come from a GPO (the *–PolicyStoreSourceType* parameter is sp Windows PowerShell -``` syntax +```powershell Get-NetIPsecRule –DisplayName “Require Inbound Authentication” –TracePolicyStore ``` @@ -506,7 +506,7 @@ netsh advfirewall consec add rule name=“Basic Domain Isolation Policy” profi Windows PowerShell -``` syntax +```powershell $kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation @@ -524,7 +524,7 @@ netsh advfirewall consec add rule name="Tunnel from 192.168.0.0/16 to 192.157.0. Windows PowerShell -``` syntax +```powershell $QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3” -Proposal $QMProposal New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name @@ -548,7 +548,7 @@ netsh advfirewall firewall add rule name="Allow Authenticated Telnet" dir=in pro Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Authenticated Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -Authentication Required -Action Allow ``` @@ -562,7 +562,7 @@ netsh advfirewall consec add rule name="Authenticate Both Computer and User" end Windows PowerShell -``` syntax +```powershell $mkerbauthprop = New-NetIPsecAuthProposal -Machine –Kerberos $mntlmauthprop = New-NetIPsecAuthProposal -Machine -NTLM $P1Auth = New-NetIPsecPhase1AuthSet -DisplayName “Machine Auth” –Proposal $mkerbauthprop,$mntlmauthprop @@ -593,7 +593,7 @@ The following example shows you how to create an SDDL string that represents sec Windows PowerShell -``` syntax +```powershell $user = new-object System.Security.Principal.NTAccount (“corp.contoso.com\Administrators”) $SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value $secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)" @@ -603,7 +603,7 @@ By using the previous scriptlet, you can also get the SDDL string for a secure c Windows PowerShell -``` syntax +```powershell $secureMachineGroup = "D:(A;;CC;;;$SIDofSecureMachineGroup)" ``` @@ -622,7 +622,7 @@ netsh advfirewall firewall add rule name=“Allow Encrypted Inbound Telnet to Gr Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName "Allow Encrypted Inbound Telnet to Group Members Only" -Program %SystemRoot%\System32\tlntsvr.exe -Protocol TCP -Direction Inbound -Action Allow -LocalPort 23 -Authentication Required -Encryption Required –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\Server_Isolation ``` @@ -634,7 +634,7 @@ In this example, we set the global IPsec setting to only allow transport mode tr Windows PowerShell -``` syntax +```powershell Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGroup ``` @@ -653,7 +653,7 @@ netsh advfirewall firewall add rule name="Inbound Secure Bypass Rule" dir=in sec Windows PowerShell -``` syntax +```powershell New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation ``` From ce42927cabd759d49fed0c22b302e44e586b2c0d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 11:49:39 +0530 Subject: [PATCH 121/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index 4ddd16a1f3..c85241effb 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -58,7 +58,7 @@ This can only be done in Group Policy. 1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +2. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. From 5c507fb6bf8243eb1af1bb026072a64840f3c8ee Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 11:50:19 +0530 Subject: [PATCH 122/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index c85241effb..cb14c4f7bd 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -77,7 +77,6 @@ This can only be done in Group Policy. >[!IMPORTANT] - >### Requirements > >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. From febe7c706ae43898a0d1aef263195d325e89ef6e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Jul 2019 11:51:12 +0530 Subject: [PATCH 123/395] Update windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md agreed Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../windows-defender-security-center/wdsc-hide-notifications.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index cb14c4f7bd..67bbc627e5 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -76,7 +76,6 @@ You can hide all notifications that are sourced from the Windows Security app. T This can only be done in Group Policy. >[!IMPORTANT] - >### Requirements > >You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. From 59dc426cb9a9f20946d8ede98b9cee68fcd40d03 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 19 Jul 2019 09:54:18 +0500 Subject: [PATCH 124/395] Data protection for user profile data As the user has reported that if user profile data is in any other drive instead of Windows installed profile location WDAG give an error. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4377 --- .../enable-controlled-folders-exploit-guard.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 29ed15335f..938a3a3512 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -53,6 +53,8 @@ For more information about disabling local list merging, see [Prevent or allow u >If controlled folder access is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device. >If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**. +>If you are protecting user profile data, it is recommended that user profile should be on default Windows installation drive. + ## Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. From 9744468a7a4843e3cc28426d833e05f14e96ef0e Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 19 Jul 2019 11:27:14 +0500 Subject: [PATCH 125/395] Google Drive Config for WIP Added a use case where user can block Google Drive not to sync WIP protected files. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4342 --- .../testing-scenarios-for-wip.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 08af5d2456..c076d6d52c 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -172,6 +172,17 @@ You can try any of the processes included in these scenarios, but you should foc + + Stop Google Drive to sync WIP protected files and folders. + +
    +
  • In silent configuration add Google Drive in Protected Apps and set it to Deny. This way Google Drive will not sync WIP protected files and folders.
    • +
  • Google Drive details
    • + Publisher=O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US + File=GOOGLEDRIVESYNC.EXE +
+ + >[!NOTE] From 4d6191054dd6c7718c0e5364670e8962427bf57c Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 20 Jul 2019 00:14:24 +0500 Subject: [PATCH 126/395] Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../windows-information-protection/testing-scenarios-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index c076d6d52c..48b64f7054 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -173,7 +173,7 @@ You can try any of the processes included in these scenarios, but you should foc - Stop Google Drive to sync WIP protected files and folders. + Stop Google Drive from syncing WIP protected files and folders. + + Stop Google Drive from syncing WIP protected files and folders. + +
    +
  • In silent configuration, add Google Drive to Protected Apps and set it to Deny. This way, Google Drive will not sync WIP protected files and folders.
    • +
  • Google Drive details
    • + Publisher=O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US + File=GOOGLEDRIVESYNC.EXE +
+ + >[!NOTE] diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index c5c5466214..d72c39898d 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -39,6 +39,26 @@ To complete this procedure, you must be logged on as a member of the built-in Ad - To audit failure events, click **Fail.** - To audit all events, click **All.** + + +6. In the **Applies to** box, select the object(s) that the audit of events will apply to. These include: + + - **This folder only** + - **This folder, subfolders and files** + - **This folder and subfolders** + - **This folder and files** + - **Subfolders and files only** + - **Subfolders only** + - **Files only** + +7. By default, the selected **Basic Permissions** to audit are the following: + - **Read and execute** + - **List folder contents** + - **Read** + - Additionally, you can choose **Full control**, **Modify**, and/or **Write** permissions with your selected audit combination. + + + > **Important:**  Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.   ## Additional considerations diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index 163c584492..2ca7cca35a 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -30,9 +30,9 @@ There is no example of this event in this document. ***Event Schema:*** -*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. * +*Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.* -*Number of audit messages discarded: %1 * +*Number of audit messages discarded: %1* *This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.* diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index be8925c8ba..9231f28b82 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -48,7 +48,7 @@ It appears that this event never occurs. *LPC Server Port Name:%6* -*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel." * +*Windows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA’s use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel."* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index f3c3ed088b..2ca7e8267c 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -138,7 +138,7 @@ This event generates when a logon session is created (on destination machine). I - **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.” -**Logon Information** \[Version 2\]**: ** +**Logon Information** \[Version 2\]**:** - **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 95a2dfe34f..45dcd000c9 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -142,7 +142,7 @@ Before this event can generate, certain ACEs might need to be set in the object - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 8e1fe42fab..94d84a85cf 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -151,7 +151,7 @@ This event generates every time a new process starts. - **New Process Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the new process. -- **Token Elevation Type** \[Type = UnicodeString\]**: ** +- **Token Elevation Type** \[Type = UnicodeString\]**:** - **TokenElevationTypeDefault (1):** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index f9b06a7a3b..f78b83ef3c 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were assigned. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**New Right: ** +**New Right:** - **User Right** \[Type = UnicodeString\]: the list of assigned user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index d009b73786..09c240e026 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -99,7 +99,7 @@ You will see unique event for every user. - **Account Name** \[Type = SID\]: the SID of security principal for which user rights were removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Removed Right: ** +**Removed Right:** - **User Right** \[Type = UnicodeString\]: the list of removed user rights. This event generates only for *user* rights, not logon rights. Here is the list of possible user rights: diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 38d46d5ace..c51f51c999 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -100,7 +100,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - **New Security Descriptor** \[Type = UnicodeString\]**:** new Security Descriptor Definition Language (SDDL) value for the audit policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index f04223bd5b..13f2c744aa 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were granted to mu - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was granted. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Granted: ** +**Access Granted:** - **Access Right** \[Type = UnicodeString\]: the name of granted logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a86f9f5168..9bb398d835 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -99,7 +99,7 @@ You will see unique event for every user if logon user rights were removed for m - **Account Name** \[Type = SID\]: the SID of the security principal for which logon right was removed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -**Access Removed: ** +**Access Removed:** - **Access Right** \[Type = UnicodeString\]: the name of removed logon right. This event generates only for [logon rights](https://technet.microsoft.com/library/cc728212(v=ws.10).aspx), which are as follows: diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 8597d956a6..faa3dcf853 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -266,7 +266,7 @@ For 4738(S): A user account was changed. |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Display Name**
**User Principal Name**
**Home Directory**
**Home Drive**
**Script Path**
**Profile Path**
**User Workstations**
**Password Last Set**
**Account Expires**
**Primary Group ID
Logon Hours** | We recommend monitoring all changes for these fields for critical domain and local accounts. | | **Primary Group ID** is not 513 | Typically, the **Primary Group** value is 513 for domain and local users. Other values should be monitored. | -| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For user accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on user accounts that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following user account control flags: diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 22ae105d96..b39135ee00 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -276,7 +276,7 @@ For 4742(S): A computer account was changed. | **Display Name** is not -
**User Principal Name** is not -
**Home Directory** is not -
**Home Drive** is not -
**Script Path** is not -
**Profile Path** is not -
**User Workstations** is not -
**Account Expires** is not -
**Logon Hours** is not **-** | Typically these fields are **-** for computer accounts. Other values might indicate an anomaly and should be monitored. | | **Password Last Set** changes occur more often than usual | Changes that are more frequent than the default (typically once a month) might indicate an anomaly or attack. | | **Primary Group ID** is not 516, 521, or 515 | Typically, the **Primary Group ID** value is one of the following:
**516** for domain controllers
**521** for read only domain controllers (RODCs)
**515** for servers and workstations (domain computers)
Other values should be monitored. | -| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set> ** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | +| For computer accounts for which the services list (on the **Delegation** tab) should not be empty: **AllowedToDelegateTo** is marked **<value not set>** | If **AllowedToDelegateTo** is marked **<value not set>** on computers that previously had a services list (on the **Delegation** tab), it means the list was cleared. | | **SID History** is not - | This field will always be set to - unless the account was migrated from another domain. | - Consider whether to track the following account control flags: diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 74ffbb09b0..efdf01da8a 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -116,7 +116,7 @@ Separate events will be generated for “Registry” and “File system” polic | Job | Port | FilterConnectionPort | | | ALPC Port | Semaphore | Adapter | | -- **Object Name: ** +- **Object Name:** - Key – if “Registry” Global Object Access Auditing policy was changed. @@ -128,7 +128,7 @@ Separate events will be generated for “Registry” and “File system” polic - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the Global Object Access Auditing policy. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index e62c824d10..62ced88fe8 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -44,7 +44,7 @@ There is no example of this event in this document. *Security ID:%7* -*New Flags:%8 * +*New Flags:%8* ***Required Server Roles:*** Active Directory domain controller. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index f74c140ce4..34454c6d14 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -159,7 +159,7 @@ This event doesn't generate for Active Directory objects. - **New Security Descriptor** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for the object. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index cc73362f36..d385a72649 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -152,7 +152,7 @@ Resource attributes for file or folder can be changed, for example, using Window - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new resource attributes. See more information in **Resource Attributes\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index f8dcd9f29b..3be7e9bec3 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -156,7 +156,7 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi - **New Security Descriptor** \[Type = UnicodeString\]**:** the Security Descriptor Definition Language (SDDL) value for the new Central Policy ID (for the policy that has been applied to the object). See more information in **Central Policy ID\\Original Security Descriptor** field section for this event. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index 81e6052b16..c7f46521ae 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -141,7 +141,7 @@ This event generates every time network share object was modified. - **New SD** \[Type = UnicodeString\]**:** the new Security Descriptor Definition Language (SDDL) value for network share security descriptor. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 696faaadce..f5ec73669e 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -177,7 +177,7 @@ REQUESTED\_ACCESS: RESULT ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS. - ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS: the Security Descriptor Definition Language (SDDL) value for Access Control Entry (ACE), which granted or denied access. -> **Note**  The ** Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. +> **Note**  The **Security Descriptor Definition Language (SDDL)** defines string elements for enumerating information contained in the security descriptor. > > Example: > diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 4d84e4bb68..c1f8d98680 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 25faaeb212..699a093def 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -52,7 +52,7 @@ There is no example of this event in this document. > > *Layer Name:%9* > -> *Layer Run-Time ID:%10 * +> *Layer Run-Time ID:%10* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index d018fdee5e..7a379132bc 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -30,7 +30,7 @@ There is no example of this event in this document. *BranchCache: Received an incorrectly formatted response while discovering availability of content.* -*IP address of the client that sent this response:%1 * +*IP address of the client that sent this response:%1* ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 9f647bcec8..1ce4c083dd 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Received invalid data from a peer. Data discarded. * +*BranchCache: Received invalid data from a peer. Data discarded.* *IP address of the client that sent this data:%1* diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 5002d2167c..dde20455d3 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The message to the hosted cache offering it data is incorrectly formatted. * +*BranchCache: The message to the hosted cache offering it data is incorrectly formatted.* *IP address of the client that sent this message: %1* diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 29629cb6a7..e8020581ad 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data. * +*BranchCache: The hosted cache sent an incorrectly formatted response to the client’s message to offer it data.* *Domain name of the hosted cache is:%1* diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index 0505b241b2..43228f26be 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. * +*BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.* *Domain name of the hosted cache:%1* diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 8f28ea3891..e1f76dbf69 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -28,7 +28,7 @@ There is no example of this event in this document. ***Event Schema:*** -*BranchCache: A service connection point object could not be parsed. * +*BranchCache: A service connection point object could not be parsed.* *SCP object GUID: %1* diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 05cbed96aa..97a809c8de 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -141,7 +141,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf **[Microsoft Threat Protection](microsoft-defender-atp/threat-protection-integration.md)**
Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization. - [Conditional access](microsoft-defender-atp/conditional-access.md) -- [O365 ATP](microsoft-defender-atp/threat-protection-integration.md) +- [Office 365 ATP](microsoft-defender-atp/threat-protection-integration.md) - [Azure ATP](microsoft-defender-atp/threat-protection-integration.md) - [Azure Security Center](microsoft-defender-atp/threat-protection-integration.md) - [Skype for Business](microsoft-defender-atp/threat-protection-integration.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index a3455dcc67..0379951dbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -58,10 +58,10 @@ The Windows Defender AV threat severity represents the absolute severity of the The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization. So, for example: -- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred. -- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. -- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". -- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. +- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred. +- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat. +- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High". +- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations. #### Understanding alert categories We've redefined the alert categories to align to the [enterprise attack tactics](https://attack.mitre.org/tactics/enterprise/) in the [MITRE ATT&CK matrix](https://attack.mitre.org/). New category names apply to all new alerts. Existing alerts will retain the previous category names. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index d12bc037b7..bdc69b1a68 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -1,6 +1,8 @@ --- title: Configure managed security service provider support -description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP + +description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP + keywords: managed security service provider, mssp, configure, integration search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -21,9 +23,11 @@ ms.date: 09/03/2018 # Configure managed security service provider integration **Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) + [!include[Prerelease information](prerelease.md)] @@ -35,19 +39,23 @@ You'll need to take the following configuration steps to enable the managed secu > - MSSP customers: Organizations that engage the services of MSSPs. The integration will allow MSSPs to take the following actions: -- Get access to MSSP customer's Microsoft Defender Security Center portal + +- Get access to MSSP customer's Windows Defender Security Center portal - Get email notifications, and - Fetch alerts through security information and event management (SIEM) tools -Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal. +Before MSSPs can take these actions, the MSSP customer will need to grant access to their Windows Defender ATP tenant so that the MSSP can access the portal. + Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP. In general, the following configuration steps need to be taken: -- **Grant the MSSP access to Microsoft Defender Security Center**
-This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant. + +- **Grant the MSSP access to Windows Defender Security Center**
+This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Windows Defender ATP tenant. + - **Configure alert notifications sent to MSSPs**
This action can be taken by either the MSSP customer or MSSP. This lets the MSSPs know what alerts they need to address for the MSSP customer. @@ -61,31 +69,36 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs. ## Grant the MSSP access to the portal ->[!NOTE] + +>[!NOTE] > These set of steps are directed towards the MSSP customer.
> Access to the portal can only be done by the MSSP customer. -As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Microsoft Defender Security Center. +As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center. + Authentication and authorization of the MSSP user is built on top of Azure Active Directory (Azure AD) B2B functionality. You'll need to take the following 2 steps: - Add MSSP user to your tenant as a guest user -- Grant MSSP user access to Microsoft Defender Security Center + +- Grant MSSP user access to Windows Defender Security Center + ### Add MSSP user to your tenant as a guest user Add a user who is a member of the MSSP tenant to your tenant as a guest user. To grant portal access to the MSSP, you must add the MSSP user to your Azure AD as a guest user. For more information, see [Add Azure Active Directory B2B collaboration users in the Azure portal](https://docs.microsoft.com/azure/active-directory/b2b/add-users-administrator). - -### Grant MSSP user access to Microsoft Defender Security Center -Grant the guest user access and permissions to your Microsoft Defender Security Center tenant. + +### Grant MSSP user access to Windows Defender Security Center +Grant the guest user access and permissions to your Windows Defender Security Center tenant. Granting access to guest user is done the same way as granting access to a user who is a member of your tenant. If you're using basic permissions to access the portal, the guest user must be assigned a Security Administrator role in **your** tenant. For more information, see [Use basic permissions to access the portal](basic-permissions.md). -If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Microsoft Defender ATP, see [Manage portal access using RBAC](rbac.md). +If you're using role-based access control (RBAC), the guest user must be to added to the appropriate group or groups in **your** tenant. Fore more information on RBAC in Windows Defender ATP, see [Manage portal access using RBAC](rbac.md). + >[!NOTE] >There is no difference between the Member user and Guest user roles from RBAC perspective. @@ -94,12 +107,14 @@ It is recommended that groups are created for MSSPs to make authorization access As a MSSP customer, you can always remove or modify the permissions granted to the MSSP by updating the Azure AD user groups. -## Access the Microsoft Defender Security Center MSSP customer portal + +## Access the Windows Defender Security Center MSSP customer portal ->[!NOTE] +>[!NOTE] >These set of steps are directed towards the MSSP. -By default, MSSP customers access their Microsoft Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`. +By default, MSSP customers access their Windows Defender Security Center tenant through the following URL: `https://securitycenter.windows.com`. + MSSPs however, will need to use a tenant-specific URL in the following format: `https://securitycenter.windows.com?tid=customer_tenant_id` to access the MSSP customer portal. @@ -123,7 +138,9 @@ Use the following steps to obtain the MSSP customer tenant ID and then use the I After access the portal is granted, alert notification rules can to be created so that emails are sent to MSSPs when alerts associated with the tenant are created and set conditions are met. + For more information, see [Create rules for alert notifications](configure-email-notifications.md#create-rules-for-alert-notifications). + These check boxes must be checked: - **Include organization name** - The customer name will be added to email notifications @@ -141,46 +158,49 @@ To fetch alerts into your SIEM system you'll need to take the following steps: Step 1: Create a third-party application Step 2: Get access and refresh tokens from your customer's tenant - -Step 3: Whitelist your application on Microsoft Defender Security Center + +Step 3: Whitelist your application on Windows Defender Security Center + ### Step 1: Create an application in Azure Active Directory (Azure AD) -You'll need to create an application and grant it permissions to fetch alerts from your customer's Microsoft Defender ATP tenant. + +You'll need to create an application and grant it permissions to fetch alerts from your customer's Windows Defender ATP tenant. + 1. Sign in to the [Azure AD portal](https://aad.portal.azure.com/). 2. Select **Azure Active Directory** > **App registrations**. -3. Click **New application registration**. + +3. Click **New registration**. + 4. Specify the following values: - Name: \ SIEM MSSP Connector (replace Tenant_name with the tenant display name) - - Application type: Web app / API - - Sign-on URL: `https://SiemMsspConnector` + + - Supported account types: Account in this organizational directory only + - Redirect URI: Select Web and type `https:///SiemMsspConnector`(replace with the tenant name) -5. Click **Create**. The application is displayed in the list of applications you own. +5. Click **Register**. The application is displayed in the list of applications you own. -6. Select the application, then click **Settings** > **Properties**. +6. Select the application, then click **Overview**. -7. Copy the value from the **Application ID** field. +7. Copy the value from the **Application (client) ID** field to a safe place, you will need this in the next step. -8. Change the value in the **App ID URI** to: `https:///SiemMsspConnector` (replace \ with the tenant name. +8. Select **Certificate & secrets** in the new application panel. -9. Ensure that the **Multi-tenanted** field is set to **Yes**. +9. Click **New client secret**. -10. In the **Settings** panel, select **Reply URLs** and add the following URL: `https://localhost:44300/wdatpconnector`. - -11. Click **Save**. - -12. Select **Keys** and specify the following values: - Description: Enter a description for the key. - Expires: Select **In 1 year** -13. Click **Save**. Save the value is a safe place, you'll need this + +10. Click **Add**, copy the value of the client secret to a safe place, you will need this in the next step. + ### Step 2: Get access and refresh tokens from your customer's tenant This section guides you on how to use a PowerShell script to get the tokens from your customer's tenant. This script uses the application from the previous step to get the access and refresh tokens using the OAuth Authorization Code Flow. @@ -248,17 +268,20 @@ After providing your credentials, you'll need to grant consent to the applicatio `Set-ExecutionPolicy -ExecutionPolicy Bypass` 6. Enter the following commands: `.\MsspTokensAcquisition.ps1 -clientId -secret -tenantId ` - - - Replace \ with the Application ID you got from the previous step. - - Replace \ with the application key you created from the previous step. - - Replace \ with your customer's tenant ID. + + - Replace \ with the **Application (client) ID** you got from the previous step. + - Replace \ with the **Client Secret** you created from the previous step. + - Replace \ with your customer's **Tenant ID**. + 7. You'll be asked to provide your credentials and consent. Ignore the page redirect. 8. In the PowerShell window, you'll receive an access token and a refresh token. Save the refresh token to configure your SIEM connector. -### Step 3: Whitelist your application on Microsoft Defender Security Center -You'll need to whitelist the application you created in Microsoft Defender Security Center. + +### Step 3: Whitelist your application on Windows Defender Security Center +You'll need to whitelist the application you created in Windows Defender Security Center. + You'll need to have **Manage portal system settings** permission to whitelist the application. Otherwise, you'll need to request your customer to whitelist the application for you. @@ -272,12 +295,15 @@ You'll need to have **Manage portal system settings** permission to whitelist th 5. Click **Authorize application**. -You can now download the relevant configuration file for your SIEM and connect to the Microsoft Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md). + +You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem.md). + - In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value. - Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means). ## Fetch alerts from MSSP customer's tenant using APIs + For information on how to fetch alerts using REST API, see [Pull alerts using REST API](pull-alerts-using-rest-api.md). ## Related topics @@ -285,4 +311,5 @@ For information on how to fetch alerts using REST API, see [Pull alerts using RE - [Manage portal access using RBAC](rbac.md) - [Pull alerts to your SIEM tools](configure-siem.md) - [Pull alerts using REST API](pull-alerts-using-rest-api.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index c100b9ddf2..f4a2b266d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -61,7 +61,7 @@ machineId | String | Id of the machine on which the event was identified. **Requ severity | String | Severity of the alert. The property values are: 'Low', 'Medium' and 'High'. **Required**. title | String | Title for the alert. **Required**. description | String | Description of the alert. **Required**. -recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. +recommendedAction| String | Action that is recommended to be taken by security officer when analyzing the alert. **Required**. eventTime | DateTime(UTC) | The time of the event, as obtained from the advanced query. **Required**. reportId | String | The reportId, as obtained from the advanced query. **Required**. category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and 'General'. diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 2848e2268b..a2e28ff082 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -62,29 +62,29 @@ This page explains how to create an AAD application, get an access token to Micr 4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission: - - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**. + - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**. - - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. + - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - ![Image of API access and API selection](images/add-permission.png) + ![Image of API access and API selection](images/add-permission.png) - - Choose **Delegated permissions** > **Alert.Read** > Click on **Add permissions** + - Choose **Delegated permissions** > **Alert.Read** > Click on **Add permissions** - ![Image of API access and API selection](images/application-permissions-public-client.png) + ![Image of API access and API selection](images/application-permissions-public-client.png) - - **Important note**: You need to select the relevant permissions. 'Read alerts' is only an example! + - **Important note**: You need to select the relevant permissions. 'Read alerts' is only an example! - For instance, + For instance, - - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission - - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission - - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. + - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission + - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission + - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call. - - Click **Grant consent** + - Click **Grant consent** - **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect. + **Note**: Every time you add permission you must click on **Grant consent** for the new permission to take effect. - ![Image of Grant permissions](images/grant-consent.png) + ![Image of Grant permissions](images/grant-consent.png) 6. Write down your application ID and your tenant ID: @@ -102,42 +102,42 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co - Copy/Paste the below class in your application. - Use **AcquireUserTokenAsync** method with the your application ID, tenant ID, user name and password to acquire a token. - ``` - namespace WindowsDefenderATP - { - using System.Net.Http; - using System.Text; - using System.Threading.Tasks; - using Newtonsoft.Json.Linq; + ```csharp + namespace WindowsDefenderATP + { + using System.Net.Http; + using System.Text; + using System.Threading.Tasks; + using Newtonsoft.Json.Linq; - public static class WindowsDefenderATPUtils - { - private const string Authority = "https://login.windows.net"; + public static class WindowsDefenderATPUtils + { + private const string Authority = "https://login.windows.net"; - private const string WdatpResourceId = "https://api.securitycenter.windows.com"; + private const string WdatpResourceId = "https://api.securitycenter.windows.com"; - public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) - { - using (var httpClient = new HttpClient()) - { - var urlEncodedBody = $"resource={WdatpResourceId}&client_id={appId}&grant_type=password&username={username}&password={password}"; + public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) + { + using (var httpClient = new HttpClient()) + { + var urlEncodedBody = $"resource={WdatpResourceId}&client_id={appId}&grant_type=password&username={username}&password={password}"; - var stringContent = new StringContent(urlEncodedBody, Encoding.UTF8, "application/x-www-form-urlencoded"); + var stringContent = new StringContent(urlEncodedBody, Encoding.UTF8, "application/x-www-form-urlencoded"); - using (var response = await httpClient.PostAsync($"{Authority}/{tenantId}/oauth2/token", stringContent).ConfigureAwait(false)) - { - response.EnsureSuccessStatusCode(); + using (var response = await httpClient.PostAsync($"{Authority}/{tenantId}/oauth2/token", stringContent).ConfigureAwait(false)) + { + response.EnsureSuccessStatusCode(); - var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); + var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); - var jObject = JObject.Parse(json); + var jObject = JObject.Parse(json); - return jObject["access_token"].Value(); - } - } - } - } - } + return jObject["access_token"].Value(); + } + } + } + } + } ``` ## Validate the token @@ -156,16 +156,17 @@ Sanity check to make sure you got a correct token: - The Expiration time of the token is 1 hour (you can send more then one request with the same token) - Example of sending a request to get a list of alerts **using C#** - ``` - var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + ```csharp + var httpClient = new HttpClient(); - request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); - var response = httpClient.SendAsync(request).GetAwaiter().GetResult(); + request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); - // Do something useful with the response + var response = httpClient.SendAsync(request).GetAwaiter().GetResult(); + + // Do something useful with the response ``` ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 2b5551a0bb..92bc4c7650 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' GET /api/users/{id}/alerts ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve alerts for user1@contoso.com use /api/users/user1/alerts)** ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 341c605bbb..ca042a7e99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -44,7 +44,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine GET /api/users/{id}/machines ``` -**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines) ** +**Note that the id is not the full UPN, but only the user name. (e.g., to retrieve machines for user1@contoso.com use /api/users/user1/machines)** ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md index f0d6f3ad6c..dcc141f161 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md @@ -45,8 +45,8 @@ Sensitivity labels classify and help protect sensitive content. Sensitive information types in the Office 365 data loss prevention (DLP) implementation fall under two categories: -- Default -- Custom +- Default +- Custom Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for). diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 095c078b1f..9747f2d0ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -61,8 +61,8 @@ Comment | String | Comment to associate with the action. **Required**. IsolationType | String | Type of the isolation. Allowed values are: 'Full' or 'Selective'. **IsolationType** controls the type of isolation to perform and can be one of the following: -- Full – Full isolation -- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details) +- Full – Full isolation +- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details) ## Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index e73c682783..0d041b05e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -33,8 +33,8 @@ Topic | Description [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats. [Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization. [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts. -Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Microsoft Defender ATP. -Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. +[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP. +[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. [Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md index 5771d8afef..dcaa31ea84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] +>[!NOTE] > Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page. The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines. @@ -79,11 +79,11 @@ Within the tile, you can click on each control to see the recommended optimizati Clicking the link under the **Misconfigured machines** column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. -## Related topic +## Related topic - [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) -- [Configuration score](configuration-score.md) +- [Configuration score](configuration-score.md) - [Security recommendations](tvm-security-recommendation.md) - [Remediation](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 230e57d75e..3f4ceec2f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -63,7 +63,7 @@ This action takes effect on machines with Windows 10, version 1703 or later, whe 1. Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box: - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline - - **Search box** - select File from the drop–down menu and enter the file name + - **Search box** - select **File** from the drop–down menu and enter the file name 2. Go to the top bar and select **Stop and Quarantine File**. @@ -98,7 +98,7 @@ You can roll back and remove a file from quarantine if you’ve determined that 1. Open an elevated command–line prompt on the machine: - a. Go to **Start** and type cmd. + a. Go to **Start** and type _cmd_. b. Right–click **Command prompt** and select **Run as administrator**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index 5bb659b44e..d9cfb97c3f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -96,7 +96,7 @@ The package contains the following folders: |:---|:---------| |Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine.

NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” | |Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). | -|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

- ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

- Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

- DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

- IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

- FirewassExecutionLog.txt and pfirewall.log | +|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections.

- ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process.

- Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces.

ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack.

- DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections.

- IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

- FirewassExecutionLog.txt and pfirewall.log | | Prefetch files| Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list.

- Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files.

- PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. | | Processes| Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. | | Scheduled tasks| Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md index f7c9eff384..731963f220 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md @@ -75,7 +75,7 @@ The **Sensor health** tile provides information on the individual machine’s ab ![Sensor health tile](images/atp-tile-sensor-health.png) There are two status indicators that provide information on the number of machines that are not reporting properly to the service: -- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected. +- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected. - **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index f981d9c12a..289a76f1c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -296,8 +296,8 @@ You might also need to check the following: ## Licensing requirements Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - Windows 10 Enterprise E5 - - Windows 10 Education E5 + - Windows 10 Enterprise E5 + - Windows 10 Education E5 - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index f78005ca01..668831d19d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -34,31 +34,31 @@ The following steps guide you on how to create roles in Microsoft Defender Secur 3. Enter the role name, description, and permissions you'd like to assign to the role. - - **Role name** - - **Description** - - **Permissions** - - **View data** - Users can view information in the portal. - - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline. - - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. - - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and machine groups. - - >[!NOTE] - >This setting is only available in the Microsoft Defender ATP administrator (default) role. + - **Role name** + - **Description** + - **Permissions** + - **View data** - Users can view information in the portal. + - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline. + - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. + - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and machine groups. - - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications. + > [!NOTE] + > This setting is only available in the Microsoft Defender ATP administrator (default) role. - - **Live response capabilities** - Users can take basic or advanced live response commands.
- - Basic commands allow users to: - - Start a live response session - - Run read only live response commands on a remote machine - - Advanced commands allow users to: - - Run basic actions - - Download a file from the remote machine - - View a script from the files library - - Run a script on the remote machine from the files library take read and write commands. - - For more information on the available commands, see [Investigate machines using Live response](live-response.md). - + - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications. + + - **Live response capabilities** - Users can take basic or advanced live response commands. + - Basic commands allow users to: + - Start a live response session + - Run read only live response commands on a remote machine + - Advanced commands allow users to: + - Run basic actions + - Download a file from the remote machine + - View a script from the files library + - Run a script on the remote machine from the files library take read and write commands. + + For more information on the available commands, see [Investigate machines using Live response](live-response.md). + 4. Click **Next** to assign the role to an Azure AD group. 5. Use the filter to select the Azure AD group that you'd like to add to this role. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 994b79b7b6..b3c05cd9a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -79,8 +79,8 @@ For more information preview features, see [Preview features](https://docs.micro Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - New in Windows 10 version 1809, there are two new attack surface reduction rules: - - Block Adobe Reader from creating child processes - - Block Office communication application from creating child processes. + - Block Adobe Reader from creating child processes + - Block Office communication application from creating child processes. - [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). @@ -95,8 +95,8 @@ Query data using Advanced hunting in Microsoft Defender ATP. - [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
New attack surface reduction rules: - - Use advanced protection against ransomware - - Block credential stealing from the Windows local security authority subsystem (lsass.exe) + - Use advanced protection against ransomware + - Block credential stealing from the Windows local security authority subsystem (lsass.exe) - Block process creations originating from PSExec and WMI commands - Block untrusted and unsigned processes that run from USB - Block executable content from email client and webmail diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index c2c3f86318..7036973802 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -49,7 +49,7 @@ The Security Compliance Toolkit consists of: - Local Group Policy Object (LGPO) tool -You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/). +You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/bg-p/Microsoft-Security-Baselines). ## What is the Policy Analyzer tool? diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index 4fcca719b6..ef5a46869a 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -102,7 +102,7 @@ If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is conf | 565 | Access was granted to an already existing object type. | | 567 | A permission associated with a handle was used.
**Note:** A handle is created with certain granted permissions (Read, Write, and so on). When the handle is used, up to one audit is generated for each of the permissions that was used. | | 569 | The resource manager in Authorization Manager attempted to create a client context. | -| 570 | A client attempted to access an object.
**Note: ** An event will be generated for every attempted operation on the object. | +| 570 | A client attempted to access an object.
**Note:** An event will be generated for every attempted operation on the object. | ## Security considerations diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 44a4ae63d3..300f56c569 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -413,7 +413,7 @@ Here are the minimum steps for WEF to operate: ## Appendix E – Annotated baseline subscription event query -``` syntax +```xml @@ -578,8 +578,7 @@ Here are the minimum steps for WEF to operate: ## Appendix F – Annotated Suspect Subscription Event Query -``` syntax - +```xml diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index a9991a6eef..0389c92dd6 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -22,16 +22,16 @@ ms.date: 10/13/2017 Smartphones now serve as a primary productivity tool for business workers and, just like desktops or laptops, need to be secured against malware and data theft. Protecting these devices can be challenging due to the wide range of device operating systems and configurations and the fact that many employees use their own personal devices. IT needs to secure corporate assets on every device, but also ensure the privacy of the user’s personal apps and data. Windows 10 Mobile addresses these security concerns directly, whether workers are using personal or corporate-owned devices. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. These technologies include: -- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. -- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps. -- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. +- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. +- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps. +- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. This guide helps IT administrators better understand the security features in Windows 10 Mobile, which can be used to improve protection against unauthorized access, data leakage, and malware. **In this article:** -- Windows Hello for Business -- Windows Information Protection -- Malware resistance +- Windows Hello for Business +- Windows Information Protection +- Malware resistance ## Windows Hello @@ -56,9 +56,9 @@ To compromise Windows Hello credentials, an attacker would need access to the ph Biometrics help prevent credential theft and make it easier for users to login to their devices. Users always have their biometric identity with them – there is nothing to forget, lose, or leave behind. Attackers would need to have both access to the user’s device and be able to impersonate the user’s biometric identity to gain access to corporate resources, which is far more difficult than stealing a password. Windows Hello supports three biometric sensor scenarios: -- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology. -- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello. -- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology. +- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology. +- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello. +- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology. >Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture. @@ -72,8 +72,6 @@ The biometric image collected at enrollment is converted into an algorithmic for A Windows Hello companion device enables a physical device, like a wearable, to serve as a factor for validating the user’s identity before granting them access to their credentials. For instance, when the user has physical possession of a companion device they can easily, possibly even automatically, unlock their PC and authenticate with apps and websites. This type of device can be useful for smartphones or tablets that don’t have integrated biometric sensors or for industries where users need a faster, more convenient sign-in experience, such as retail. -In some cases, the companion device for Windows Hello enables a physical device, like a phone, wearable, or other types of device to store all of the user’s credentials. Storage of the credentials on a mobile device makes it possible to use them on any supporting device, like a kiosk or family PC, and eliminates the need to enroll Windows Hello on each device. Companion devices also help enable organizations to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS 140-2). - ### Standards-based approach The Fast Identity Online (FIDO) Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices and the problems users face in creating and remembering multiple user names and passwords. FIDO standards help reduce reliance on passwords to authenticate users of online services securely, allowing any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms. @@ -87,12 +85,12 @@ Enterprises have seen huge growth in the convergence of personal and corporate d Inadvertent disclosure is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. It’s easy to imagine that an employee using work email on their personal phone could unintentionally save an attachment containing sensitive company information to personal cloud storage, which could be shared with unauthorized people. This accidental sharing of corporate data is just one example of the challenges common to using mobile devices in the workplace. To prevent this type of data leakage, most solutions require users to login with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data secure and personal data private. Because corporate data is always protected, users cannot inadvertently copy it or share it with unauthorized users or apps. Key features include: -- Automatically tag personal and corporate data. -- Protect data while it’s at rest on local or removable storage. -- Control which apps can access corporate data. -- Control which apps can access a virtual private network (VPN) connection. -- Prevent users from copying corporate data to public locations. -- Help ensure business data is inaccessible when the device is in a locked state. +- Automatically tag personal and corporate data. +- Protect data while it’s at rest on local or removable storage. +- Control which apps can access corporate data. +- Control which apps can access a virtual private network (VPN) connection. +- Prevent users from copying corporate data to public locations. +- Help ensure business data is inaccessible when the device is in a locked state. ### Enlightened apps @@ -101,21 +99,21 @@ Third-party data loss protection solutions usually require developers to wrap th Windows Information Protection classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data will be encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. When you do not want all data encrypted by default – because it would create a poor user experience – developers should consider enlightening apps by adding code and compiling them using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that: -- Don’t use common controls for saving files. -- Don’t use common controls for text boxes. -- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance). +- Don’t use common controls for saving files. +- Don’t use common controls for text boxes. +- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance). In many cases, most apps don’t require enlightenment for them to use Windows Information Protection. Simply adding them to the allow list is the only step you need to take. Line-of-Business (LOB) apps are a good example of where this works well because they only handle corporate data. **When is app enlightenment required?** -- **Required** - - App needs to work with both personal and enterprise data. -- **Recommended** - - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps. - - App needs to access enterprise data, while protection under lock is activated. -- **Not required** - - App handles only corporate data - - App handles only personal data +- **Required** + - App needs to work with both personal and enterprise data. +- **Recommended** + - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps. + - App needs to access enterprise data, while protection under lock is activated. +- **Not required** + - App handles only corporate data + - App handles only personal data ### Data leakage control @@ -124,10 +122,10 @@ To configure Windows Information Protection in a Mobile Device Management (MDM) Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data. The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set: -- **Block.** Windows Information Protection blocks users from completing the operation. -- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log. -- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log. -- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log. +- **Block.** Windows Information Protection blocks users from completing the operation. +- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log. +- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log. +- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log. ### Data separation @@ -140,11 +138,11 @@ Windows Information Protection provides data separation without requiring a cont Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating systems and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored – even if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device. You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. The list below shows the policies you can change to customize device encryption on Windows 10 Mobile devices. -- Cryptography - - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled. - - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections. -- BitLocker - - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one. +- Cryptography + - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled. + - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections. +- BitLocker + - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one. To help make the device even more secured against outside interference, Windows 10 Mobile also now includes protection-under-lock. That means that encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is in a locked state, so hackers and malware have no way to find and co-opt keys. Everything is locked up tight with the TPM until the user unlocks the device with Windows Hello. @@ -230,9 +228,9 @@ A Trusted Platform Module (TPM) is a tamper-resistant cryptographic module that A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling a reliable report of the software used to start a platform. The following list describes key functionality that a TPM provides in Windows 10 Mobile: -- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys. -- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device. -- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM. +- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys. +- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device. +- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM. Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. When the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since then, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection, as well as the ability to plug-in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself. @@ -241,9 +239,9 @@ Many assume that original equipment manufacturers (OEMs) must implant a TPM in h >Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](https://technet.microsoft.com/library/dn915086.aspx) Several Windows 10 Mobile security features require TPM: -- Virtual smart cards -- Measured Boot -- Health attestation (requires TPM 2.0 or later) +- Virtual smart cards +- Measured Boot +- Health attestation (requires TPM 2.0 or later) Still other features will use the TPM if it is available. For example, Windows Hello does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Windows Hello. @@ -312,9 +310,9 @@ Malware depends on its ability to insert a malicious payload into memory with th The heap is a location in memory that Windows uses to store dynamic application data. Microsoft continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that an attacker could use. Windows 10 Mobile has made several important improvements to the security of the heap over previous versions of Windows: -- Internal data structures that the heap uses are better protected against memory corruption. -- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable. -- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app. +- Internal data structures that the heap uses are better protected against memory corruption. +- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable. +- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app. ### Memory reservations @@ -342,9 +340,9 @@ The security policy of a specific AppContainer defines the operating system capa A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. Access to other capabilities can be declared within the app code itself. Unlike traditional desktop applications, access to additional capabilities and privileges cannot be requested at run time. The AppContainer concept is advantageous because it provides: -- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions. -- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent. -- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types. +- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions. +- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent. +- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types. Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Microsoft Store displays the permissions that the app requires along with the app’s age rating and publisher. @@ -355,9 +353,9 @@ The combination of Device Guard and AppContainer help to prevent unauthorized ap The web browser is a critical component of any security strategy. It is the user’s interface to the Internet, an environment teeming with malicious sites and potentially dangerous content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks. Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways: -- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. -- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. -- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design. +- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. +- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps. +- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design. ## Summary diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 4f08806147..39bb11b2f0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -51,13 +51,14 @@ As a cloud service, it is required that computers have access to the internet an | **Service**| **Description** |**URL** | | :--: | :-- | :-- | -| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|*.wdcp.microsoft.com *.wdcpalt.microsoft.com *.wd.microsoft.com| -| *Microsoft Update Service (MU)*| Security intelligence and product updates |*.update.microsoft.com| -| *Security intelligence updates Alternate Download Location (ADL)*| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| *.download.microsoft.com| -| *Malware submission storage *|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | -| *Certificate Revocation List (CRL)* |Used by Windows when creating the SSL connection to MAPS for updating the CRL | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs | -| *Symbol Store *|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | -| *Universal Telemetry Client* | Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: vortex-win.data.microsoft.com settings-win.data.microsoft.com| +| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|\*.wdcp.microsoft.com \*.wdcpalt.microsoft.com \*.wd.microsoft.com| +| *Microsoft Update Service (MU)*| Security intelligence and product updates |\*.update.microsoft.com| +| *Security intelligence updates Alternate Download Location (ADL)*| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| \*.download.microsoft.com| +| *Malware submission storage*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | ussus1eastprod.blob.core.windows.net ussus1westprod.blob.core.windows.net usseu1northprod.blob.core.windows.net usseu1westprod.blob.core.windows.net ussuk1southprod.blob.core.windows.net ussuk1westprod.blob.core.windows.net ussas1eastprod.blob.core.windows.net ussas1southeastprod.blob.core.windows.net ussau1eastprod.blob.core.windows.net ussau1southeastprod.blob.core.windows.net | +| *Certificate Revocation List (CRL)*|Used by Windows when creating the SSL connection to MAPS for updating the CRL | http://www.microsoft.com/pkiops/crl/ http://www.microsoft.com/pkiops/certs http://crl.microsoft.com/pki/crl/products http://www.microsoft.com/pki/certs | +| *Symbol Store*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | https://msdl.microsoft.com/download/symbols | +| *Universal Telemetry Client*| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: vortex-win.data.microsoft.com settings-win.data.microsoft.com| + ## Validate connections between your network and the cloud diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 7ee34ff838..575ad0d393 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -41,6 +41,6 @@ You can also manually merge AppLocker policies. For the procedure to do this, se Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path. -``` syntax +```powershell C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge ``` diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 6fa4d92a72..a3834e3625 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -50,11 +50,11 @@ The following table contains information about the events that you can use to de | 8000 | Error| Application Identity Policy conversion failed. Status *<%1> *| Indicates that the policy was not applied correctly to the computer. The status message is provided for troubleshooting purposes.| | 8001 | Information| The AppLocker policy was applied successfully to this computer.| Indicates that the AppLocker policy was successfully applied to the computer.| | 8002 | Information| *<File name> * was allowed to run.| Specifies that the .exe or .dll file is allowed by an AppLocker rule.| -| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| +| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.| | 8005| Information| *<File name> * was allowed to run.| Specifies that the script or .msi file is allowed by an AppLocker rule.| -| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only ** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules ** enforcement mode were enabled. | -| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name> * is restricted by the administrator. Applied only when the **Enforce rules ** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| +| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules** enforcement mode were enabled. | +| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.| | 8008| Error| AppLocker disabled on the SKU.| Added in Windows Server 2012 and Windows 8.| | 8020| Information| Packaged app allowed.| Added in Windows Server 2012 and Windows 8.| | 8021| Information| Packaged app audited.| Added in Windows Server 2012 and Windows 8.| diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 8e77d3e330..d3c403d633 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -30,7 +30,7 @@ This topic for IT professionals provides links to procedural topics about creati | Topic | Description | | - | - | | [Configure the Application Identity service](configure-the-application-identity-service.md) | This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.| -| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only ** within your IT environment by using AppLocker.| +| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.| | [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) | This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.| | [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) | This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.| | [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) | This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.| diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md index 105f6a46bb..babbce2e0b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md @@ -52,10 +52,10 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) - One or the other, not both at the same time - Does not support wildcard in the middle (ex. C:\\*\foo.exe) - - Examples: - - %WINDIR%\\... - - %SYSTEM32%\\... - - %OSDRIVE%\\... +- Supported Macros: + - %WINDIR%\\... + - %SYSTEM32%\\... + - %OSDRIVE%\\... - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index ab584cebd9..530d8659f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -111,15 +111,16 @@ They could also choose to create a catalog that captures information about the u Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. -- New-CIPolicy parameters +- New-CIPolicy parameter - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) ```powershell - New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u + New-CIPolicy -FilePath .\mypolicy.xml -Level FileName -ScanPath -UserPEs ``` Optionally, add -UserWriteablePaths to ignore user writeability - + +- New-CIPolicyRule parameter - FilePathRule: create a rule where filepath string is directly set to value of \ ```powershell @@ -134,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD $rules = New-CIPolicyRule … $rules += New-CIPolicyRule … … - New-CIPolicyRule -f .\mypolicy.xml -u + New-CIPolicy -FilePath .\mypolicy.xml -Rules $rules -UserPEs ``` - Wildcards supported @@ -149,6 +150,6 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: ```powershell - Set-RuleOption -o 18 .\policy.xml + Set-RuleOption -Option 18 .\policy.xml ``` diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 9617e485b3..3605322e2c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -18,7 +18,7 @@ ms.date: 01/08/2019 **Applies to:** -- Windows 10 +- Windows 10 Enterprise - Windows Server 2016 - Windows Server 2019 @@ -40,8 +40,8 @@ WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs ## WDAC System Requirements -WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Professional editions or Windows Server 2016. -They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and optionally managed via Mobile Device Management (MDM), such as Microsoft Intune. +WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Windows Server 2016 and above. +They can be applied to computers running Windows 10 Enterprise or Windows Server 2016 and above and optionally managed via Mobile Device Management (MDM), such as Microsoft Intune. Group Policy or Intune can be used to distribute WDAC policies. ## New and changed functionality diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index fb335353dc..c129bb0353 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -29,11 +29,13 @@ These settings, located at **Computer Configuration\Administrative Templates\Net >You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. -| Policy name | Supported versions | Description | -|-------------------------------------------------|--------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. | -| Enterprise resource domains hosted in the cloud | At least Windows Server 2012, Windows 8, or Windows RT | A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | -| Domains categorized as both work and personal | At least Windows Server 2012, Windows 8, or Windows RT | A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. | + +|Policy name|Supported versions|Description| +|-----------|------------------|-----------| +|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| +|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) If you want to specify a complete domain, include a full domain name (for example "**contoso.com**") in the configuration. 2) You may optionally use "." as a previous wildcard character to automatically trust all subdomains (when there is more than one subdomain). Configuring "**.constoso.com**" will automatically trust "**subdomain1.contoso.com**", "**subdomain2.contoso.com**", etc. 3) To trust a subdomain, precede your domain with two dots, for example "**..contoso.com**". | +|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| + ## Application-specific settings These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 8a0d017824..1d5756d650 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -103,3 +103,11 @@ Answering frequently asked questions about Windows Defender Application Guard (A | **A:** | To trust a subdomain, you must precede your domain with two dots, for example: ..contoso.com. |
+ +| | | +|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Q:** | Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? | +| **A:** | When using Windows Pro and Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). | + +
+ diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 3f889598d3..dc6820bd94 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -19,29 +19,12 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements - + +See [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard. >[!NOTE] >Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. -### Hardware requirements -Your environment needs the following hardware to run Windows Defender Application Guard. -|Hardware|Description| -|--------|-----------| -|64-bit CPU|A 64-bit computer with minimum 4 cores is required for the hypervisor. For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/virtualization/hyper-v-on-windows/reference/tlfs).| -|CPU virtualization extensions|Extended page tables, also called _Second Level Address Translation (SLAT)_

**-AND-**

One of the following virtualization extensions for VBS:

VT-x (Intel)

**-OR-**

AMD-V| -|Hardware memory|Microsoft requires a minimum of 8GB RAM| -|Hard disk|5 GB free space, solid state disk (SSD) recommended| -|Input/Output Memory Management Unit (IOMMU) support|Not required, but strongly recommended| - -### Software requirements -Your environment needs the following software to run Windows Defender Application Guard. - -|Software|Description| -|--------|-----------| -|Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803| -|Browser|Microsoft Edge and Internet Explorer| -|Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[System Center Configuration Manager](https://docs.microsoft.com/sccm/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| ## Prepare for Windows Defender Application Guard diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 4aadf6d205..00c7bfddf4 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -39,69 +39,12 @@ Application Guard has been created to target several types of systems: ## Frequently Asked Questions -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can I enable Application Guard on machines equipped with 4GB RAM? | -| **A:** | We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount - Default is 4 cores. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB - Default is 8GB. | -| | HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB. | - -
- - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees download documents from the Application Guard Edge session onto host devices? | -| **A:** | In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.

In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. | - -
- - -| | | -|--------|------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Can employees copy and paste between the host device and the Application Guard Edge session? | -| **A:** | Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. | - -
- - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why don't employees see their Favorites in the Application Guard Edge session? | -| **A:** | To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. | - -
- - -| | | -|--------|---------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | Why aren’t employees able to see their Extensions in the Application Guard Edge session? | -| **A:** | Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. | - -
- - -| | | -|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? | -| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. | - -
- - -| | | -|--------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? | -| **A:** | This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature. | - -
- +Please see [Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md) for common user-submitted questions. | | | |--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Q:** | What is the WDAGUtilityAccount local account? | -| **A:** | This account is part of Application Guard beginning with Windows 10 version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. | +| **Q:** | Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? | +| **A:** | When using Windows Pro and Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). |
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 29ed15335f..7ed8ec4621 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -53,6 +53,8 @@ For more information about disabling local list merging, see [Prevent or allow u >If controlled folder access is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device. >If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**. +>If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive. + ## Intune 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 0f4d7ee1dc..07172573b3 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -183,7 +183,7 @@ Windows 10 and Windows Server 2016 have a WMI class for related properties and f > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1709. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 61220879a8..4d7e28279c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -88,7 +88,7 @@ Where: For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command: ```PowerShell -Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode +Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode ``` You can disable audit mode by replacing `-Enable` with `-Disable`. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md index dc0bab469f..875fd5bfae 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md @@ -56,7 +56,9 @@ This can only be done in Group Policy. > >You must have Windows 10, version 1903. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. -1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. +1. Download the latest [Administrative Templates (.admx) for Windows 10, v1809](https://www.microsoft.com/download/details.aspx?id=57576). + +2. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. 3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. @@ -86,7 +88,18 @@ This can only be done in Group Policy. 6. Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**. -7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). +7. Use the following registry key and DWORD value to **Hide all notifications**. + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableNotifications"=dword:00000001** + +8. Use the following registry key and DWORD value to **Hide not-critical notifications** + + **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]** + **"DisableEnhancedNotifications"=dword:00000001** + +9. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). + ## Notifications @@ -136,3 +149,4 @@ This can only be done in Group Policy. | Dynamic lock on, bluetooth on, but unable to detect device | | | No | | NoPa or federated no hello | | | No | | NoPa or federated hello broken | | | No | + diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 8de4021830..bf20974a75 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -123,8 +123,8 @@ Default is Any address. [Learn more](https://aka.ms/intunefirewallremotaddressrule) -## Edge traversal (coming soon) -Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. +## Edge traversal (UI coming soon) +Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. This setting can only be configured via Intune Graph at this time. [Learn more](https://aka.ms/intunefirewalledgetraversal) diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 9c6966b525..5ded02bd51 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -80,7 +80,7 @@ This script does the following: Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell # Create a Security Group for the computers that will get the policy $pathname = (Get-ADDomain).distinguishedname New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" ` @@ -120,7 +120,7 @@ Use a Windows PowerShell script similar to the following to create a local IPsec Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints. -``` syntax +```powershell #Set up the certificate $certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA" $myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop @@ -173,7 +173,7 @@ Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections: 6. Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file: - ``` syntax + ```xml ERROR_IPSEC_IKE_NO_CERT 32 diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 79ee3e58bd..4daaa5d367 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -67,7 +67,7 @@ netsh advfirewall set allprofiles state on **Windows PowerShell** -``` syntax +```powershell Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True ``` @@ -88,7 +88,7 @@ netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFile Windows PowerShell -``` syntax +```powershell Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log ``` @@ -140,7 +140,7 @@ netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow ``` @@ -157,7 +157,7 @@ netsh advfirewall firewall add rule name="Block Outbound Telnet" dir=out program Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe –Protocol TCP –LocalPort 23 -Action Block –PolicyStore domain.contoso.com\gpo_name ``` @@ -169,7 +169,7 @@ The following performs the same actions as the previous example (by adding a Tel Windows PowerShell -``` syntax +```powershell $gpo = Open-NetGPO –PolicyStore domain.contoso.com\gpo_name New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\telnet.exe –Protocol TCP –LocalPort 23 -Action Block –GPOSession $gpo Save-NetGPO –GPOSession $gpo @@ -191,7 +191,7 @@ netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2 Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2 ``` @@ -205,7 +205,7 @@ In the following example, we assume the query returns a single firewall rule, wh Windows PowerShell -``` syntax +```powershell Get-NetFirewallPortFilter | ?{$_.LocalPort -eq 80} | Get-NetFirewallRule | ?{ $_.Direction –eq “Inbound” -and $_.Action –eq “Allow”} | Set-NetFirewallRule -RemoteAddress 192.168.0.2 ``` @@ -213,7 +213,7 @@ You can also query for rules using the wildcard character. The following example Windows PowerShell -``` syntax +```powershell Get-NetFirewallApplicationFilter -Program "*svchost*" | Get-NetFirewallRule ``` @@ -223,7 +223,7 @@ In the following example, we add both inbound and outbound Telnet firewall rules Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management” ``` @@ -232,7 +232,7 @@ If the group is not specified at rule creation time, the rule can be added to th Windows PowerShell -``` syntax +```powershell $rule = Get-NetFirewallRule -DisplayName “Allow Inbound Telnet” $rule.Group = “Telnet Management” $rule | Set-NetFirewallRule @@ -250,7 +250,7 @@ netsh advfirewall firewall set rule group="Windows Defender Firewall remote mana Windows PowerShell -``` syntax +```powershell Set-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” –Enabled True ``` @@ -258,7 +258,7 @@ There is also a separate `Enable-NetFirewallRule` cmdlet for enabling rules by g Windows PowerShell -``` syntax +```powershell Enable-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” -Verbose ``` @@ -276,7 +276,7 @@ netsh advfirewall firewall delete rule name=“Allow Web 80” Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Allow Web 80” ``` @@ -284,7 +284,7 @@ Like with other cmdlets, you can also query for rules to be removed. Here, all b Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –Action Block ``` @@ -292,7 +292,7 @@ Note that it may be safer to query the rules with the **Get** command and save i Windows PowerShell -``` syntax +```powershell $x = Get-NetFirewallRule –Action Block $x $x[0-3] | Remove-NetFirewallRule @@ -306,7 +306,7 @@ The following example returns all firewall rules of the persistent store on a de Windows PowerShell -``` syntax +```powershell Get-NetFirewallRule –CimSession RemoteDevice ``` @@ -314,7 +314,7 @@ We can perform any modifications or view rules on remote devices by simply usin Windows PowerShell -``` syntax +```powershell $RemoteSession = New-CimSession –ComputerName RemoteDevice Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm ``` @@ -342,7 +342,7 @@ netsh advfirewall consec add rule name="Require Inbound Authentication" endpoint Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -PolicyStore domain.contoso.com\gpo_name ``` @@ -365,7 +365,7 @@ netsh advfirewall consec add rule name="Require Outbound Authentication" endpoin Windows PowerShell -``` syntax +```powershell $AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP –AHHash SHA1 -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “ah:sha1+esp:sha1-des3” -Proposal $AHandESPQM –PolicyStore domain.contoso.com\gpo_name New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name –PolicyStore domain.contoso.com\gpo_name @@ -379,7 +379,7 @@ You can leverage IKEv2 capabilities in Windows Server 2012 by simply specifying Windows PowerShell -``` syntax +```powershell New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway ``` @@ -395,7 +395,7 @@ Copying individual rules is a task that is not possible through the Netsh interf Windows PowerShell -``` syntax +```powershell $Rule = Get-NetIPsecRule –DisplayName “Require Inbound Authentication” $Rule | Copy-NetIPsecRule –NewPolicyStore domain.costoso.com\new_gpo_name $Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name @@ -407,7 +407,7 @@ To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAc Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98” –ErrorAction SilentlyContinue ``` @@ -415,7 +415,7 @@ Note that the use of wildcards can also suppress errors, but they could potentia Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” ``` @@ -423,7 +423,7 @@ When using wildcards, if you want to double-check the set of rules that is match Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –WhatIf ``` @@ -431,7 +431,7 @@ If you only want to delete some of the matched rules, you can use the *–Confir Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Confirm ``` @@ -439,7 +439,7 @@ You can also just perform the whole operation, displaying the name of each rule Windows PowerShell -``` syntax +```powershell Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Verbose ``` @@ -457,7 +457,7 @@ netsh advfirewall consec show rule name=all Windows PowerShell -``` syntax +```powershell Show-NetIPsecRule –PolicyStore ActiveStore ``` @@ -473,7 +473,7 @@ netsh advfirewall monitor show mmsa all Windows PowerShell -``` syntax +```powershell Get-NetIPsecMainModeSA ``` @@ -485,7 +485,7 @@ For objects that come from a GPO (the *–PolicyStoreSourceType* parameter is sp Windows PowerShell -``` syntax +```powershell Get-NetIPsecRule –DisplayName “Require Inbound Authentication” –TracePolicyStore ``` @@ -506,7 +506,7 @@ netsh advfirewall consec add rule name=“Basic Domain Isolation Policy” profi Windows PowerShell -``` syntax +```powershell $kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation @@ -524,7 +524,7 @@ netsh advfirewall consec add rule name="Tunnel from 192.168.0.0/16 to 192.157.0. Windows PowerShell -``` syntax +```powershell $QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption DES3 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3” -Proposal $QMProposal New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name @@ -548,7 +548,7 @@ netsh advfirewall firewall add rule name="Allow Authenticated Telnet" dir=in pro Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName “Allow Authenticated Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -Authentication Required -Action Allow ``` @@ -562,7 +562,7 @@ netsh advfirewall consec add rule name="Authenticate Both Computer and User" end Windows PowerShell -``` syntax +```powershell $mkerbauthprop = New-NetIPsecAuthProposal -Machine –Kerberos $mntlmauthprop = New-NetIPsecAuthProposal -Machine -NTLM $P1Auth = New-NetIPsecPhase1AuthSet -DisplayName “Machine Auth” –Proposal $mkerbauthprop,$mntlmauthprop @@ -593,7 +593,7 @@ The following example shows you how to create an SDDL string that represents sec Windows PowerShell -``` syntax +```powershell $user = new-object System.Security.Principal.NTAccount (“corp.contoso.com\Administrators”) $SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value $secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)" @@ -603,7 +603,7 @@ By using the previous scriptlet, you can also get the SDDL string for a secure c Windows PowerShell -``` syntax +```powershell $secureMachineGroup = "D:(A;;CC;;;$SIDofSecureMachineGroup)" ``` @@ -622,7 +622,7 @@ netsh advfirewall firewall add rule name=“Allow Encrypted Inbound Telnet to Gr Windows PowerShell -``` syntax +```powershell New-NetFirewallRule -DisplayName "Allow Encrypted Inbound Telnet to Group Members Only" -Program %SystemRoot%\System32\tlntsvr.exe -Protocol TCP -Direction Inbound -Action Allow -LocalPort 23 -Authentication Required -Encryption Required –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\Server_Isolation ``` @@ -634,7 +634,7 @@ In this example, we set the global IPsec setting to only allow transport mode tr Windows PowerShell -``` syntax +```powershell Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGroup ``` @@ -653,7 +653,7 @@ netsh advfirewall firewall add rule name="Inbound Secure Bypass Rule" dir=in sec Windows PowerShell -``` syntax +```powershell New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation ``` From 4cc0773fe862e0a9f449fccefd48c02a39d8a179 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Tue, 6 Aug 2019 00:44:21 -0400 Subject: [PATCH 323/395] fix: MD019/no-multiple-space-atx Multiple spaces after hash on atx style heading --- .../install-ie11-using-microsoft-intune.md | 108 +- .../platform-selection-ieak11-wizard.md | 70 +- .../ie11-ieak/programs-ieak11-wizard.md | 78 +- ...-surface-devices-to-windows-10-with-mdt.md | 2 +- education/windows/s-mode-switch-to-edu.md | 2 +- ...lization-server-based-scenario-overview.md | 4 +- mdop/appv-v4/planning-for-server-security.md | 2 +- ...lanning-for-mbam-10-administrator-roles.md | 2 +- ...g-for-mbam-10-group-policy-requirements.md | 2 +- ...-for-mbam-20-administrator-roles-mbam-2.md | 2 +- ...bam-20-group-policy-requirements-mbam-2.md | 2 +- ...emplates-with-the-ue-v-template-gallery.md | 2 +- mdop/uev-v1/troubleshooting-ue-v-10.md | 4 +- .../troubleshooting-ue-v-2x-both-uevv2.md | 4 +- .../device-guard-signing-portal.md | 2 +- ...k-with-partner-microsoft-store-business.md | 2 +- .../mdm/win32compatibilityappraiser-csp.md | 2 +- .../reset-a-windows-10-mobile-device.md | 2 +- .../troubleshoot-inaccessible-boot-device.md | 22 +- windows/configuration/kiosk-xml.md | 2 +- .../demonstrate-deployment-on-vm.md | 1700 ++++++++--------- windows/privacy/gdpr-it-guidance.md | 2 +- .../credential-guard-known-issues.md | 2 +- .../hello-cert-trust-adfs.md | 2 +- .../hello-key-trust-adfs.md | 2 +- .../remote-credential-guard.md | 2 +- .../bitlocker-management-for-enterprises.md | 2 +- windows/security/threat-protection/TOC.md | 4 +- .../microsoft-defender-atp/alerts-queue.md | 2 +- .../api-portal-mapping.md | 2 +- .../configure-mssp-support.md | 2 +- .../run-detection-test.md | 2 +- .../troubleshoot-overview.md | 2 +- ...-ssp-based-including-secure-rpc-servers.md | 2 +- ...e-worm-targets-out-of-date-systems-wdsi.md | 2 +- .../ltsc/whats-new-windows-10-2019.md | 1262 ++++++------ .../whats-new-windows-10-version-1809.md | 2 +- 37 files changed, 1655 insertions(+), 1655 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md index e93450be88..25226f2ad0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md @@ -1,54 +1,54 @@ ---- -ms.localizationpriority: medium -ms.mktglfcycl: deploy -description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune. -author: lomayor -ms.prod: ie11 -ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616 -ms.reviewer: -audience: itpro manager: dansimp -ms.author: lomayor -title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Install Internet Explorer 11 (IE11) using Microsoft Intune -Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805). - -## Adding and deploying the IE11 package -You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune. - - **To add the IE11 package** - -1. From the Microsoft Intune administrator console, start the Microsoft Intune Software Publisher. - -2. Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi). - -For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806). - - **To automatically deploy and install the IE11 package** - -1. From the Microsoft Intune administrator console, start and run through the Deploy Software wizard. - -2. Deploy the package to any of your employee computers that are managed by Microsoft Intune. - -3. After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard. - -For more info about this, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806). - - **To let your employees install the IE11 package** - -1. Install the package on your company's Microsoft Intune site, marking it as **Available** for the appropriate groups. - -2. Any employee in the assigned group can now install the package. - -For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808) - -  - -  - - - +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune. +author: lomayor +ms.prod: ie11 +ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616 +ms.reviewer: +manager: dansimp +ms.author: lomayor +title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Install Internet Explorer 11 (IE11) using Microsoft Intune +Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805). + +## Adding and deploying the IE11 package +You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune. + + **To add the IE11 package** + +1. From the Microsoft Intune administrator console, start the Microsoft Intune Software Publisher. + +2. Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi). + +For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806). + + **To automatically deploy and install the IE11 package** + +1. From the Microsoft Intune administrator console, start and run through the Deploy Software wizard. + +2. Deploy the package to any of your employee computers that are managed by Microsoft Intune. + +3. After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard. + +For more info about this, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806). + + **To let your employees install the IE11 package** + +1. Install the package on your company's Microsoft Intune site, marking it as **Available** for the appropriate groups. + +2. Any employee in the assigned group can now install the package. + +For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808) + +  + +  + + + diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md index efbae636fc..a3c0045275 100644 --- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md @@ -1,35 +1,35 @@ ---- -ms.localizationpriority: medium -ms.mktglfcycl: deploy -description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package. -author: lomayor -ms.prod: ie11 -ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218 -ms.reviewer: -audience: itpro manager: dansimp -ms.author: lomayor -title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Use the Platform Selection page in the IEAK 11 Wizard -The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package. - -**To use the Platform Selection page** - -1. Pick the operating system and architecture for the devices on which you’re going to install the custom package.

-You must create individual packages for each supported operating system.

-**Note**
To keep your settings across several operating system packages, you can specify the same destination folder. Then, after running the wizard, you can reuse the resulting .ins file. Any additional changes to the .ins file are saved. For more info about using .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md). For more info about adding in your .ins file, see [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md). - -2. Click **Next** to go to the [Language Selection](language-selection-ieak11-wizard.md) page or **Back** to go to the [File Locations](file-locations-ieak11-wizard.md) page. - -  - -  - - - - - +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package. +author: lomayor +ms.prod: ie11 +ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218 +ms.reviewer: +manager: dansimp +ms.author: lomayor +title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Use the Platform Selection page in the IEAK 11 Wizard +The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package. + +**To use the Platform Selection page** + +1. Pick the operating system and architecture for the devices on which you’re going to install the custom package.

+You must create individual packages for each supported operating system.

+**Note**
To keep your settings across several operating system packages, you can specify the same destination folder. Then, after running the wizard, you can reuse the resulting .ins file. Any additional changes to the .ins file are saved. For more info about using .ins files, see [Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md). For more info about adding in your .ins file, see [Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md). + +2. Click **Next** to go to the [Language Selection](language-selection-ieak11-wizard.md) page or **Back** to go to the [File Locations](file-locations-ieak11-wizard.md) page. + +  + +  + + + + + diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md index a4d2c384bb..8b0ff1ece4 100644 --- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md @@ -1,39 +1,39 @@ ---- -ms.localizationpriority: medium -ms.mktglfcycl: deploy -description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services. -author: lomayor -ms.prod: ie11 -ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc -ms.reviewer: -audience: itpro manager: dansimp -ms.author: lomayor -title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros) -ms.sitesec: library -ms.date: 07/27/2017 ---- - - -# Use the Programs page in the IEAK 11 Wizard -The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer. - -**Important**
The customizations you make on this page only apply to Internet Explorer for the desktop. - -**To use the Programs page** - -1. Determine whether you want to customize your connection settings. You can pick: - - - **Do not customize Program Settings.** Pick this option if you don’t want to set program associations for your employee’s devices.

-OR-

- - - **Import the current Program Settings.** Pick this option to import the program associations from your device and use them as the preset for your employee’s program settings.

**Note**
If you want to change any of your settings, you can click **Modify Settings** to open the **Internet Properties** box, click **Set associations**, and make your changes. - -2. Click **Next** to go to the [Additional Settings](additional-settings-ieak11-wizard.md) page or **Back** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page. - -  - -  - - - - - +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services. +author: lomayor +ms.prod: ie11 +ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc +ms.reviewer: +manager: dansimp +ms.author: lomayor +title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros) +ms.sitesec: library +ms.date: 07/27/2017 +--- + + +# Use the Programs page in the IEAK 11 Wizard +The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer. + +**Important**
The customizations you make on this page only apply to Internet Explorer for the desktop. + +**To use the Programs page** + +1. Determine whether you want to customize your connection settings. You can pick: + + - **Do not customize Program Settings.** Pick this option if you don’t want to set program associations for your employee’s devices.

-OR-

+ + - **Import the current Program Settings.** Pick this option to import the program associations from your device and use them as the preset for your employee’s program settings.

**Note**
If you want to change any of your settings, you can click **Modify Settings** to open the **Internet Properties** box, click **Set associations**, and make your changes. + +2. Click **Next** to go to the [Additional Settings](additional-settings-ieak11-wizard.md) page or **Back** to go to the [Add a Root Certificate](add-root-certificate-ieak11-wizard.md) page. + +  + +  + + + + + diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index 72f123de7f..fc7cf4147e 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -14,7 +14,7 @@ ms.reviewer: manager: dansimp --- -# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit +# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit #### Applies to * Surface Pro 3 diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index d92973b13b..7c0eaafd0a 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -42,7 +42,7 @@ S mode is an enhanced security mode of Windows 10 – streamlined for security a |Credential Guard | | | | X | |Device Guard | | | | X | -### Windows 10 in S mode is safe, secure, and fast. +### Windows 10 in S mode is safe, secure, and fast. However, in some limited scenarios, you might need to switch to Windows 10 Education. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store. ## How to switch diff --git a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md b/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md index fd47fcd34c..9cd3aaa842 100644 --- a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md +++ b/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md @@ -19,7 +19,7 @@ ms.date: 06/16/2016 If you plan to use a server-based deployment scenario for your Microsoft Application Virtualization environment, it is important to understand the differences between the *Application Virtualization Management Server* and the *Application Virtualization Streaming Server*. This topic describes those differences and also provides information about package delivery methods, transmission protocols, and external components that you will need to consider as you proceed with your deployment. -## Application Virtualization Management Server +## Application Virtualization Management Server The Application Virtualization Management Server performs both the publishing function and the streaming function. The server publishes application icons, shortcuts, and file type associations to the App-V clients for authorized users. When user requests for applications are received the server streams that data on-demand to authorized users using RTSP or RTSPS protocols. In most configurations using this server, one or more Management Servers share a common data store for configuration and package information. @@ -28,7 +28,7 @@ The Application Virtualization Management Servers use Active Directory groups to Because the Application Virtualization Management Servers stream applications to end-users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. -## Application Virtualization Streaming Server +## Application Virtualization Streaming Server The Application Virtualization Streaming Server delivers the same streaming and package upgrade capabilities provided by the Management Server, but without its Active Directory or SQL Server requirements. However, the Streaming Server does not have a publishing service, nor does it have licensing or metering capabilities. The publishing service of a separate App-V Management Server is used in conjunction with the App-V Streaming Server. The App-V Streaming Server addresses the needs of businesses that want to use Application Virtualization in multiple locations with the streaming capabilities of the classic server configuration but might not have the infrastructure to support App-V Management Servers in every location. diff --git a/mdop/appv-v4/planning-for-server-security.md b/mdop/appv-v4/planning-for-server-security.md index 7f51cc0fc6..3144f1bb2a 100644 --- a/mdop/appv-v4/planning-for-server-security.md +++ b/mdop/appv-v4/planning-for-server-security.md @@ -31,7 +31,7 @@ The content directory contains all of the packages that are to be streamed to cl Keep the number of users with administrative privileges to a minimum to reduce possible threats to the data in the data store and to avoid publishing malicious applications into the infrastructure. -## Application Virtualization Security +## Application Virtualization Security App-V uses several methods of communication between the various components of the infrastructure. When you plan your App-V infrastructure, securing the communications between servers can reduce the security risks that might already be present on the existing network. diff --git a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md b/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md index cd65628a24..6aab565898 100644 --- a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md +++ b/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md @@ -19,7 +19,7 @@ ms.date: 06/16/2016 This topic includes and describes the administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM), as well as the server locations where the local groups are created. -## MBAM Administrator roles +## MBAM Administrator roles **MBAM System Administrators** diff --git a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md b/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md index eb5ac48c44..b5fe8b5617 100644 --- a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md +++ b/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md @@ -141,7 +141,7 @@ This section describes the Client Management policy definitions for MBAM, found -## Fixed Drive policy definitions +## Fixed Drive policy definitions This section describes the Fixed Drive policy definitions for MBAM, which can be found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Fixed Drive**. diff --git a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md index 129b9e694f..f1a773c308 100644 --- a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md +++ b/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md @@ -19,7 +19,7 @@ ms.date: 06/16/2016 This topic lists and describes the available administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM) as well as the server locations where the local groups are created. -## MBAM Administrator Roles +## MBAM Administrator Roles **MBAM System Administrators** diff --git a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md index cb5cb89526..d7de859c09 100644 --- a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md +++ b/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md @@ -142,7 +142,7 @@ This section describes Client Management policy definitions for Microsoft BitLoc -## Fixed Drive Policy Definitions +## Fixed Drive Policy Definitions This section describes Fixed Drive policy definitions for Microsoft BitLocker Administration and Monitoring found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**\\**Fixed Drive**. diff --git a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md index 48f0163995..e17e36fce5 100644 --- a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md +++ b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md @@ -17,7 +17,7 @@ ms.date: 08/30/2016 # Sharing Settings Location Templates with the UE-V Template Gallery -## Share location templates with the template gallery +## Share location templates with the template gallery The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: . diff --git a/mdop/uev-v1/troubleshooting-ue-v-10.md b/mdop/uev-v1/troubleshooting-ue-v-10.md index 81aa6256a0..d04a56ec25 100644 --- a/mdop/uev-v1/troubleshooting-ue-v-10.md +++ b/mdop/uev-v1/troubleshooting-ue-v-10.md @@ -19,7 +19,7 @@ ms.date: 08/30/2016 Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). -## Find troubleshooting information +## Find troubleshooting information You can use the following information to find troubleshooting content or additional technical content for this product. @@ -44,7 +44,7 @@ The first step to find help content in the Administrator’s Guide is to search 3. Review the search results for assistance. -## Create a troubleshooting article +## Create a troubleshooting article If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP Online Help or TechNet Wiki, you can create your own TechNet Wiki article. diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md index 733876d705..161015c807 100644 --- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md +++ b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md @@ -19,7 +19,7 @@ ms.date: 08/30/2016 Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). -## Find troubleshooting information +## Find troubleshooting information You can use the following information to find troubleshooting content or additional technical content for this product. @@ -44,7 +44,7 @@ The first step to find help content in the Administrator’s Guide is to search 3. Review the search results for assistance. -## Create a troubleshooting article +## Create a troubleshooting article If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP Online Help or TechNet Wiki, you can create your own TechNet Wiki article. diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md index 2c0e080ed7..6a2720e035 100644 --- a/store-for-business/device-guard-signing-portal.md +++ b/store-for-business/device-guard-signing-portal.md @@ -51,7 +51,7 @@ Catalog and policy files have required files types. | catalog files | .cat | | policy files | .bin | - ## Store for Business roles and permissions + ## Store for Business roles and permissions Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role. ## Device Guard signing certificates diff --git a/store-for-business/work-with-partner-microsoft-store-business.md b/store-for-business/work-with-partner-microsoft-store-business.md index 9ca69eef76..e2829a08cb 100644 --- a/store-for-business/work-with-partner-microsoft-store-business.md +++ b/store-for-business/work-with-partner-microsoft-store-business.md @@ -38,7 +38,7 @@ There are several ways that a solution provider can work with you. Solution prov | OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). | | Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. | -## Find a solution provider +## Find a solution provider You can find partner in Microsoft Store for Business and Education. diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md index f4394c7d54..2570e65b3d 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md @@ -11,7 +11,7 @@ ms.reviewer: manager: dansimp --- -# Win32CompatibilityAppraiser CSP +# Win32CompatibilityAppraiser CSP > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. diff --git a/windows/client-management/reset-a-windows-10-mobile-device.md b/windows/client-management/reset-a-windows-10-mobile-device.md index 945ba0f15a..e90c985fdb 100644 --- a/windows/client-management/reset-a-windows-10-mobile-device.md +++ b/windows/client-management/reset-a-windows-10-mobile-device.md @@ -66,7 +66,7 @@ To perform a "wipe and persist" reset, preserving the provisioning applied to th ``` -## Reset using the UI +## Reset using the UI 1. On your mobile device, go to **Settings** > **System** > **About** > **Reset your Phone** diff --git a/windows/client-management/troubleshoot-inaccessible-boot-device.md b/windows/client-management/troubleshoot-inaccessible-boot-device.md index ac7e1e2391..27b46491dc 100644 --- a/windows/client-management/troubleshoot-inaccessible-boot-device.md +++ b/windows/client-management/troubleshoot-inaccessible-boot-device.md @@ -17,7 +17,7 @@ manager: dansimp This article provides steps to troubleshoot **Stop error 7B: Inaccessible_Boot_Device**. This error may occur after some changes are made to the computer, or immediately after you deploy Windows on the computer. -## Causes of the Inaccessible_Boot_Device Stop error +## Causes of the Inaccessible_Boot_Device Stop error Any one of the following factors may cause the stop error: @@ -37,7 +37,7 @@ Any one of the following factors may cause the stop error: * Corrupted files in the **Boot** partition (for example, corruption in the volume that is labeled **SYSTEM** when you run the `diskpart` > `list vol` command) -## Troubleshoot this error +## Troubleshoot this error Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre). To do this, follow these steps. @@ -47,9 +47,9 @@ Start the computer in [Windows Recovery Mode (WinRE)](https://docs.microsoft.com 3. On the **System Recovery Options** screen, select **Next** > **Command Prompt** . -### Verify that the boot disk is connected and accessible +### Verify that the boot disk is connected and accessible -#### Step 1 +#### Step 1 At the WinRE Command prompt, run `diskpart`, and then run `list disk`. @@ -67,7 +67,7 @@ If the computer uses a Unified Extensible Firmware Interface (UEFI) startup inte If the computer uses a basic input/output system (BIOS) interface, there will not be an asterisk in the **Dyn** column. -#### Step 2 +#### Step 2 If the `list disk` command lists the OS disks correctly, run the `list vol` command in `diskpart`. @@ -88,7 +88,7 @@ If the `list disk` command lists the OS disks correctly, run the `list vol` comm >[!NOTE] >If the disk that contains the OS is not listed in the output, you will have to engage the OEM or virtualization manufacturer. -### Verify the integrity of Boot Configuration Database +### Verify the integrity of Boot Configuration Database Check whether the Boot Configuration Database (BCD) has all the correct entries. To do this, run `bcdedit` at the WinRE command prompt. @@ -163,7 +163,7 @@ If you do not have a Windows 10 ISO, you must format the partition and copy **bo 4. Right-click the partition, and then format it. -### Troubleshooting if this issue occurs after a Windows Update installation +### Troubleshooting if this issue occurs after a Windows Update installation Run the following command to verify the Windows update installation and dates: @@ -203,9 +203,9 @@ After you run this command, you will see the **Install pending** and **Uninstall 11. Expand **Control\Session Manager**. Check whether the **PendingFileRenameOperations** key exists. If it does, back up the **SessionManager** key, and then delete the **PendingFileRenameOperations** key. -### Verifying boot critical drivers and services +### Verifying boot critical drivers and services -#### Check services +#### Check services 1. Follow steps 1-10 in the "Troubleshooting if this issue occurs after an Windows Update installation" section. (Step 11 does not apply to this procedure.) @@ -235,7 +235,7 @@ ren SYSTEM SYSTEM.old copy OSdrive:\Windows\System32\config\RegBack\SYSTEM OSdrive:\Windows\System32\config\ ``` -#### Check upper and lower filter drivers +#### Check upper and lower filter drivers Check whether there are any non-Microsoft upper and lower filter drivers on the computer and that they do not exist on another, similar working computer. if they do exist, remove the upper and lower filter drivers: @@ -268,7 +268,7 @@ The reason that these entries may affect us is because there may be an entry in >[!NOTE] >If there actually is a service that is set to **0** or **1** that corresponds to an **UpperFilters** or **LowerFilters** entry, setting the service to disabled in the **Services** registry (as discussed in steps 2 and 3 of the Check services section) without removing the **Filter Driver** entry causes the computer to crash and generate a 0x7b Stop error. -### Running SFC and Chkdsk +### Running SFC and Chkdsk If the computer still does not start, you can try to run a **chkdisk** process on the system drive, and also run System File Checker. To do this, run the following commands at a WinRE command prompt: diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index ff9c230e83..cf28c53e4a 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -16,7 +16,7 @@ ms.author: dansimp ms.topic: article --- -# Assigned Access configuration (kiosk) XML reference +# Assigned Access configuration (kiosk) XML reference **Applies to** diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 5b29de8d83..294a31c04b 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -1,850 +1,850 @@ ---- -title: Demonstrate Autopilot deployment -ms.reviewer: -manager: laurawi -description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article -ms.custom: autopilot ---- - - -# Demonstrate Autopilot deployment - -**Applies to** - -- Windows 10 - -To get started with Windows Autopilot, you should try it out with a virtual machine (VM) or you can use a physical device that will be wiped and then have a fresh install of Windows 10. - -In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM using Hyper-V. Note: Although there are [multiple platforms](administer.md) available to enable Autopilot, this lab primarily uses Intune. - ->Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you are using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. - -The following video provides an overview of the process: - -
- - ->For a list of terms used in this guide, see the [Glossary](#glossary) section. - -## Prerequisites - -These are the things you'll need to complete this lab: - - - -
Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file), version 1703 or later is required. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.
Internet accessIf you are behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
Hyper-V or a physical device running Windows 10The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.
A Premium Intune accountThis guide will describe how to obtain a free 30-day trial premium account that can be used to complete the lab.
- -## Procedures - -A summary of the sections and procedures in the lab is provided below. Follow each section in the order it is presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix. - -[Verify support for Hyper-V](#verify-support-for-hyper-v) -
[Enable Hyper-V](#enable-hyper-v) -
[Create a demo VM](#create-a-demo-vm) -
    [Set ISO file location](#set-iso-file-location) -
    [Determine network adapter name](#determine-network-adapter-name) -
    [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm) -
    [Install Windows 10](#install-windows-10) -
[Capture the hardware ID](#capture-the-hardware-id) -
[Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe) -
[Verify subscription level](#verify-subscription-level) -
[Configure company branding](#configure-company-branding) -
[Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment) -
[Register your VM](#register-your-vm) -
    [Autopilot registration using Intune](#autopilot-registration-using-intune) -
    [Autopilot registration using MSfB](#autopilot-registration-using-msfb) -
[Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile) -
    [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) -
       [Assign the profile](#assign-the-profile) -
    [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) -
[See Windows Autopilot in action](#see-windows-autopilot-in-action) -
[Remove devices from Autopilot](#remove-devices-from-autopilot) -
    [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device) -
[Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v) -
[Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile) -
    [Add a Win32 app](#add-a-win32-app) -
       [Prepare the app for Intune](#prepare-the-app-for-intune) -
       [Create app in Intune](#create-app-in-intune) -
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) -
    [Add Office 365](#add-office-365) -
       [Create app in Intune](#create-app-in-intune) -
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) -
[Glossary](#glossary) - -## Verify support for Hyper-V - -If you don't already have Hyper-V, we must first enable this on a computer running Windows 10 or Windows Server (2012 R2 or later). - ->If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you are using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). - -If you are not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) below for details on verifying that Hyper-V can be successfully installed. - -## Enable Hyper-V - -To enable Hyper-V, open an elevated Windows PowerShell prompt and run the following command: - -```powershell -Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -``` - -This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed, so if you're using Windows Server, you can just type the following command instead of using the Enable-WindowsOptionalFeature command: - -```powershell -Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -``` - -When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. - ->Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below: - - ![hyper-v feature](../images/hyper-v-feature.png) - - ![hyper-v](../images/svr_mgr2.png) - -

If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. - -After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box. - -To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/) and [Hyper-V on Windows Server](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server). - -## Create a demo VM - -Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](https://docs.microsoft.com/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](https://docs.microsoft.com/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it is simpler to use Windows PowerShell. - -To use Windows Powershell we just need to know two things: - -1. The location of the Windows 10 ISO file. - - In the example, we assume the location is **c:\iso\win10-eval.iso**. -2. The name of the network interface that connects to the Internet. - - In the example, we use a Windows PowerShell command to determine this automatically. - -After we have set the ISO file location and determined the name of the appropriate network interface, we can install Windows 10. - -### Set ISO file location - -You can download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise [here](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). -- When asked to select a platform, choose **64 bit**. - -After you download this file, the name will be extremely long (ex: 17763.107.101029-1455.rs5_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso). - -1. So that it is easier to type and remember, rename the file to **win10-eval.iso**. -2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**. -3. If you wish to use a different name and location for the file, you must modify the Windows PowerShell commands below to use your custom name and directory. - -### Determine network adapter name - -The Get-NetAdaper cmdlet is used below to automatically find the network adapter that is most likely to be the one you use to connect to the Internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: - -```powershell -(Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name -``` - -The output of this command should be the name of the network interface you use to connect to the Internet. Verify that this is the correct interface name. If it is not the correct interface name, you'll need to edit the first command below to use your network interface name. - -For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**. - -### Use Windows PowerShell to create the demo VM - -All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands. - ->[!IMPORTANT] ->**VM switch**: a VM switch is how Hyper-V connects VMs to a network.

If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."

If you have never created an external VM switch before, then just run the commands below. - -```powershell -New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name -New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal -Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot -Start-VM -VMName WindowsAutopilot -``` - -After entering these commands, connect to the VM that you just created and wait for a prompt to press a key and boot from the DVD. You can connect to the VM by double-clicking it in Hyper-V Manager. - -See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the vmconnect.exe command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. - -

-PS C:\autopilot> dir c:\iso
-
-
-    Directory: C:\iso
-
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
--a----        3/12/2019   2:46 PM     4627343360 win10-eval.iso
-
-PS C:\autopilot> (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
-Ethernet
-PS C:\autopilot> New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
-
-Name              SwitchType NetAdapterInterfaceDescription
-----              ---------- ------------------------------
-AutopilotExternal External   Intel(R) Ethernet Connection (2) I218-LM
-
-PS C:\autopilot> New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
-
-Name             State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
-----             ----- ----------- ----------------- ------   ------             -------
-WindowsAutopilot Off   0           0                 00:00:00 Operating normally 8.0
-
-PS C:\autopilot> Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-PS C:\autopilot> Start-VM -VMName WindowsAutopilot
-PS C:\autopilot> vmconnect.exe localhost WindowsAutopilot
-PS C:\autopilot> dir
-
-    Directory: C:\autopilot
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
-d-----        3/12/2019   3:15 PM                VMData
-d-----        3/12/2019   3:42 PM                VMs
-
-PS C:\autopilot>
-
- -### Install Windows 10 - -Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples: - - ![Windows setup](images/winsetup1.png) - ![Windows setup](images/winsetup2.png) - ![Windows setup](images/winsetup3.png) - ![Windows setup](images/winsetup4.png) - ![Windows setup](images/winsetup5.png) - ![Windows setup](images/winsetup6.png) - ->After the VM restarts, during OOBE, it’s fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example: - - ![Windows setup](images/winsetup7.png) - -Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again. - - ![Windows setup](images/winsetup8.png) - -To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following: - -```powershell -Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install" -``` - -Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane. - -## Capture the hardware ID - ->NOTE: Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you’re not going to use the OA3 Tool to capture the full 4K HH for various reasons (you’d have to install the OA3 tool, your device couldn’t have a volume license version of Windows, it’s a more complicated process than using a PS script, etc.). Instead, you’ll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. - -Follow these steps to run the PS script: - -1. Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device: - - ```powershell - md c:\HWID - Set-Location c:\HWID - Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force - Install-Script -Name Get-WindowsAutopilotInfo -Force - $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" - Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv - ``` - -When you are prompted to install the NuGet package, choose **Yes**. - -See the sample output below. - -
-PS C:\> md c:\HWID
-
-    Directory: C:\
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
-d-----        3/14/2019  11:33 AM                HWID
-
-PS C:\> Set-Location c:\HWID
-PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
-PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
-
-NuGet provider is required to continue
-PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
- provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
-'C:\Users\user1\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running
- 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and
-import the NuGet provider now?
-[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
-PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
-PS C:\HWID> dir
-
-    Directory: C:\HWID
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
--a----        3/14/2019  11:33 AM           8184 AutopilotHWID.csv
-
-PS C:\HWID>
-
- -Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH. - -**Note**: Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you are curious. The file format will be validated when it is imported into Autopilot. An example of the data in this file is shown below. - -![Serial number and hardware hash](images/hwid.png) - -You will need to upload this data into Intune to register your device for Autopilot, so it needs to be transferred to the computer you will use to access the Azure portal. If you are using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM). - -If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this. - ->[!NOTE] ->When copying and pasting to or from VMs, avoid clicking other things with your mouse cursor between the copy and paste process as this can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste. - -## Reset the VM back to Out-Of-Box-Experience (OOBE) - -With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE. - -On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**. -Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**. - -![Reset this PC final prompt](images/autopilot-reset-prompt.jpg) - -Resetting the VM or device can take a while. Proceed to the next step (verify subscription level) during the reset process. - -![Reset this PC screen capture](images/autopilot-reset-progress.jpg) - -## Verify subscription level - -For this lab, you need an AAD Premium subscription. You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example: - -**Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune** - -![MDM and Intune](images/mdm-intune2.png) - -If the configuration blade shown above does not appear, it’s likely that you don’t have a **Premium** subscription. Auto-enrollment is a feature only available in AAD Premium. - -To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. - -![Reset this PC final prompt](images/aad-lic1.png) - -## Configure company branding - -If you already have company branding configured in Azure Active Directory, you can skip this step. - ->[!IMPORTANT] ->Make sure to sign-in with a Global Administrator account. - -Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), click on **Configure** and configure any type of company branding you'd like to see during the OOBE. - -![Configure company branding](images/branding.png) - -When you are finished, click **Save**. - ->[!NOTE] ->Changes to company branding can take up to 30 minutes to apply. - -## Configure Microsoft Intune auto-enrollment - -If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step. - -Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, click **Add application** and choose **Intune**. - -For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**. - -![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.png) - -## Register your VM - -Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but only pick one for purposes of this lab. We highly recommend using Intune rather than MSfB. - -### Autopilot registration using Intune - -1. In Intune in the Azure portal, choose **Device enrollment** > **Windows enrollment** > **Devices** > **Import**. - - ![Intune device import](images/device-import.png) - - >[!NOTE] - >If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appeared. - -2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It’s okay if other fields (Windows Product ID) are left blank. - - ![HWID CSV](images/hwid-csv.png) - - You should receive confirmation that the file is formatted correctly before uploading it, as shown above. - -3. Click **Import** and wait until the import process completes. This can take up to 15 minutes. - -4. Click **Sync** to sync the device you just registered. Wait a few moments before refreshing to verify your VM or device has been added. See the following example. - - ![Import HWID](images/import-vm.png) - -### Autopilot registration using MSfB - ->[!IMPORTANT] ->If you've already registered your VM (or device) using Intune, then skip this step. - -Optional: see the following video for an overview of the process. - -  - -> [!video https://www.youtube.com/embed/IpLIZU_j7Z0] - -First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview) to create a new one. - -Next, sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) using your test account by clicking **Sign in** in the upper-right-corner of the main page. - -Select **Manage** from the top menu, then click the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example: - -![Microsoft Store for Business](images/msfb.png) - -Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added. - -![Devices](images/msfb-device.png) - -## Create and assign a Windows Autopilot deployment profile - ->[!IMPORTANT] ->Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only pick one for purposes of this lab: - -Pick one: -- [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) -- [Create profiles using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) - -### Create a Windows Autopilot deployment profile using Intune - ->[!NOTE] ->Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list first: - -![Devices](images/intune-devices.png) - ->The example above lists both a physical device and a VM. Your list should only include only one of these. - -To create a Windows Autopilot profile, select **Device enrollment** > **Windows enrollment** > **Deployment profiles** - -![Deployment profiles](images/deployment-profiles.png) - -Click on **Create profile**. - -![Create deployment profile](images/create-profile.png) - -On the **Create profile** blade, use the following values: - -| Setting | Value | -|---|---| -| Name | Autopilot Lab profile | -| Description | blank | -| Convert all targeted devices to Autopilot | No | -| Deployment mode | User-driven | -| Join to Azure AD as | Azure AD joined | - -Click on **Out-of-box experience (OOBE)** and configure the following settings: - -| Setting | Value | -|---|---| -| EULA | Hide | -| Privacy Settings | Hide | -| Hide change account options | Hide | -| User account type | Standard | -| Apply device name template | No | - -See the following example: - -![Deployment profile](images/profile.png) - -Click on **OK** and then click on **Create**. - ->If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile). - -#### Assign the profile - -Profiles can only be assigned to Groups, so first you must create a group that contains the devices to which the profile should be applied. This guide will provide simple instructions to assign a profile, for more detailed instructions, see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group), as optional reading. - -To create a Group, open the Azure Portal and select **Azure Active Directory** > **Groups** > **All groups**: - -![All groups](images/all-groups.png) - -Select New group from the Groups blade to open the new groups UI. Select the “Security” group type, name the group, and select the “Assigned” membership type: - -Before clicking **Create**, expand the **Members** panel, click your device's serial number (it will then appear under **Selected members**) and then click **Select** to add that device to this group. - -![New group](images/new-group.png) - -Now click **Create** to finish creating the new group. - -Click on **All groups** and click **Refresh** to verify that your new group has been successfully created. - -With a group created containing your device, you can now go back and assign your profile to that group. Navigate back to the Intune page in the Azure portal (one way is to type **Intune** in the top banner search bar and select **Intune** from the results). - -From Intune, select **Device enrollment** > **Windows enrollment** > **Deployment Profiles** to open the profile blade. Click on the name of the profile you previously created (Autopilot Lab profile) to open the details blade for that profile: - -![Lab profile](images/deployment-profiles2.png) - -Under **Manage**, click **Assignments**, and then with the **Include** tab highlighted, expand the **Select groups** blade and click **AP Lab Group 1** (the group will appear under **Selected members**). - -![Include group](images/include-group.png) - -Click **Select** and then click **Save**. - -![Include group](images/include-group2.png) - -It’s also possible to assign specific users to a profile, but we will not cover this scenario in the lab. For more detailed information, see [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot). - -### Create a Windows Autopilot deployment profile using MSfB - -If you have already created and assigned a profile via Intune by using the steps immediately above, then skip this section. - -A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below. - -First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab. - -Click **Manage** from the top menu, then click **Devices** from the left navigation tree. - -![MSfB manage](images/msfb-manage.png) - -Click the **Windows Autopilot Deployment Program** link in the **Devices** tile. - -To CREATE the profile: - -Select your device from the **Devices** list: - -![MSfB create](images/msfb-create1.png) - -On the Autopilot deployment dropdown menu, select **Create new profile**: - -![MSfB create](images/msfb-create2.png) - -Name the profile, choose your desired settings, and then click **Create**: - -![MSfB create](images/msfb-create3.png) - -The new profile is added to the Autopilot deployment list. - -To ASSIGN the profile: - -To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown: - -![MSfB assign](images/msfb-assign1.png) - -Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column: - -![MSfB assign](images/msfb-assign2.png) - ->[!IMPORTANT] ->The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. - -## See Windows Autopilot in action - -If you shut down your VM after the last reset, it’s time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**: - -![Device status](images/device-status.png) - -Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up. - ->[!TIP] ->If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you’re expecting. If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Click on Reset). - -- Ensure your device has an internet connection. -- Turn on the device -- Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip). - -![OOBE sign-in page](images/autopilot-oobe.jpg) - -Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go into the Intune Azure portal, and select **Devices > All devices**, then **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated. - -![Device enabled](images/enabled-device.png) - -Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done. - -Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings. - -## Remove devices from Autopilot - -To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it. Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below. - -### Delete (deregister) Autopilot device - -You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into your Intune Azure portal, then navigate to **Intune > Devices > All Devices**. Select the checkbox next to the device you want to delete, then click the Delete button along the top menu. - -![Delete device](images/delete-device1.png) - -Click **X** when challenged to complete the operation: - -![Delete device](images/delete-device2.png) - -This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**. - -![Delete device](images/delete-device3.png) - -The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune. Note: A device will only appear in the All devices list once it has booted. The latter (Windows Autopilot Deployment Program > Devices) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune. - -To remove the device from the Autopilot program, select the device and click Delete. - -![Delete device](images/delete-device4.png) - -A warning message appears reminding you to first remove the device from Intune, which we previously did. - -![Delete device](images/delete-device5.png) - -At this point, your device has been unenrolled from Intune and also deregistered from Autopilot. After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program: - -![Delete device](images/delete-device6.png) - -Once the device no longer appears, you are free to reuse it for other purposes. - -If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button: - -![Delete device](images/delete-device7.png) - -## Appendix A: Verify support for Hyper-V - -Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. - -To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: - -
-C:>systeminfo
-
-...
-Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
-                           Virtualization Enabled In Firmware: Yes
-                           Second Level Address Translation: Yes
-                           Data Execution Prevention Available: Yes
-
- -In this example, the computer supports SLAT and Hyper-V. - ->If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. - -You can also identify Hyper-V support using [tools](https://blogs.msdn.microsoft.com/taylorb/2008/06/19/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v/) provided by the processor manufacturer, the [msinfo32](https://technet.microsoft.com/library/cc731397.aspx) tool, or you can download the [coreinfo](https://technet.microsoft.com/sysinternals/cc835722) utility and run it, as shown in the following example: - -
-C:>coreinfo -v
-
-Coreinfo v3.31 - Dump information on system CPU and memory topology
-Copyright (C) 2008-2014 Mark Russinovich
-Sysinternals - www.sysinternals.com
-
-Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
-Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
-Microcode signature: 0000001B
-HYPERVISOR      -       Hypervisor is present
-VMX             *       Supports Intel hardware-assisted virtualization
-EPT             *       Supports Intel extended page tables (SLAT)
-
- -Note: A 64-bit operating system is required to run Hyper-V. - -## Appendix B: Adding apps to your profile - -### Add a Win32 app - -#### Prepare the app for Intune - -Before we can pull an application into Intune to make it part of our AP profile, we need to “package” the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool). After downloading the tool, gather the following three bits of information to use the tool: - -1. The source folder for your application -2. The name of the setup executable file -3. The output folder for the new file - -For the purposes of this lab, we’ll use the Notepad++ tool as our Win32 app. - -Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then opy the file to a known location, such as C:\Notepad++msi. - -Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example: - -![Add app](images/app01.png) - -After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps. - -#### Create app in Intune - -Log into the Azure portal and select **Intune**. - -Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. - -![Add app](images/app02.png) - -Under **App Type**, select **Windows app (Win32)**: - -![Add app](images/app03.png) - -On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**: - -![Add app](images/app04.png) - -On the **App Information Configure** blade, provide a friendly name, description, and publisher, such as: - -![Add app](images/app05.png) - -On the **Program Configuration** blade, supply the install and uninstall commands: - -Install: msiexec /i "npp.7.6.3.installer.x64.msi" /q -Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q - -NOTE: Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool) automatically generated them when it converted the .msi file into a .intunewin file. - -![Add app](images/app06.png) - -Simply using an install command like “notepad++.exe /S” will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn’t actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). - -Click **OK** to save your input and activate the **Requirements** blade. - -On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**: - -![Add app](images/app07.png) - -Next, configure the **Detection rules**. For our purposes, we will select manual format: - -![Add app](images/app08.png) - -Click **Add** to define the rule properties. For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule: - -![Add app](images/app09.png) - -Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration. - -**Return codes**: For our purposes, leave the return codes at their default values: - -![Add app](images/app10.png) - -Click **OK** to exit. - -You may skip configuring the final **Scope (Tags)** blade. - -Click the **Add** button to finalize and save your app package. - -Once the indicator message says the addition has completed. - -![Add app](images/app11.png) - -You will be able to find your app in your app list: - -![Add app](images/app12.png) - -#### Assign the app to your Intune profile - -**NOTE**: The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile). If you have not done that, please return to the main part of the lab and complete those steps before returning here. - -In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then click **Assignments** from the menu: - -![Add app](images/app13.png) - -Select **Add Group** to open the **Add group** pane that is related to the app. - -For our purposes, select *8Required** from the **Assignment type** dropdown menu: - ->**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. - -Select **Included Groups** and assign the groups you previously created that will use this app: - -![Add app](images/app14.png) - -![Add app](images/app15.png) - -In the **Select groups** pane, click the **Select** button. - -In the **Assign group** pane, select **OK**. - -In the **Add group** pane, select **OK**. - -In the app **Assignments** pane, select **Save**. - -![Add app](images/app16.png) - -At this point, you have completed steps to add a Win32 app to Intune. - -For more information on adding adds to Intune, see [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps-win32-app-management). - -### Add Office 365 - -#### Create app in Intune - -Log into the Azure portal and select **Intune**. - -Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. - -![Add app](images/app17.png) - -Under **App Type**, select **Office 365 Suite > Windows 10**: - -![Add app](images/app18.png) - -Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this labe we have only selected Excel: - -![Add app](images/app19.png) - -Click **OK**. - -In the **App Suite Information** pane, enter a unique suite name, and a suitable description. - ->Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal. - -![Add app](images/app20.png) - -Click **OK**. - -In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab). Also select **Yes** for **Automatically accept the app end user license agreement**: - -![Add app](images/app21.png) - -Click **OK** and then click **Add**. - -#### Assign the app to your Intune profile - -**NOTE**: The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile). If you have not done that, please return to the main part of the lab and complete those steps before returning here. - -In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then click **Assignments** from the menu: - -![Add app](images/app22.png) - -Select **Add Group** to open the **Add group** pane that is related to the app. - -For our purposes, select **Required** from the **Assignment type** dropdown menu: - ->**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. - -Select **Included Groups** and assign the groups you previously created that will use this app: - -![Add app](images/app23.png) - -![Add app](images/app24.png) - -In the **Select groups** pane, click the **Select** button. - -In the **Assign group** pane, select **OK**. - -In the **Add group** pane, select **OK**. - -In the app **Assignments** pane, select **Save**. - -![Add app](images/app25.png) - -At this point, you have completed steps to add Office to Intune. - -For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](https://docs.microsoft.com/intune/apps-add-office365). - -If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate: - -![Add app](images/app26.png) - -## Glossary - - - - - - - - - - - - - - -
OEMOriginal Equipment Manufacturer
CSVComma Separated Values
MPCMicrosoft Partner Center
CSPCloud Solution Provider
MSfBMicrosoft Store for Business
AADAzure Active Directory
4K HH4K Hardware Hash
CBRComputer Build Report
ECEnterprise Commerce (server)
DDSDevice Directory Service
OOBEOut of the Box Experience
VMVirtual Machine
+--- +title: Demonstrate Autopilot deployment +ms.reviewer: +manager: laurawi +description: Step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +ms.custom: autopilot +--- + + +# Demonstrate Autopilot deployment + +**Applies to** + +- Windows 10 + +To get started with Windows Autopilot, you should try it out with a virtual machine (VM) or you can use a physical device that will be wiped and then have a fresh install of Windows 10. + +In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM using Hyper-V. Note: Although there are [multiple platforms](administer.md) available to enable Autopilot, this lab primarily uses Intune. + +>Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you are using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. + +The following video provides an overview of the process: + +
+ + +>For a list of terms used in this guide, see the [Glossary](#glossary) section. + +## Prerequisites + +These are the things you'll need to complete this lab: + + + +
Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file), version 1703 or later is required. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.
Internet accessIf you are behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
Hyper-V or a physical device running Windows 10The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.
A Premium Intune accountThis guide will describe how to obtain a free 30-day trial premium account that can be used to complete the lab.
+ +## Procedures + +A summary of the sections and procedures in the lab is provided below. Follow each section in the order it is presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix. + +[Verify support for Hyper-V](#verify-support-for-hyper-v) +
[Enable Hyper-V](#enable-hyper-v) +
[Create a demo VM](#create-a-demo-vm) +
    [Set ISO file location](#set-iso-file-location) +
    [Determine network adapter name](#determine-network-adapter-name) +
    [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm) +
    [Install Windows 10](#install-windows-10) +
[Capture the hardware ID](#capture-the-hardware-id) +
[Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe) +
[Verify subscription level](#verify-subscription-level) +
[Configure company branding](#configure-company-branding) +
[Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment) +
[Register your VM](#register-your-vm) +
    [Autopilot registration using Intune](#autopilot-registration-using-intune) +
    [Autopilot registration using MSfB](#autopilot-registration-using-msfb) +
[Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile) +
    [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) +
       [Assign the profile](#assign-the-profile) +
    [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) +
[See Windows Autopilot in action](#see-windows-autopilot-in-action) +
[Remove devices from Autopilot](#remove-devices-from-autopilot) +
    [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device) +
[Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v) +
[Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile) +
    [Add a Win32 app](#add-a-win32-app) +
       [Prepare the app for Intune](#prepare-the-app-for-intune) +
       [Create app in Intune](#create-app-in-intune) +
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) +
    [Add Office 365](#add-office-365) +
       [Create app in Intune](#create-app-in-intune) +
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) +
[Glossary](#glossary) + +## Verify support for Hyper-V + +If you don't already have Hyper-V, we must first enable this on a computer running Windows 10 or Windows Server (2012 R2 or later). + +>If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you are using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). + +If you are not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) below for details on verifying that Hyper-V can be successfully installed. + +## Enable Hyper-V + +To enable Hyper-V, open an elevated Windows PowerShell prompt and run the following command: + +```powershell +Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All +``` + +This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed, so if you're using Windows Server, you can just type the following command instead of using the Enable-WindowsOptionalFeature command: + +```powershell +Install-WindowsFeature -Name Hyper-V -IncludeManagementTools +``` + +When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. + +>Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below: + + ![hyper-v feature](../images/hyper-v-feature.png) + + ![hyper-v](../images/svr_mgr2.png) + +

If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. + +After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box. + +To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/) and [Hyper-V on Windows Server](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server). + +## Create a demo VM + +Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](https://docs.microsoft.com/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](https://docs.microsoft.com/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it is simpler to use Windows PowerShell. + +To use Windows Powershell we just need to know two things: + +1. The location of the Windows 10 ISO file. + - In the example, we assume the location is **c:\iso\win10-eval.iso**. +2. The name of the network interface that connects to the Internet. + - In the example, we use a Windows PowerShell command to determine this automatically. + +After we have set the ISO file location and determined the name of the appropriate network interface, we can install Windows 10. + +### Set ISO file location + +You can download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise [here](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). +- When asked to select a platform, choose **64 bit**. + +After you download this file, the name will be extremely long (ex: 17763.107.101029-1455.rs5_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso). + +1. So that it is easier to type and remember, rename the file to **win10-eval.iso**. +2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**. +3. If you wish to use a different name and location for the file, you must modify the Windows PowerShell commands below to use your custom name and directory. + +### Determine network adapter name + +The Get-NetAdaper cmdlet is used below to automatically find the network adapter that is most likely to be the one you use to connect to the Internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: + +```powershell +(Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name +``` + +The output of this command should be the name of the network interface you use to connect to the Internet. Verify that this is the correct interface name. If it is not the correct interface name, you'll need to edit the first command below to use your network interface name. + +For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**. + +### Use Windows PowerShell to create the demo VM + +All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands. + +>[!IMPORTANT] +>**VM switch**: a VM switch is how Hyper-V connects VMs to a network.

If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."

If you have never created an external VM switch before, then just run the commands below. + +```powershell +New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name +New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal +Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot +Start-VM -VMName WindowsAutopilot +``` + +After entering these commands, connect to the VM that you just created and wait for a prompt to press a key and boot from the DVD. You can connect to the VM by double-clicking it in Hyper-V Manager. + +See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the vmconnect.exe command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. + +

+PS C:\autopilot> dir c:\iso
+
+
+    Directory: C:\iso
+
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+-a----        3/12/2019   2:46 PM     4627343360 win10-eval.iso
+
+PS C:\autopilot> (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
+Ethernet
+PS C:\autopilot> New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$.Status -eq "Up" -and !$.Virtual}).Name
+
+Name              SwitchType NetAdapterInterfaceDescription
+----              ---------- ------------------------------
+AutopilotExternal External   Intel(R) Ethernet Connection (2) I218-LM
+
+PS C:\autopilot> New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
+
+Name             State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
+----             ----- ----------- ----------------- ------   ------             -------
+WindowsAutopilot Off   0           0                 00:00:00 Operating normally 8.0
+
+PS C:\autopilot> Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
+PS C:\autopilot> Start-VM -VMName WindowsAutopilot
+PS C:\autopilot> vmconnect.exe localhost WindowsAutopilot
+PS C:\autopilot> dir
+
+    Directory: C:\autopilot
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+d-----        3/12/2019   3:15 PM                VMData
+d-----        3/12/2019   3:42 PM                VMs
+
+PS C:\autopilot>
+
+ +### Install Windows 10 + +Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples: + + ![Windows setup](images/winsetup1.png) + ![Windows setup](images/winsetup2.png) + ![Windows setup](images/winsetup3.png) + ![Windows setup](images/winsetup4.png) + ![Windows setup](images/winsetup5.png) + ![Windows setup](images/winsetup6.png) + +>After the VM restarts, during OOBE, it’s fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example: + + ![Windows setup](images/winsetup7.png) + +Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again. + + ![Windows setup](images/winsetup8.png) + +To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following: + +```powershell +Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install" +``` + +Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane. + +## Capture the hardware ID + +>NOTE: Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you’re not going to use the OA3 Tool to capture the full 4K HH for various reasons (you’d have to install the OA3 tool, your device couldn’t have a volume license version of Windows, it’s a more complicated process than using a PS script, etc.). Instead, you’ll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. + +Follow these steps to run the PS script: + +1. Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device: + + ```powershell + md c:\HWID + Set-Location c:\HWID + Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force + Install-Script -Name Get-WindowsAutopilotInfo -Force + $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts" + Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv + ``` + +When you are prompted to install the NuGet package, choose **Yes**. + +See the sample output below. + +
+PS C:\> md c:\HWID
+
+    Directory: C:\
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+d-----        3/14/2019  11:33 AM                HWID
+
+PS C:\> Set-Location c:\HWID
+PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
+PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
+
+NuGet provider is required to continue
+PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
+ provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
+'C:\Users\user1\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running
+ 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and
+import the NuGet provider now?
+[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
+PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
+PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
+PS C:\HWID> dir
+
+    Directory: C:\HWID
+
+Mode                LastWriteTime         Length Name
+----                -------------         ------ ----
+-a----        3/14/2019  11:33 AM           8184 AutopilotHWID.csv
+
+PS C:\HWID>
+
+ +Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH. + +**Note**: Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you are curious. The file format will be validated when it is imported into Autopilot. An example of the data in this file is shown below. + +![Serial number and hardware hash](images/hwid.png) + +You will need to upload this data into Intune to register your device for Autopilot, so it needs to be transferred to the computer you will use to access the Azure portal. If you are using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM). + +If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this. + +>[!NOTE] +>When copying and pasting to or from VMs, avoid clicking other things with your mouse cursor between the copy and paste process as this can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste. + +## Reset the VM back to Out-Of-Box-Experience (OOBE) + +With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE. + +On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**. +Select **Remove everything** and **Just remove my files**. Finally, click on **Reset**. + +![Reset this PC final prompt](images/autopilot-reset-prompt.jpg) + +Resetting the VM or device can take a while. Proceed to the next step (verify subscription level) during the reset process. + +![Reset this PC screen capture](images/autopilot-reset-progress.jpg) + +## Verify subscription level + +For this lab, you need an AAD Premium subscription. You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example: + +**Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune** + +![MDM and Intune](images/mdm-intune2.png) + +If the configuration blade shown above does not appear, it’s likely that you don’t have a **Premium** subscription. Auto-enrollment is a feature only available in AAD Premium. + +To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. + +![Reset this PC final prompt](images/aad-lic1.png) + +## Configure company branding + +If you already have company branding configured in Azure Active Directory, you can skip this step. + +>[!IMPORTANT] +>Make sure to sign-in with a Global Administrator account. + +Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), click on **Configure** and configure any type of company branding you'd like to see during the OOBE. + +![Configure company branding](images/branding.png) + +When you are finished, click **Save**. + +>[!NOTE] +>Changes to company branding can take up to 30 minutes to apply. + +## Configure Microsoft Intune auto-enrollment + +If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step. + +Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, click **Add application** and choose **Intune**. + +For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**. + +![MDM user scope in the Mobility blade](images/autopilot-aad-mdm.png) + +## Register your VM + +Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but only pick one for purposes of this lab. We highly recommend using Intune rather than MSfB. + +### Autopilot registration using Intune + +1. In Intune in the Azure portal, choose **Device enrollment** > **Windows enrollment** > **Devices** > **Import**. + + ![Intune device import](images/device-import.png) + + >[!NOTE] + >If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appeared. + +2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It’s okay if other fields (Windows Product ID) are left blank. + + ![HWID CSV](images/hwid-csv.png) + + You should receive confirmation that the file is formatted correctly before uploading it, as shown above. + +3. Click **Import** and wait until the import process completes. This can take up to 15 minutes. + +4. Click **Sync** to sync the device you just registered. Wait a few moments before refreshing to verify your VM or device has been added. See the following example. + + ![Import HWID](images/import-vm.png) + +### Autopilot registration using MSfB + +>[!IMPORTANT] +>If you've already registered your VM (or device) using Intune, then skip this step. + +Optional: see the following video for an overview of the process. + +  + +> [!video https://www.youtube.com/embed/IpLIZU_j7Z0] + +First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](https://docs.microsoft.com/microsoft-store/windows-store-for-business-overview) to create a new one. + +Next, sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) using your test account by clicking **Sign in** in the upper-right-corner of the main page. + +Select **Manage** from the top menu, then click the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example: + +![Microsoft Store for Business](images/msfb.png) + +Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added. + +![Devices](images/msfb-device.png) + +## Create and assign a Windows Autopilot deployment profile + +>[!IMPORTANT] +>Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only pick one for purposes of this lab: + +Pick one: +- [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) +- [Create profiles using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) + +### Create a Windows Autopilot deployment profile using Intune + +>[!NOTE] +>Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list first: + +![Devices](images/intune-devices.png) + +>The example above lists both a physical device and a VM. Your list should only include only one of these. + +To create a Windows Autopilot profile, select **Device enrollment** > **Windows enrollment** > **Deployment profiles** + +![Deployment profiles](images/deployment-profiles.png) + +Click on **Create profile**. + +![Create deployment profile](images/create-profile.png) + +On the **Create profile** blade, use the following values: + +| Setting | Value | +|---|---| +| Name | Autopilot Lab profile | +| Description | blank | +| Convert all targeted devices to Autopilot | No | +| Deployment mode | User-driven | +| Join to Azure AD as | Azure AD joined | + +Click on **Out-of-box experience (OOBE)** and configure the following settings: + +| Setting | Value | +|---|---| +| EULA | Hide | +| Privacy Settings | Hide | +| Hide change account options | Hide | +| User account type | Standard | +| Apply device name template | No | + +See the following example: + +![Deployment profile](images/profile.png) + +Click on **OK** and then click on **Create**. + +>If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile). + +#### Assign the profile + +Profiles can only be assigned to Groups, so first you must create a group that contains the devices to which the profile should be applied. This guide will provide simple instructions to assign a profile, for more detailed instructions, see [Create an Autopilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an Autopilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group), as optional reading. + +To create a Group, open the Azure Portal and select **Azure Active Directory** > **Groups** > **All groups**: + +![All groups](images/all-groups.png) + +Select New group from the Groups blade to open the new groups UI. Select the “Security” group type, name the group, and select the “Assigned” membership type: + +Before clicking **Create**, expand the **Members** panel, click your device's serial number (it will then appear under **Selected members**) and then click **Select** to add that device to this group. + +![New group](images/new-group.png) + +Now click **Create** to finish creating the new group. + +Click on **All groups** and click **Refresh** to verify that your new group has been successfully created. + +With a group created containing your device, you can now go back and assign your profile to that group. Navigate back to the Intune page in the Azure portal (one way is to type **Intune** in the top banner search bar and select **Intune** from the results). + +From Intune, select **Device enrollment** > **Windows enrollment** > **Deployment Profiles** to open the profile blade. Click on the name of the profile you previously created (Autopilot Lab profile) to open the details blade for that profile: + +![Lab profile](images/deployment-profiles2.png) + +Under **Manage**, click **Assignments**, and then with the **Include** tab highlighted, expand the **Select groups** blade and click **AP Lab Group 1** (the group will appear under **Selected members**). + +![Include group](images/include-group.png) + +Click **Select** and then click **Save**. + +![Include group](images/include-group2.png) + +It’s also possible to assign specific users to a profile, but we will not cover this scenario in the lab. For more detailed information, see [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot). + +### Create a Windows Autopilot deployment profile using MSfB + +If you have already created and assigned a profile via Intune by using the steps immediately above, then skip this section. + +A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below. + +First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab. + +Click **Manage** from the top menu, then click **Devices** from the left navigation tree. + +![MSfB manage](images/msfb-manage.png) + +Click the **Windows Autopilot Deployment Program** link in the **Devices** tile. + +To CREATE the profile: + +Select your device from the **Devices** list: + +![MSfB create](images/msfb-create1.png) + +On the Autopilot deployment dropdown menu, select **Create new profile**: + +![MSfB create](images/msfb-create2.png) + +Name the profile, choose your desired settings, and then click **Create**: + +![MSfB create](images/msfb-create3.png) + +The new profile is added to the Autopilot deployment list. + +To ASSIGN the profile: + +To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown: + +![MSfB assign](images/msfb-assign1.png) + +Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column: + +![MSfB assign](images/msfb-assign2.png) + +>[!IMPORTANT] +>The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. + +## See Windows Autopilot in action + +If you shut down your VM after the last reset, it’s time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**: + +![Device status](images/device-status.png) + +Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up. + +>[!TIP] +>If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you’re expecting. If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Click on Reset). + +- Ensure your device has an internet connection. +- Turn on the device +- Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip). + +![OOBE sign-in page](images/autopilot-oobe.jpg) + +Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go into the Intune Azure portal, and select **Devices > All devices**, then **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated. + +![Device enabled](images/enabled-device.png) + +Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done. + +Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoints you've created to go through this process again with different settings. + +## Remove devices from Autopilot + +To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it. Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below. + +### Delete (deregister) Autopilot device + +You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into your Intune Azure portal, then navigate to **Intune > Devices > All Devices**. Select the checkbox next to the device you want to delete, then click the Delete button along the top menu. + +![Delete device](images/delete-device1.png) + +Click **X** when challenged to complete the operation: + +![Delete device](images/delete-device2.png) + +This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**. + +![Delete device](images/delete-device3.png) + +The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune. Note: A device will only appear in the All devices list once it has booted. The latter (Windows Autopilot Deployment Program > Devices) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune. + +To remove the device from the Autopilot program, select the device and click Delete. + +![Delete device](images/delete-device4.png) + +A warning message appears reminding you to first remove the device from Intune, which we previously did. + +![Delete device](images/delete-device5.png) + +At this point, your device has been unenrolled from Intune and also deregistered from Autopilot. After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program: + +![Delete device](images/delete-device6.png) + +Once the device no longer appears, you are free to reuse it for other purposes. + +If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button: + +![Delete device](images/delete-device7.png) + +## Appendix A: Verify support for Hyper-V + +Starting with Windows 8, the host computer’s microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. + +To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: + +
+C:>systeminfo
+
+...
+Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
+                           Virtualization Enabled In Firmware: Yes
+                           Second Level Address Translation: Yes
+                           Data Execution Prevention Available: Yes
+
+ +In this example, the computer supports SLAT and Hyper-V. + +>If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. + +You can also identify Hyper-V support using [tools](https://blogs.msdn.microsoft.com/taylorb/2008/06/19/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v/) provided by the processor manufacturer, the [msinfo32](https://technet.microsoft.com/library/cc731397.aspx) tool, or you can download the [coreinfo](https://technet.microsoft.com/sysinternals/cc835722) utility and run it, as shown in the following example: + +
+C:>coreinfo -v
+
+Coreinfo v3.31 - Dump information on system CPU and memory topology
+Copyright (C) 2008-2014 Mark Russinovich
+Sysinternals - www.sysinternals.com
+
+Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
+Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
+Microcode signature: 0000001B
+HYPERVISOR      -       Hypervisor is present
+VMX             *       Supports Intel hardware-assisted virtualization
+EPT             *       Supports Intel extended page tables (SLAT)
+
+ +Note: A 64-bit operating system is required to run Hyper-V. + +## Appendix B: Adding apps to your profile + +### Add a Win32 app + +#### Prepare the app for Intune + +Before we can pull an application into Intune to make it part of our AP profile, we need to “package” the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool). After downloading the tool, gather the following three bits of information to use the tool: + +1. The source folder for your application +2. The name of the setup executable file +3. The output folder for the new file + +For the purposes of this lab, we’ll use the Notepad++ tool as our Win32 app. + +Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then opy the file to a known location, such as C:\Notepad++msi. + +Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example: + +![Add app](images/app01.png) + +After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps. + +#### Create app in Intune + +Log into the Azure portal and select **Intune**. + +Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. + +![Add app](images/app02.png) + +Under **App Type**, select **Windows app (Win32)**: + +![Add app](images/app03.png) + +On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**: + +![Add app](images/app04.png) + +On the **App Information Configure** blade, provide a friendly name, description, and publisher, such as: + +![Add app](images/app05.png) + +On the **Program Configuration** blade, supply the install and uninstall commands: + +Install: msiexec /i "npp.7.6.3.installer.x64.msi" /q +Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q + +NOTE: Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool) automatically generated them when it converted the .msi file into a .intunewin file. + +![Add app](images/app06.png) + +Simply using an install command like “notepad++.exe /S” will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn’t actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). + +Click **OK** to save your input and activate the **Requirements** blade. + +On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**: + +![Add app](images/app07.png) + +Next, configure the **Detection rules**. For our purposes, we will select manual format: + +![Add app](images/app08.png) + +Click **Add** to define the rule properties. For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule: + +![Add app](images/app09.png) + +Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration. + +**Return codes**: For our purposes, leave the return codes at their default values: + +![Add app](images/app10.png) + +Click **OK** to exit. + +You may skip configuring the final **Scope (Tags)** blade. + +Click the **Add** button to finalize and save your app package. + +Once the indicator message says the addition has completed. + +![Add app](images/app11.png) + +You will be able to find your app in your app list: + +![Add app](images/app12.png) + +#### Assign the app to your Intune profile + +**NOTE**: The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile). If you have not done that, please return to the main part of the lab and complete those steps before returning here. + +In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then click **Assignments** from the menu: + +![Add app](images/app13.png) + +Select **Add Group** to open the **Add group** pane that is related to the app. + +For our purposes, select *8Required** from the **Assignment type** dropdown menu: + +>**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. + +Select **Included Groups** and assign the groups you previously created that will use this app: + +![Add app](images/app14.png) + +![Add app](images/app15.png) + +In the **Select groups** pane, click the **Select** button. + +In the **Assign group** pane, select **OK**. + +In the **Add group** pane, select **OK**. + +In the app **Assignments** pane, select **Save**. + +![Add app](images/app16.png) + +At this point, you have completed steps to add a Win32 app to Intune. + +For more information on adding adds to Intune, see [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps-win32-app-management). + +### Add Office 365 + +#### Create app in Intune + +Log into the Azure portal and select **Intune**. + +Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. + +![Add app](images/app17.png) + +Under **App Type**, select **Office 365 Suite > Windows 10**: + +![Add app](images/app18.png) + +Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this labe we have only selected Excel: + +![Add app](images/app19.png) + +Click **OK**. + +In the **App Suite Information** pane, enter a unique suite name, and a suitable description. + +>Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal. + +![Add app](images/app20.png) + +Click **OK**. + +In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab). Also select **Yes** for **Automatically accept the app end user license agreement**: + +![Add app](images/app21.png) + +Click **OK** and then click **Add**. + +#### Assign the app to your Intune profile + +**NOTE**: The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#assign-the-profile). If you have not done that, please return to the main part of the lab and complete those steps before returning here. + +In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then click **Assignments** from the menu: + +![Add app](images/app22.png) + +Select **Add Group** to open the **Add group** pane that is related to the app. + +For our purposes, select **Required** from the **Assignment type** dropdown menu: + +>**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. + +Select **Included Groups** and assign the groups you previously created that will use this app: + +![Add app](images/app23.png) + +![Add app](images/app24.png) + +In the **Select groups** pane, click the **Select** button. + +In the **Assign group** pane, select **OK**. + +In the **Add group** pane, select **OK**. + +In the app **Assignments** pane, select **Save**. + +![Add app](images/app25.png) + +At this point, you have completed steps to add Office to Intune. + +For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](https://docs.microsoft.com/intune/apps-add-office365). + +If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate: + +![Add app](images/app26.png) + +## Glossary + + + + + + + + + + + + + + +
OEMOriginal Equipment Manufacturer
CSVComma Separated Values
MPCMicrosoft Partner Center
CSPCloud Solution Provider
MSfBMicrosoft Store for Business
AADAzure Active Directory
4K HH4K Hardware Hash
CBRComputer Build Report
ECEnterprise Commerce (server)
DDSDevice Directory Service
OOBEOut of the Box Experience
VMVirtual Machine
diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index 088f0adccd..524f34b78a 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -159,7 +159,7 @@ The following table lists in what GDPR mode – controller or processor – Wind */*Depending on which application/feature this is referring to.* -## Windows diagnostic data and Windows 10 +## Windows diagnostic data and Windows 10 ### Recommended Windows 10 settings diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index e50ae1fdfb..b9b11df607 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -16,7 +16,7 @@ ms.date: 08/17/2017 ms.reviewer: --- -# Windows Defender Credential Guard: Known issues +# Windows Defender Credential Guard: Known issues **Applies to** - Windows 10 diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 60e829af0c..4563787217 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -38,7 +38,7 @@ A new Active Directory Federation Services farm should have a minimum of two fed Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. -## Update Windows Server 2016 +## Update Windows Server 2016 Sign-in the federation server with _local admin_ equivalent credentials. 1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please advise the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 161c10f243..a6364bad59 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -38,7 +38,7 @@ A new Active Directory Federation Services farm should have a minimum of two fed Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. -## Update Windows Server 2016 +## Update Windows Server 2016 Sign-in the federation server with _local admin_ equivalent credentials. 1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If you’re not using Windows Update for updates, please review the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed. diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index df25b0e70c..59a2e070cb 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium ms.date: 01/12/2018 ms.reviewer: --- -# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard +# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard **Applies to** - Windows 10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index b89ced627d..e6b90ed8bc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -48,7 +48,7 @@ This is applicable to Azure Hybrid AD as well. For Windows PCs and Windows Phones that enroll using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD. -## Managing servers +## Managing servers Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use [PowerShell to enable BitLocker on a server](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell), ideally as part of the initial setup. BitLocker is an Optional Component (OC) in Windows Server, so follow the directions in [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md) to add the BitLocker OC. diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index cf6a9871cb..37a8fb4242 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -133,7 +133,7 @@ #### [Integrations]() ##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md) -##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) +##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) #### [Information protection in Windows overview]() @@ -1049,7 +1049,7 @@ ###### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md) ###### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md) ###### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md) -###### [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) +###### [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) ###### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md) ###### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md) ###### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index 0379951dbd..652e76f78d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -38,7 +38,7 @@ On the top navigation you can: ![Image of alerts queue](images/alerts-queue-list.png) -## Sort, filter, and group the alerts queue +## Sort, filter, and group the alerts queue You can apply the following filters to limit the list of alerts and get a more focused view the alerts. ### Severity diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 4c97c07b2e..9706e81443 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -28,7 +28,7 @@ ms.date: 10/16/2017 Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center. -## Alert API fields and portal mapping +## Alert API fields and portal mapping The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal. The ArcSight field column contains the default mapping between the Microsoft Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the needs of your organization. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index 6f600470d6..732da72377 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -108,7 +108,7 @@ It is recommended that groups are created for MSSPs to make authorization access As a MSSP customer, you can always remove or modify the permissions granted to the MSSP by updating the Azure AD user groups. -## Access the Windows Defender Security Center MSSP customer portal +## Access the Windows Defender Security Center MSSP customer portal >[!NOTE] >These set of steps are directed towards the MSSP. diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index d9a36f6795..2251ec4e49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Run a detection test on a newly onboarded Microsoft Defender ATP machine +# Run a detection test on a newly onboarded Microsoft Defender ATP machine **Applies to:** - Supported Windows 10 versions diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md index 0cf451828c..22975b13f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: troubleshooting --- -# Troubleshoot Microsoft Defender Advanced Threat Protection +# Troubleshoot Microsoft Defender Advanced Threat Protection Troubleshoot issues that might arise as you use Microsoft Defender ATP capabilities. diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md index 9bcc029641..4b653cf263 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md @@ -65,7 +65,7 @@ This section describes features and tools that are available to help you manage None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy. -### Policy dependencies +### Policy dependencies The settings for this security policy are dependent on the [Network security: LAN Manager authentication level](network-security-lan-manager-authentication-level.md) setting value. diff --git a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md index 8ab757be7a..a9d12cc027 100644 --- a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md @@ -15,7 +15,7 @@ manager: dansimp ms.author: dolmont --- -# WannaCrypt ransomware worm targets out-of-date systems +# WannaCrypt ransomware worm targets out-of-date systems On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) if they have not already done so. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 129309368a..1db0749694 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -1,631 +1,631 @@ ---- -title: What's new in Windows 10 Enterprise 2019 LTSC -ms.reviewer: -manager: laurawi -ms.author: greglin -description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB). -keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"] -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: low -ms.topic: article ---- - -# What's new in Windows 10 Enterprise 2019 LTSC - -**Applies to** -- Windows 10 Enterprise 2019 LTSC - -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2019 LTSC, compared to Windows 10 Enterprise 2016 LTSC (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). - ->[!NOTE] ->Features in Windows 10 Enterprise 2019 LTSC are equivalent to Windows 10, version 1809. - -Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as: - - Advanced protection against modern security threats - - Full flexibility of OS deployment - - Updating and support options - - Comprehensive device and app management and control capabilities - -The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. - ->[!IMPORTANT] ->The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited. - -## Microsoft Intune - ->Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as [Windows Autopilot](#windows-autopilot). However, note that Windows Update for Business (WUfB) does not currently support any LTSC releases, therefore you should use WSUS or Configuration Manager for patching. - -## Security - -This version of Window 10 includes security improvements for threat protection, information protection, and identity protection. - -### Threat protection - -#### Windows Defender ATP - -The Windows Defender Advanced Threat Protection ([Windows Defender ATP](/windows/security/threat-protection/index)) platform inludes the security pillars shown in the following diagram. In this version of Windows, Windows Defender ATP includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. - -![Windows Defender ATP](../images/wdatp.png) - -##### Attack surface reduction - -Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access](/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard). - - This feature can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether. - - When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking **Manage settings** under the **Ransomware protection** heading. Click **Allow an app through Controlled folder access**. After the prompt, click the **+** button and choose **Recently blocked apps**. Select any of the apps to add them to the allowed list. You can also browse for an app from this page. - -###### Windows Defender Firewall - -Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](https://docs.microsoft.com/windows/wsl/release-notes#build-17618-skip-ahead). - -##### Windows Defender Device Guard - -[Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: -- Software-based protection provided by code integrity policies -- Hardware-based protection provided by Hypervisor-protected code integrity (HVCI) - -But these protections can also be configured separately. And, unlike HVCI, code integrity policies do not require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control). - -### Next-gen protection - -#### Office 365 Ransomware Detection - -For Office 365 Home and Office 365 Personal subscribers, Ransomware Detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. For more information, see [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US) - -### Endpoint detection and response - -Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. - - Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). - - We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). The new library includes information on: -- [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) -- [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) -- [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) -- [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) -- [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) - - Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus). - - New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: -- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) -- [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) -- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) - - We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). - - **Endpoint detection and response** is also enhanced. New **detection** capabilities include: -- [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. - - [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. - - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. - - Upgraded detections of ransomware and other advanced attacks. - - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed. - - **Threat reponse** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: -- [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. - -Additional capabilities have been added to help you gain a holistic view on **investigations** include: - - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - - [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) - - [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) - - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. - - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. - - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP. - -Other enhanced security features include: -- [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. -- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection) - Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. -- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center) - Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. -- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. -- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) - Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. -- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection) - Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. -- [Enable conditional access to better protect users, devices, and data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) - -We've also added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you to turn it back on. - -We’re continuing to work on how other security apps you’ve installed show up in the **Windows Security** app. There’s a new page called **Security providers** that you can find in the **Settings** section of the app. Click **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to resolve issues reported to you through **Windows Security**. - -This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks). - -You can read more about ransomware mitigations and detection capability at: -- [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) -- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) -- [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) - -Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) - -Get a quick, but in-depth overview of Windows Defender ATP for Windows 10: [Windows Defender Advanced Threat Protection](/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). - -For more information about features of Windows Defender ATP available in different editions of Windows 10, see the [Windows 10 commercial edition comparison](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf). - -### Information protection - -Improvements have been added to Windows Information Protection and BitLocker. - -#### Windows Information Protection - -Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. For more information, see [Deploying and managing Windows Information Protection (WIP) with Azure Information Protection](https://myignite.microsoft.com/sessions/53660?source=sessions). - -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune). - -You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs). - -This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive Files On-Demand For The Enterprise](https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-Files-On-Demand-For-The-Enterprise/ba-p/117234). - -### BitLocker - -The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol3). - -#### Silent enforcement on fixed drives - -Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. - -This is an update to the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp), which was introduced in Windows 10, version 1703, and leveraged by Intune and others. - -This feature will soon be enabled on Olympia Corp as an optional feature. - -#### Delivering BitLocker policy to AutoPilot devices during OOBE - -You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. - -For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE. - -To achieve this: - -1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. -2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. - - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users. -3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. - - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts. - -### Identity protection - -Improvements have been added are to Windows Hello for Business and Credential Guard. - -#### Windows Hello for Business - -New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you are not present. - -New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification.md) inlcude: -- You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). -- For Windows Phone devices, an administrator is able to initiate a remote PIN reset through the Intune portal. -- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset). - -[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#kiosk-configuration) section. -- Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). -- Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. -- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their phone or device Bluetooth is off. -- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. -- New [public API](https://docs.microsoft.com/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. -- It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: phone Bluetooth is off). - -For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97) - -#### Windows Defender Credential Guard - -Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It is designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. - -Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns this functionality on by default when the machine has been Azure Active Directory joined. This provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. Please note that Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. - -For more information, see [Credential Guard Security Considerations](/windows/access-protection/credential-guard/credential-guard-requirements#security-considerations). - -### Other security improvments - -#### Windows security baselines - -Microsoft has released new [Windows security baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). - -**Windows security baselines** have been updated for Windows 10. A [security baseline](https://docs.microsoft.com/windows/device-security/windows-security-baselines) is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). - -The new [security baseline for Windows 10 version 1803](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10) has been published. - -#### SMBLoris vulnerability - -An issue, known as “SMBLoris�?, which could result in denial of service, has been addressed. - -#### Windows Security Center - -Windows Defender Security Center is now called **Windows Security Center**. - -You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Windows Defender Antivirus** and **Windows Defender Firewall**. - -The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Windows Defender Antivirus will remain enabled side-by-side with these products. - -WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**. - -![alt text](../images/defender.png "Windows Security Center") - -#### Group Policy Security Options - -The security setting [**Interactive logon: Display user information when the session is locked**](/windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. - -A new security policy setting -[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise 2019 LTSC. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. - -#### Windows 10 in S mode - -We’ve continued to work on the **Current threats** area in [Virus & threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: - -![Virus & threat protection settings](../images/virus-and-threat-protection.png "Virus & threat protection settings") - -## Deployment - -### Windows Autopilot - -[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise 2019 LTSC (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. - -Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog) or this article for updated information. - -Using Intune, Autopilot now enables locking the device during provisioning during the Windows Out Of Box Experience (OOBE) until policies and settings for the device get provisioned, thereby ensuring that by the time the user gets to the desktop, the device is secured and configured correctly. - -You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see [Manage Windows device deployment with Windows Autopilot Deployment](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). - -#### Windows Autopilot self-deploying mode - -Windows Autopilot self-deploying mode enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured automatically by Windows Autopilot. - -This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. - -You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. - -To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying). - - -#### Autopilot Reset - -IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). - -### MBR2GPT.EXE - -MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). - -The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. - -Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. - -For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). - -### DISM - -The following new DISM commands have been added to manage feature updates: - - DISM /Online /Initiate-OSUninstall - – Initiates a OS uninstall to take the computer back to the previous installation of windows. - DISM /Online /Remove-OSUninstall - – Removes the OS uninstall capability from the computer. - DISM /Online /Get-OSUninstallWindow - – Displays the number of days after upgrade during which uninstall can be performed. - DISM /Online /Set-OSUninstallWindow - – Sets the number of days after upgrade during which uninstall can be performed. - -For more information, see [DISM operating system uninstall command-line options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options). - -### Windows Setup - -You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once. - -Prerequisites: -- Windows 10, version 1803 or Windows 10 Enterprise 2019 LTSC, or later. -- Windows 10 Enterprise or Pro - -For more information, see [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions). - -It is also now possible to run a script if the user rolls back their version of Windows using the PostRollback option. - - /PostRollback [\setuprollback.cmd] [/postrollback {system / admin}] - -For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#21) - -New command-line switches are also available to control BitLocker: - - Setup.exe /BitLocker AlwaysSuspend - – Always suspend bitlocker during upgrade. - Setup.exe /BitLocker TryKeepActive - – Enable upgrade without suspending bitlocker but if upgrade, does not work then suspend bitlocker and complete the upgrade. - Setup.exe /BitLocker ForceKeepActive - – Enable upgrade without suspending bitlocker, but if upgrade does not work, fail the upgrade. - -For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#33) - -### Feature update improvements - -Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This has resulted in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/en-us/articles/were-listening-to-you/). - -### SetupDiag - -[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) is a new command-line tool that can help diagnose why a Windows 10 update failed. - -SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. - -## Sign-in - -### Faster sign-in to a Windows 10 shared pc - -If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! - -**To enable fast sign-in:** -1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. -2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. -3. Sign-in to a shared PC with your account. You'll notice the difference! - - ![fast sign-in](../images/fastsignin.png "fast sign-in") - -### Web sign-in to Windows 10 - -Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). - -**To try out web sign-in:** -1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). -2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. -3. On the lock screen, select web sign-in under sign-in options. -4. Click the “Sign in” button to continue. - -![Web sign-in](../images/websignin.png "web sign-in") - -## Windows Analytics - -### Upgrade Readiness - ->[!IMPORTANT] ->Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. - -Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. - -The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. - -For more information about Upgrade Readiness, see the following topics: - -- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) -- [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness) - -Upgrade Readiness provides insights into application and driver compatibility issues. New capabilities include better app coverage, post-upgrade health reports, and enhanced report filtering capabilities. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). - -### Update Compliance - -Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. - -Update Compliance is a solution built using OMS Log Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. - -For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). - -New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Windows Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). - -### Device Health - -Maintaining devices is made easier with Device Health, a new, premium analytic tool that identifies devices and drivers that crash frequently and might need to be rebuilt or replaced. For more information, see [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). - -## Accessibility and Privacy - -### Accessibility - -"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](https://docs.microsoft.com/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in the [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/) blog post. - -### Privacy - -In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) app. - -## Configuration - -### Kiosk configuration - -Microsoft Edge has many improvements specifically targeted to Kiosks, however Edge is not available in the LTSC release of Windows 10. Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release. - -If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](https://docs.microsoft.com/windows/configuration/kiosk-methods) with a semi-annual release channel. - -### Co-management - -Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. - -For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) - -### OS uninstall period - -The OS uninstall period is a length of time that users are given when they can optionally roll back a Windows 10 update. With this release, administrators can use Intune or [DISM](#dism) to customize the length of the OS uninstall period. - -### Azure Active Directory join in bulk - -Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. - -![get bulk token action in wizard](../images/bulk-token.png) - -### Windows Spotlight - -The following new Group Policy and mobile device management (MDM) settings are added to help you configure Windows Spotlight user experiences: - -- **Turn off the Windows Spotlight on Action Center** -- **Do not use diagnostic data for tailored experiences** -- **Turn off the Windows Welcome Experience** - -[Learn more about Windows Spotlight.](/windows/configuration/windows-spotlight) - -### Start and taskbar layout - -Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise 2019 LTSC adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). - -[Additional MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include: - -- Settings for the User tile: [**Start/HideUserTile**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideusertile), [**Start/HideSwitchAccount**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideswitchaccount), [**Start/HideSignOut**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesignout), [**Start/HideLock**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidelock), and [**Start/HideChangeAccountSettings**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) -- Settings for Power: [**Start/HidePowerButton**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidepowerbutton), [**Start/HideHibernate**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidehibernate), [**Start/HideRestart**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderestart), [**Start/HideShutDown**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideshutdown), and [**Start/HideSleep**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesleep) -- Additional new settings: [**Start/HideFrequentlyUsedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-pagevisibilitylist), and [**Start/HideAppsList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist). - -## Windows Update - -### Windows Update for Business - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - -### Windows Insider for Business - -We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business). - -You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business#getting-started-with-windows-insider-program-for-business). - - -### Optimize update delivery - -With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. - ->[!NOTE] -> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. - -Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. - -Added policies include: -- [Allow uploads while the device is on battery while under set Battery level](/windows/deployment/update/waas-delivery-optimization#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) -- [Enable Peer Caching while the device connects via VPN](/windows/deployment/update/waas-delivery-optimization#enable-peer-caching-while-the-device-connects-via-vpn) -- [Minimum RAM (inclusive) allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-ram-allowed-to-use-peer-caching) -- [Minimum disk size allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-disk-size-allowed-to-use-peer-caching) -- [Minimum Peer Caching Content File Size](/windows/deployment/update/waas-delivery-optimization#minimum-peer-caching-content-file-size) - -To check out all the details, see [Configure Delivery Optimization for Windows 10 updates](/windows/deployment/update/waas-delivery-optimization) - -### Uninstalled in-box apps no longer automatically reinstall - -Starting with Windows 10 Enterprise 2019 LTSC, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. - -Additionally, apps de-provisioned by admins on Windows 10 Enterprise 2019 LTSC machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise 2016 LTSC (or earlier) to Windows 10 Enterprise 2019 LTSC. - -## Management - -### New MDM capabilities - -Windows 10 Enterprise 2019 LTSC adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed). - -Some of the other new CSPs are: - -- The [DynamicManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. - -- The [CleanPC CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data. - -- The [BitLocker CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/bitlocker-csp) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. - -- The [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) is used to configure a proxy server for ethernet and Wi-Fi connections. - -- The [Office CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/library/jj219426.aspx). - -- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. - -IT pros can use the new [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents. - -[Learn more about new MDM capabilities.](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/new-in-windows-mdm-enrollment-management#whatsnew10) - -MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](https://docs.microsoft.com/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). - -Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1709). - -### Mobile application management support for Windows 10 - -The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise 2019 LTSC. - -For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management). - -### MDM diagnostics - -In Windows 10 Enterprise 2019 LTSC, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. - -### Application Virtualization for Windows (App-V) - -Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise 2019 LTSC introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. - -For more info, see the following topics: -- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm) -- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-sequencing) -- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-updating) -- [Automatically cleanup unpublished packages on the App-V client](/windows/application-management/app-v/appv-auto-clean-unpublished-packages) - -### Windows diagnostic data - -Learn more about the diagnostic data that's collected at the Basic level and some examples of the types of data that is collected at the Full level. - -- [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703) -- [Windows 10, version 1703 Diagnostic Data](/windows/configuration/windows-diagnostic-data-1703) - -### Group Policy spreadsheet - -Learn about the new Group Policies that were added in Windows 10 Enterprise 2019 LTSC. - -- [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) - -### Mixed Reality Apps - -This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](https://docs.microsoft.com/windows/application-management/manage-windows-mixed-reality). - -## Networking - -### Network stack - -Several network stack enhancements are available in this release. Some of these features were also available in Windows 10, version 1703. For more information, see [Core Network Stack Features in the Creators Update for Windows 10](https://blogs.technet.microsoft.com/networking/2017/07/13/core-network-stack-features-in-the-creators-update-for-windows-10/). - -### Miracast over Infrastructure - -In this version of Windows 10, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx). - -How it works: - -Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. - -Miracast over Infrastructure offers a number of benefits: - -- Windows automatically detects when sending the video stream over this path is applicable. -- Windows will only choose this route if the connection is over Ethernet or a secure Wi-Fi network. -- Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. -- No changes to current wireless drivers or PC hardware are required. -- It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct. -- It leverages an existing connection which both reduces the time to connect and provides a very stable stream. - -Enabling Miracast over Infrastructure: - -If you have a device that has been updated to Windows 10 Enterprise 2019 LTSC, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: - -- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise 2019 LTSC, or a later OS. -- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. - - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - - As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. -- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. - -It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. - -## Registry editor improvements - -We added a dropdown that displays as you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word. - -![Registry editor dropdown](../images/regeditor.png "Registry editor dropdown") - -## Remote Desktop with Biometrics - -Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. - -To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click **Connect**. - -- Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click **More choices** to choose alternate credentials. -- Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN. - -See the following example: - -![Enter your credentials](../images/RDPwBioTime.png "Windows Hello") -![Enter your credentials](../images/RDPwBio2.png "Windows Hello personal") -![Microsoft Hyper-V Server 2016](../images/hyper-v.png "Microsoft Hyper-V Server 2016") - -## See Also - -[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release. +--- +title: What's new in Windows 10 Enterprise 2019 LTSC +ms.reviewer: +manager: laurawi +ms.author: greglin +description: New and updated IT Pro content about new features in Windows 10 Enterprise 2019 LTSC (also known as Windows 10 Enterprise 2019 LTSB). +keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019 LTSC"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: greg-lindsay +ms.localizationpriority: low +ms.topic: article +--- + +# What's new in Windows 10 Enterprise 2019 LTSC + +**Applies to** +- Windows 10 Enterprise 2019 LTSC + +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise 2019 LTSC, compared to Windows 10 Enterprise 2016 LTSC (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). + +>[!NOTE] +>Features in Windows 10 Enterprise 2019 LTSC are equivalent to Windows 10, version 1809. + +Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as: + - Advanced protection against modern security threats + - Full flexibility of OS deployment + - Updating and support options + - Comprehensive device and app management and control capabilities + +The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. + +>[!IMPORTANT] +>The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the semi-annual channel release of Windows 10 might be limited. + +## Microsoft Intune + +>Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as [Windows Autopilot](#windows-autopilot). However, note that Windows Update for Business (WUfB) does not currently support any LTSC releases, therefore you should use WSUS or Configuration Manager for patching. + +## Security + +This version of Window 10 includes security improvements for threat protection, information protection, and identity protection. + +### Threat protection + +#### Windows Defender ATP + +The Windows Defender Advanced Threat Protection ([Windows Defender ATP](/windows/security/threat-protection/index)) platform inludes the security pillars shown in the following diagram. In this version of Windows, Windows Defender ATP includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. + +![Windows Defender ATP](../images/wdatp.png) + +##### Attack surface reduction + +Attack surface reduction includes host-based intrusion prevention systems such as [controlled folder access](/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard). + - This feature can help prevent ransomware and other destructive malware from changing your personal files. In some cases, apps that you normally use might be blocked from making changes to common folders like **Documents** and **Pictures**. We’ve made it easier for you to add apps that were recently blocked so you can keep using your device without turning off the feature altogether. + - When an app is blocked, it will appear in a recently blocked apps list, which you can get to by clicking **Manage settings** under the **Ransomware protection** heading. Click **Allow an app through Controlled folder access**. After the prompt, click the **+** button and choose **Recently blocked apps**. Select any of the apps to add them to the allowed list. You can also browse for an app from this page. + +###### Windows Defender Firewall + +Windows Defender Firewall now supports Windows Subsystem for Linux (WSL) processes. You can add specific rules for a WSL process just as you would for any Windows process. Also, Windows Defender Firewall now supports notifications for WSL processes. For example, when a Linux tool wants to allow access to a port from the outside (like SSH or a web server like nginx), Windows Defender Firewall will prompt to allow access just like it would for a Windows process when the port starts accepting connections. This was first introduced in [Build 17627](https://docs.microsoft.com/windows/wsl/release-notes#build-17618-skip-ahead). + +##### Windows Defender Device Guard + +[Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) has always been a collection of technologies that can be combined to lock down a PC, including: +- Software-based protection provided by code integrity policies +- Hardware-based protection provided by Hypervisor-protected code integrity (HVCI) + +But these protections can also be configured separately. And, unlike HVCI, code integrity policies do not require virtualization-based security (VBS). To help underscore the distinct value of these protections, code integrity policies have been rebranded as [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control). + +### Next-gen protection + +#### Office 365 Ransomware Detection + +For Office 365 Home and Office 365 Personal subscribers, Ransomware Detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. For more information, see [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US) + +### Endpoint detection and response + +Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal. + + Windows Defender is now called Windows Defender Antivirus and now shares detection status between M365 services and interoperates with Windows Defender ATP. Additional policies have also been implemented to enhance cloud based protection, and new channels are available for emergency protection. For more information, see [Virus and threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection) and [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). + + We've also [increased the breadth of the documentation library for enterprise security admins](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). The new library includes information on: +- [Deploying and enabling AV protection](/windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus) +- [Managing updates](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus) +- [Reporting](/windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus) +- [Configuring features](/windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) +- [Troubleshooting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus) + + Some of the highlights of the new library include [Evaluation guide for Windows Defender AV](/windows/threat-protection/windows-defender-antivirus//evaluate-windows-defender-antivirus) and [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus). + + New features for Windows Defender AV in Windows 10 Enterprise 2019 LTSC include: +- [Updates to how the Block at First Sight feature can be configured](/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) +- [The ability to specify the level of cloud-protection](/windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus) +- [Windows Defender Antivirus protection in the Windows Defender Security Center app](/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) + + We've [invested heavily in helping to protect against ransomware](https://blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/#UJlHc6SZ2Zm44jCt.97), and we continue that investment with [updated behavior monitoring and always-on real-time protection](/windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). + + **Endpoint detection and response** is also enhanced. New **detection** capabilities include: +- [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. + - [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections). With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. + - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks. + - Upgraded detections of ransomware and other advanced attacks. + - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed. + + **Threat reponse** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: +- [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. + - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. + +Additional capabilities have been added to help you gain a holistic view on **investigations** include: + - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. + - [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) + - [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) + - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. + - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. + - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP. + +Other enhanced security features include: +- [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. +- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection) - Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. +- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center) - Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. +- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration) - Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. +- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019) - Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. +- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection) - Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. +- [Enable conditional access to better protect users, devices, and data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) + +We've also added a new assessment for the Windows time service to the **Device performance & health** section. If we detect that your device’s time is not properly synced with our time servers and the time-syncing service is disabled, we’ll provide the option for you to turn it back on. + +We’re continuing to work on how other security apps you’ve installed show up in the **Windows Security** app. There’s a new page called **Security providers** that you can find in the **Settings** section of the app. Click **Manage providers** to see a list of all the other security providers (including antivirus, firewall, and web protection) that are running on your device. Here you can easily open the providers’ apps or get more information on how to resolve issues reported to you through **Windows Security**. + +This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks). + +You can read more about ransomware mitigations and detection capability at: +- [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/) +- [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf) +- [Microsoft Malware Protection Center blog](https://blogs.technet.microsoft.com/mmpc/category/research/ransomware/) + +Also see [New capabilities of Windows Defender ATP further maximizing the effectiveness and robustness of endpoint security](https://blogs.windows.com/business/2018/04/17/new-capabilities-of-windows-defender-atp-further-maximizing-the-effectiveness-and-robustness-of-endpoint-security/#62FUJ3LuMXLQidVE.97) + +Get a quick, but in-depth overview of Windows Defender ATP for Windows 10: [Windows Defender Advanced Threat Protection](/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). + +For more information about features of Windows Defender ATP available in different editions of Windows 10, see the [Windows 10 commercial edition comparison](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf). + +### Information protection + +Improvements have been added to Windows Information Protection and BitLocker. + +#### Windows Information Protection + +Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection. For more information, see [Deploying and managing Windows Information Protection (WIP) with Azure Information Protection](https://myignite.microsoft.com/sessions/53660?source=sessions). + +Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune). + +You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs). + +This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive Files On-Demand For The Enterprise](https://techcommunity.microsoft.com/t5/OneDrive-Blog/OneDrive-Files-On-Demand-For-The-Enterprise/ba-p/117234). + +### BitLocker + +The minimum PIN length is being changed from 6 to 4, with a default of 6. For more information, see [BitLocker Group Policy settings](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol3). + +#### Silent enforcement on fixed drives + +Through a Modern Device Management (MDM) policy, BitLocker can be enabled silently for standard Azure Active Directory (AAD) joined users. In Windows 10, version 1803 automatic BitLocker encryption was enabled for standard AAD users, but this still required modern hardware that passed the Hardware Security Test Interface (HSTI). This new functionality enables BitLocker via policy even on devices that don’t pass the HSTI. + +This is an update to the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp), which was introduced in Windows 10, version 1703, and leveraged by Intune and others. + +This feature will soon be enabled on Olympia Corp as an optional feature. + +#### Delivering BitLocker policy to AutoPilot devices during OOBE + +You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. + +For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE. + +To achieve this: + +1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. +2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. + - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users. +3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. + - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts. + +### Identity protection + +Improvements have been added are to Windows Hello for Business and Credential Guard. + +#### Windows Hello for Business + +New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you are not present. + +New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification.md) inlcude: +- You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). +- For Windows Phone devices, an administrator is able to initiate a remote PIN reset through the Intune portal. +- For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset). + +[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#kiosk-configuration) section. +- Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/). +- Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. +- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their phone or device Bluetooth is off. +- You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. +- New [public API](https://docs.microsoft.com/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. +- It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: phone Bluetooth is off). + +For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97) + +#### Windows Defender Credential Guard + +Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It is designed to protect against well-known threats such as Pass-the-Hash and credential harvesting. + +Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns this functionality on by default when the machine has been Azure Active Directory joined. This provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode. Please note that Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions. + +For more information, see [Credential Guard Security Considerations](/windows/access-protection/credential-guard/credential-guard-requirements#security-considerations). + +### Other security improvments + +#### Windows security baselines + +Microsoft has released new [Windows security baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). + +**Windows security baselines** have been updated for Windows 10. A [security baseline](https://docs.microsoft.com/windows/device-security/windows-security-baselines) is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). + +The new [security baseline for Windows 10 version 1803](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10) has been published. + +#### SMBLoris vulnerability + +An issue, known as “SMBLoris�?, which could result in denial of service, has been addressed. + +#### Windows Security Center + +Windows Defender Security Center is now called **Windows Security Center**. + +You can still get to the app in all the usual ways – simply ask Cortana to open Windows Security Center(WSC) or interact with the taskbar icon. WSC lets you manage all your security needs, including **Windows Defender Antivirus** and **Windows Defender Firewall**. + +The WSC service now requires antivirus products to run as a protected process to register. Products that have not yet implemented this will not appear in the Windows Security Center user interface, and Windows Defender Antivirus will remain enabled side-by-side with these products. + +WSC now includes the Fluent Design System elements you know and love. You’ll also notice we’ve adjusted the spacing and padding around the app. It will now dynamically size the categories on the main page if more room is needed for extra info. We also updated the title bar so that it will use your accent color if you have enabled that option in **Color Settings**. + +![alt text](../images/defender.png "Windows Security Center") + +#### Group Policy Security Options + +The security setting [**Interactive logon: Display user information when the session is locked**](/windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked) has been updated to work in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. + +A new security policy setting +[**Interactive logon: Don't display username at sign-in**](/windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in) has been introduced in Windows 10 Enterprise 2019 LTSC. This security policy setting determines whether the username is displayed during sign in. It works in conjunction with the **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The setting only affects the **Other user** tile. + +#### Windows 10 in S mode + +We’ve continued to work on the **Current threats** area in [Virus & threat protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection), which now displays all threats that need action. You can quickly take action on threats from this screen: + +![Virus & threat protection settings](../images/virus-and-threat-protection.png "Virus & threat protection settings") + +## Deployment + +### Windows Autopilot + +[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise 2019 LTSC (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. + +Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog) or this article for updated information. + +Using Intune, Autopilot now enables locking the device during provisioning during the Windows Out Of Box Experience (OOBE) until policies and settings for the device get provisioned, thereby ensuring that by the time the user gets to the desktop, the device is secured and configured correctly. + +You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see [Manage Windows device deployment with Windows Autopilot Deployment](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). + +#### Windows Autopilot self-deploying mode + +Windows Autopilot self-deploying mode enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured automatically by Windows Autopilot. + +This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. + +You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. + +To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying). + + +#### Autopilot Reset + +IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). + +### MBR2GPT.EXE + +MBR2GPT.EXE is a new command-line tool introduced with Windows 10, version 1703 and also available in Windows 10 Enterprise 2019 LTSC (and later versions). MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). + +The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk. + +Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. + +For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). + +### DISM + +The following new DISM commands have been added to manage feature updates: + + DISM /Online /Initiate-OSUninstall + – Initiates a OS uninstall to take the computer back to the previous installation of windows. + DISM /Online /Remove-OSUninstall + – Removes the OS uninstall capability from the computer. + DISM /Online /Get-OSUninstallWindow + – Displays the number of days after upgrade during which uninstall can be performed. + DISM /Online /Set-OSUninstallWindow + – Sets the number of days after upgrade during which uninstall can be performed. + +For more information, see [DISM operating system uninstall command-line options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options). + +### Windows Setup + +You can now run your own custom actions or scripts in parallel with Windows Setup. Setup will also migrate your scripts to next feature release, so you only need to add them once. + +Prerequisites: +- Windows 10, version 1803 or Windows 10 Enterprise 2019 LTSC, or later. +- Windows 10 Enterprise or Pro + +For more information, see [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions). + +It is also now possible to run a script if the user rolls back their version of Windows using the PostRollback option. + + /PostRollback [\setuprollback.cmd] [/postrollback {system / admin}] + +For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#21) + +New command-line switches are also available to control BitLocker: + + Setup.exe /BitLocker AlwaysSuspend + – Always suspend bitlocker during upgrade. + Setup.exe /BitLocker TryKeepActive + – Enable upgrade without suspending bitlocker but if upgrade, does not work then suspend bitlocker and complete the upgrade. + Setup.exe /BitLocker ForceKeepActive + – Enable upgrade without suspending bitlocker, but if upgrade does not work, fail the upgrade. + +For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#33) + +### Feature update improvements + +Portions of the work done during the offline phases of a Windows update have been moved to the online phase. This has resulted in a significant reduction of offline time when installing updates. For more information, see [We're listening to you](https://insider.windows.com/en-us/articles/were-listening-to-you/). + +### SetupDiag + +[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) is a new command-line tool that can help diagnose why a Windows 10 update failed. + +SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available. + +## Sign-in + +### Faster sign-in to a Windows 10 shared pc + +If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! + +**To enable fast sign-in:** +1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. +2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. +3. Sign-in to a shared PC with your account. You'll notice the difference! + + ![fast sign-in](../images/fastsignin.png "fast sign-in") + +### Web sign-in to Windows 10 + +Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). + +**To try out web sign-in:** +1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). +2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. +3. On the lock screen, select web sign-in under sign-in options. +4. Click the “Sign in” button to continue. + +![Web sign-in](../images/websignin.png "web sign-in") + +## Windows Analytics + +### Upgrade Readiness + +>[!IMPORTANT] +>Upgrade Readiness will not allow you to assess an upgrade to an LTSC release (LTSC builds are not available as target versions). However, you can enroll devices running LTSC to plan for an upgrade to a semi-annual channel release. + +Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. + +The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. + +For more information about Upgrade Readiness, see the following topics: + +- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) +- [Manage Windows upgrades with Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness) + +Upgrade Readiness provides insights into application and driver compatibility issues. New capabilities include better app coverage, post-upgrade health reports, and enhanced report filtering capabilities. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). + +### Update Compliance + +Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. + +Update Compliance is a solution built using OMS Log Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. + +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). + +New capabilities in Update Compliance let you monitor Windows Defender protection status, compare compliance with industry peers, and optimize bandwidth for deploying updates. For more information, see [Monitor Windows Updates and Windows Defender Antivirus with Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor). + +### Device Health + +Maintaining devices is made easier with Device Health, a new, premium analytic tool that identifies devices and drivers that crash frequently and might need to be rebuilt or replaced. For more information, see [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). + +## Accessibility and Privacy + +### Accessibility + +"Out of box" accessibility is enhanced with auto-generated picture descriptions. For more information about accessibility, see [Accessibility information for IT Professionals](https://docs.microsoft.com/windows/configuration/windows-10-accessibility-for-itpros). Also see the accessibility section in the [What’s new in the Windows 10 April 2018 Update](https://blogs.windows.com/windowsexperience/2018/04/30/whats-new-in-the-windows-10-april-2018-update/) blog post. + +### Privacy + +In the Feedback and Settings page under Privacy Settings you can now delete the diagnostic data your device has sent to Microsoft. You can also view this diagnostic data using the [Diagnostic Data Viewer](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) app. + +## Configuration + +### Kiosk configuration + +Microsoft Edge has many improvements specifically targeted to Kiosks, however Edge is not available in the LTSC release of Windows 10. Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release. + +If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](https://docs.microsoft.com/windows/configuration/kiosk-methods) with a semi-annual release channel. + +### Co-management + +Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. + +For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) + +### OS uninstall period + +The OS uninstall period is a length of time that users are given when they can optionally roll back a Windows 10 update. With this release, administrators can use Intune or [DISM](#dism) to customize the length of the OS uninstall period. + +### Azure Active Directory join in bulk + +Using the new wizards in Windows Configuration Designer, you can [create provisioning packages to enroll devices in Azure Active Directory](/windows/configuration/provisioning-packages/provisioning-packages#configuration-designer-wizards). Azure AD join in bulk is available in the desktop, mobile, kiosk, and Surface Hub wizards. + +![get bulk token action in wizard](../images/bulk-token.png) + +### Windows Spotlight + +The following new Group Policy and mobile device management (MDM) settings are added to help you configure Windows Spotlight user experiences: + +- **Turn off the Windows Spotlight on Action Center** +- **Do not use diagnostic data for tailored experiences** +- **Turn off the Windows Welcome Experience** + +[Learn more about Windows Spotlight.](/windows/configuration/windows-spotlight) + +### Start and taskbar layout + +Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10 Enterprise 2019 LTSC adds support for customized taskbars to [MDM](/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management). + +[Additional MDM policy settings are available for Start and taskbar layout](/windows/configuration/windows-10-start-layout-options-and-policies). New MDM policy settings include: + +- Settings for the User tile: [**Start/HideUserTile**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideusertile), [**Start/HideSwitchAccount**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideswitchaccount), [**Start/HideSignOut**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesignout), [**Start/HideLock**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidelock), and [**Start/HideChangeAccountSettings**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) +- Settings for Power: [**Start/HidePowerButton**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidepowerbutton), [**Start/HideHibernate**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidehibernate), [**Start/HideRestart**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderestart), [**Start/HideShutDown**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideshutdown), and [**Start/HideSleep**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidesleep) +- Additional new settings: [**Start/HideFrequentlyUsedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps), [**Start/HideRecentlyAddedApps**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps), **AllowPinnedFolder**, **ImportEdgeAssets**, [**Start/HideRecentJumplists**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hiderecentjumplists), [**Start/NoPinningToTaskbar**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-nopinningtotaskbar), [**Settings/PageVisibilityList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-pagevisibilitylist), and [**Start/HideAppsList**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist). + +## Windows Update + +### Windows Update for Business + +Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). + +The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). + + +Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. + +WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). + +Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). + +The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). + + +Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. + +WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). + +### Windows Insider for Business + +We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business). + +You can now register your Azure AD domains to the Windows Insider Program. For more information, see [Windows Insider Program for Business](https://docs.microsoft.com/windows/deployment/update/waas-windows-insider-for-business#getting-started-with-windows-insider-program-for-business). + + +### Optimize update delivery + +With changes delivered in Windows 10 Enterprise 2019 LTSC, [Express updates](/windows/deployment/update/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. + +>[!NOTE] +> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. + +Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. + +Added policies include: +- [Allow uploads while the device is on battery while under set Battery level](/windows/deployment/update/waas-delivery-optimization#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) +- [Enable Peer Caching while the device connects via VPN](/windows/deployment/update/waas-delivery-optimization#enable-peer-caching-while-the-device-connects-via-vpn) +- [Minimum RAM (inclusive) allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-ram-allowed-to-use-peer-caching) +- [Minimum disk size allowed to use Peer Caching](/windows/deployment/update/waas-delivery-optimization#minimum-disk-size-allowed-to-use-peer-caching) +- [Minimum Peer Caching Content File Size](/windows/deployment/update/waas-delivery-optimization#minimum-peer-caching-content-file-size) + +To check out all the details, see [Configure Delivery Optimization for Windows 10 updates](/windows/deployment/update/waas-delivery-optimization) + +### Uninstalled in-box apps no longer automatically reinstall + +Starting with Windows 10 Enterprise 2019 LTSC, in-box apps that were uninstalled by the user won't automatically reinstall as part of the feature update installation process. + +Additionally, apps de-provisioned by admins on Windows 10 Enterprise 2019 LTSC machines will stay de-provisioned after future feature update installations. This will not apply to the update from Windows 10 Enterprise 2016 LTSC (or earlier) to Windows 10 Enterprise 2019 LTSC. + +## Management + +### New MDM capabilities + +Windows 10 Enterprise 2019 LTSC adds many new [configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) that provide new capabilities for managing Windows 10 devices using MDM or provisioning packages. Among other things, these CSPs enable you to configure a few hundred of the most useful Group Policy settings via MDM - see [Policy CSP - ADMX-backed policies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-admx-backed). + +Some of the other new CSPs are: + +- The [DynamicManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. + +- The [CleanPC CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data. + +- The [BitLocker CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/bitlocker-csp) is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives. + +- The [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) is used to configure a proxy server for ethernet and Wi-Fi connections. + +- The [Office CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/library/jj219426.aspx). + +- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. + +IT pros can use the new [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents. + +[Learn more about new MDM capabilities.](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/new-in-windows-mdm-enrollment-management#whatsnew10) + +MDM has been expanded to include domain joined devices with Azure Active Directory registration. Group Policy can be used with Active Directory joined devices to trigger auto-enrollment to MDM. For more information, see [Enroll a Windows 10 device automatically using Group Policy](https://docs.microsoft.com/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy). + +Multiple new configuration items are also added. For more information, see [What's new in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1709). + +### Mobile application management support for Windows 10 + +The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10 Enterprise 2019 LTSC. + +For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management). + +### MDM diagnostics + +In Windows 10 Enterprise 2019 LTSC, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. + +### Application Virtualization for Windows (App-V) + +Previous versions of the Microsoft Application Virtualization Sequencer (App-V Sequencer) have required you to manually create your sequencing environment. Windows 10 Enterprise 2019 LTSC introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine. Additionally, the App-V Sequencer has been updated to let you sequence or update multiple apps at the same time, while automatically capturing and storing your customizations as an App-V project template (.appvt) file, and letting you use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. + +For more info, see the following topics: +- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-provision-a-vm) +- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-sequencing) +- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](/windows/application-management/app-v/appv-auto-batch-updating) +- [Automatically cleanup unpublished packages on the App-V client](/windows/application-management/app-v/appv-auto-clean-unpublished-packages) + +### Windows diagnostic data + +Learn more about the diagnostic data that's collected at the Basic level and some examples of the types of data that is collected at the Full level. + +- [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703) +- [Windows 10, version 1703 Diagnostic Data](/windows/configuration/windows-diagnostic-data-1703) + +### Group Policy spreadsheet + +Learn about the new Group Policies that were added in Windows 10 Enterprise 2019 LTSC. + +- [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250) + +### Mixed Reality Apps + +This version of Windows 10 introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use WSUS must take action to enable Windows Mixed Reality. You can also prohibit use of Windows Mixed Reality by blocking installation of the Mixed Reality Portal. For more information, see [Enable or block Windows Mixed Reality apps in the enterprise](https://docs.microsoft.com/windows/application-management/manage-windows-mixed-reality). + +## Networking + +### Network stack + +Several network stack enhancements are available in this release. Some of these features were also available in Windows 10, version 1703. For more information, see [Core Network Stack Features in the Creators Update for Windows 10](https://blogs.technet.microsoft.com/networking/2017/07/13/core-network-stack-features-in-the-creators-update-for-windows-10/). + +### Miracast over Infrastructure + +In this version of Windows 10, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx). + +How it works: + +Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. + +Miracast over Infrastructure offers a number of benefits: + +- Windows automatically detects when sending the video stream over this path is applicable. +- Windows will only choose this route if the connection is over Ethernet or a secure Wi-Fi network. +- Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. +- No changes to current wireless drivers or PC hardware are required. +- It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct. +- It leverages an existing connection which both reduces the time to connect and provides a very stable stream. + +Enabling Miracast over Infrastructure: + +If you have a device that has been updated to Windows 10 Enterprise 2019 LTSC, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: + +- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise 2019 LTSC, or a later OS. +- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. + - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. + - As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. +- The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. +- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. + +It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. + +## Registry editor improvements + +We added a dropdown that displays as you type to help complete the next part of the path. You can also press **Ctrl + Backspace** to delete the last word, and **Ctrl + Delete** to delete the next word. + +![Registry editor dropdown](../images/regeditor.png "Registry editor dropdown") + +## Remote Desktop with Biometrics + +Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. + +To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click **Connect**. + +- Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click **More choices** to choose alternate credentials. +- Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN. + +See the following example: + +![Enter your credentials](../images/RDPwBioTime.png "Windows Hello") +![Enter your credentials](../images/RDPwBio2.png "Windows Hello personal") +![Microsoft Hyper-V Server 2016](../images/hyper-v.png "Microsoft Hyper-V Server 2016") + +## See Also + +[Windows 10 Enterprise LTSC](index.md): A short description of the LTSC servicing channel with links to information about each release. diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 7bf5f8b3ee..b4e4f4f224 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -67,7 +67,7 @@ This is an update to the [BitLocker CSP](https://docs.microsoft.com/windows/clie This feature will soon be enabled on Olympia Corp as an optional feature. -#### Delivering BitLocker policy to AutoPilot devices during OOBE +#### Delivering BitLocker policy to AutoPilot devices during OOBE You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. From c80a206c5e019fe53bb3912f8a3bf03ab9701229 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Sat, 10 Aug 2019 17:48:13 -0400 Subject: [PATCH 324/395] chore: Replace "syntax" blocks with specific languages --- ...ng-microsoft-office-2016-by-using-app-v.md | 4 +- .../configuring-med-v-for-remote-networks.md | 2 +- .../med-v-trim-transfer-technology-medvv2.md | 2 +- .../client-management/mdm/applocker-csp.md | 6 +- ...e-active-directory-integration-with-mdm.md | 2 +- .../mdm/clientcertificateinstall-csp.md | 4 +- .../mdm/cm-proxyentries-csp.md | 2 +- windows/client-management/mdm/defender-csp.md | 4 +- .../diagnose-mdm-failures-in-windows-10.md | 2 +- windows/client-management/mdm/dmacc-csp.md | 2 +- .../mdm/eap-configuration.md | 10 +- .../mdm/healthattestation-csp.md | 137 +++--- .../mdm/policy-csp-update.md | 28 +- .../client-management/mdm/remotelock-csp.md | 4 +- .../client-management/mdm/remotering-csp.md | 14 +- .../client-management/mdm/reporting-csp.md | 4 +- .../mdm/securitypolicy-csp.md | 8 +- .../structure-of-oma-dm-provisioning-files.md | 8 +- windows/client-management/mdm/supl-csp.md | 2 +- .../client-management/mdm/surfacehub-csp.md | 92 ++-- .../client-management/mdm/tpmpolicy-csp.md | 32 +- windows/client-management/mdm/vpnv2-csp.md | 429 +++++++++--------- .../mdm/vpnv2-profile-xsd.md | 2 +- .../mdm/w7-application-csp.md | 2 +- windows/client-management/mdm/wifi-csp.md | 54 +-- .../windowsadvancedthreatprotection-csp.md | 2 +- .../mdm/wmi-providers-supported-in-windows.md | 4 +- 27 files changed, 429 insertions(+), 433 deletions(-) diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md index 203086f71b..4dbf7f3b64 100644 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md +++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md @@ -222,7 +222,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file: - ``` syntax + ```xml @@ -633,7 +633,7 @@ You may want to disable specific applications in your Office App-V package. For 5. Add the Office 2016 App-V Package with the new Deployment Configuration File. - ``` syntax + ```xml Lync 2016 diff --git a/mdop/medv-v1/configuring-med-v-for-remote-networks.md b/mdop/medv-v1/configuring-med-v-for-remote-networks.md index a7a19283f2..34aa837bcd 100644 --- a/mdop/medv-v1/configuring-med-v-for-remote-networks.md +++ b/mdop/medv-v1/configuring-med-v-for-remote-networks.md @@ -53,7 +53,7 @@ When applying new settings, the service must be restarted. - You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry: - ``` syntax + ```xml diff --git a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md b/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md index e8b68e25fc..62702d952d 100644 --- a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md +++ b/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md @@ -32,7 +32,7 @@ You can configure which folders are indexed on the host as part of the Trim Tran When applying new settings, the service must be restarted. -``` syntax +```xml - %WINDIR% diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 79fb1d0045..356fa67a5f 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -830,7 +830,7 @@ The following list shows the apps that may be included in the inbox. The following example disables the calendar application. -``` syntax +```xml @@ -854,7 +854,7 @@ The following example disables the calendar application. The following example blocks the usage of the map application. -``` syntax +```xml @@ -1394,7 +1394,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo ## Example for Windows 10 Holographic for Business The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable to enable a working device, as well as Settings. -``` syntax +```xml 1 diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index 5664409319..41612181c5 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -372,7 +372,7 @@ Data type is string. Enroll a client certificate through SCEP. -``` syntax +```xml @@ -571,7 +571,7 @@ Enroll a client certificate through SCEP. Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store. -``` syntax +```xml diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md index 432b10a418..301c28ea8e 100644 --- a/windows/client-management/mdm/cm-proxyentries-csp.md +++ b/windows/client-management/mdm/cm-proxyentries-csp.md @@ -90,7 +90,7 @@ Specifies the username used to connect to the proxy. To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection. -``` syntax +```xml diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 2579fa4d39..744a4be799 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -215,7 +215,7 @@ Supported product status values: Example: -``` syntax +```xml @@ -224,7 +224,7 @@ Example: ./Vendor/MSFT/Defender/Health/ProductStatus - + diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index 31cb8df991..85de08a137 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -73,7 +73,7 @@ When the PC is already enrolled in MDM, you can remotely collect logs from the P Example: Enable the Debug channel logging -``` syntax +```xml diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md index 09b61984c1..aa61f9d50b 100644 --- a/windows/client-management/mdm/dmacc-csp.md +++ b/windows/client-management/mdm/dmacc-csp.md @@ -262,7 +262,7 @@ Stores specifies which certificate stores the DM client will search to find the Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: -``` syntax +```xml ``` diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 49635be46f..03e82dc9e8 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -56,7 +56,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras 9. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML. - ``` syntax + ```powershell Get-VpnConnection -Name Test ``` @@ -80,17 +80,17 @@ Here is an easy way to get the EAP configuration from your desktop using the ras IdleDisconnectSeconds : 0 ``` - ``` syntax + ```powershell $a = Get-VpnConnection -Name Test ``` - ``` syntax + ```powershell $a.EapConfigXmlStream.InnerXml ``` Here is an example output - ``` syntax + ```xml 1300 13 diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index a14f71ce2d..3870f7d385 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -314,16 +314,16 @@ For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint nod The following example shows a sample call that instructs a managed device to communicate with an enterprise managed DHA-Service. -``` syntax - - 1 - - - ./Vendor/MSFT/HealthAttestation/HASEndpoint - - www.ContosoDHA-Service - - +```xml + + 1 + + + ./Vendor/MSFT/HealthAttestation/HASEndpoint + + www.ContosoDHA-Service + + ``` @@ -334,24 +334,24 @@ Send a SyncML call to start collection of the DHA-Data. The following example shows a sample call that triggers collection and verification of health attestation data from a managed device. -``` syntax - - 1 - - - ./Vendor/MSFT/HealthAttestation/VerifyHealth - - - +```xml + + 1 + + + ./Vendor/MSFT/HealthAttestation/VerifyHealth + + + - - 2 - - - ./Vendor/MSFT/HealthAttestation/Status - - - + + 2 + + + ./Vendor/MSFT/HealthAttestation/Status + + + ``` ## **Step 4: Take action based on the clients response** @@ -364,21 +364,21 @@ After the client receives the health attestation request, it sends a response. T Here is a sample alert that is issued by DHA_CSP: -``` syntax - - 1 - 1226 - - - ./Vendor/MSFT/HealthAttestation/VerifyHealth - - - com.microsoft.mdm:HealthAttestation.Result - int - - 3 - - +```xml + + 1 + 1226 + + + ./Vendor/MSFT/HealthAttestation/VerifyHealth + + + com.microsoft.mdm:HealthAttestation.Result + int + + 3 + + ``` - If the response to the status node is not 0, 1 or 3, then troubleshoot the issue. For the complete list of status codes see [Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes). @@ -389,35 +389,34 @@ Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and Here is an example: -``` syntax +```xml - 1 - - - ./Vendor/MSFT/HealthAttestation/Nonce - - AAAAAAAAAFFFFFFF - + 1 + + + ./Vendor/MSFT/HealthAttestation/Nonce + + AAAAAAAAAFFFFFFF + - - 2 - - - ./Vendor/MSFT/HealthAttestation/Certificate - - - - - - 3 - - - ./Vendor/MSFT/HealthAttestation/CorrelationId - - - + + 2 + + + ./Vendor/MSFT/HealthAttestation/Certificate + + + + + 3 + + + ./Vendor/MSFT/HealthAttestation/CorrelationId + + + ``` ## **Step 6: Forward device health attestation data to DHA-service** @@ -1019,8 +1018,8 @@ Each of these are described in further detail in the following sections, along w ## DHA-Report V3 schema -``` syntax - +```xml + Example -``` syntax - - $CmdID$ - - - chr - text/plain - - - ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl - - http://abcd-srv:8530 - - +```xml + + $CmdID$ + + + chr + text/plain + + + ./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl + + http://abcd-srv:8530 + + ``` diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index ea985de378..3ea4ca8ee0 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -117,7 +117,7 @@ A Get operation on this node must follow an Exec operation on the /RemoteLock/Lo Initiate a remote lock of the device. -``` syntax +```xml 1 @@ -130,7 +130,7 @@ Initiate a remote lock of the device. Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below. -``` syntax +```xml 1 diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md index 21149dd08e..726df442f0 100644 --- a/windows/client-management/mdm/remotering-csp.md +++ b/windows/client-management/mdm/remotering-csp.md @@ -31,14 +31,14 @@ The supported operation is Exec. The following sample shows how to initiate a remote ring on the device. -``` syntax +```xml - 5 - - - ./Vendor/MSFT/RemoteRing/Ring - - + 5 + + + ./Vendor/MSFT/RemoteRing/Ring + + ``` diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md index 44828e2d90..1f1391ff33 100644 --- a/windows/client-management/mdm/reporting-csp.md +++ b/windows/client-management/mdm/reporting-csp.md @@ -81,7 +81,7 @@ Supported operations are Get and Replace. Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime. -``` syntax +```xml @@ -104,7 +104,7 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr Retrieve a specified number of security auditing logs starting from the specified StartTime. -``` syntax +```xml diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index 91478addbe..9b8b3ce65d 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -199,7 +199,7 @@ The following security roles are supported. Setting a security policy: -``` syntax +```xml @@ -209,7 +209,7 @@ Setting a security policy: Querying a security policy: -``` syntax +```xml @@ -222,7 +222,7 @@ Querying a security policy: Setting a security policy: -``` syntax +```xml … @@ -245,7 +245,7 @@ Setting a security policy: Querying a security policy: -``` syntax +```xml … diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 7791fe19fd..0e0293bca8 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -53,7 +53,7 @@ The following table shows the OMA DM versions that are supported. The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification. -``` syntax +```xml 1.2 @@ -107,7 +107,7 @@ The following example shows the header component of a DM message. In this case,   -``` syntax +```xml 1.2 DM/1.2 @@ -130,7 +130,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This is indicated by the <Final /> tag that occurs immediately after the terminating tag for the Get command. -``` syntax +```xml @@ -157,7 +157,7 @@ The Replace command is used to update a device setting. The following example illustrates how to use the Replace command to update a device setting. -``` syntax +```xml 1.2 DM/1.2 diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index ded1d293de..09ea7f32d0 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -481,7 +481,7 @@ Adding a SUPL and a V2 UPL account to the same device. Values in italic must be Adding a SUPL account to a device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. -``` syntax +```xml diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 50b1862e82..fcb23c170c 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -39,52 +39,52 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

Here's a SyncML example. -``` syntax - - - - 1 - - - ./Vendor/MSFT/SurfaceHub/DeviceAccount/UserPrincipalName - - - chr - - user@contoso.com - - - - 2 - - - ./Vendor/MSFT/SurfaceHub/DeviceAccount/Password - - - chr - - password - - - - 3 - - - ./Vendor/MSFT/SurfaceHub/DeviceAccount/ValidateAndCommit - - - - - 4 - - - ./Vendor/MSFT/SurfaceHub/DeviceAccount/ErrorContext - - - - - - +```xml + + + + 1 + + + ./Vendor/MSFT/SurfaceHub/DeviceAccount/UserPrincipalName + + + chr + + user@contoso.com + + + + 2 + + + ./Vendor/MSFT/SurfaceHub/DeviceAccount/Password + + + chr + + password + + + + 3 + + + ./Vendor/MSFT/SurfaceHub/DeviceAccount/ValidateAndCommit + + + + + 4 + + + ./Vendor/MSFT/SurfaceHub/DeviceAccount/ErrorContext + + + + + + ```

To use a device account from Active Directory diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index e546efa7f6..36f46f9df1 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -37,20 +37,20 @@ The following diagram shows the TPMPolicy configuration service provider in tree Here is an example: -``` syntax - - 101 - - - - ./Vendor/MSFT/TpmPolicy/IsActiveZeroExhaust - - - - bool - text/plain - - true - - +```xml + + 101 + + + + ./Vendor/MSFT/TpmPolicy/IsActiveZeroExhaust + + + + bool + text/plain + + true + + ``` diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 5fa7655902..fa5597ecf6 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -598,7 +598,7 @@ Value type is bool. Supported operations include Get, Add, Replace, and Delete. Profile example -``` syntax +```xml @@ -657,244 +657,241 @@ Profile example AppTriggerList -``` syntax +```xml - - 10013 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/0/App/Id - - %PROGRAMFILES%\Internet Explorer\iexplore.exe - - - - 10014 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/1/App/Id - - %PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe - - - - - 10015 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/2/App/Id - - Microsoft.MicrosoftEdge_8wekyb3d8bbwe - - + + 10013 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/0/App/Id + + %PROGRAMFILES%\Internet Explorer\iexplore.exe + + + + 10014 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/1/App/Id + + %PROGRAMFILES% (x86)\Internet Explorer\iexplore.exe + + + + + 10015 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/AppTriggerList/2/App/Id + + Microsoft.MicrosoftEdge_8wekyb3d8bbwe + + ``` RouteList and ExclusionRoute -``` syntax - - - 10008 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/Address - - 192.168.0.0 - - - - 10009 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/PrefixSize - - - int - - 24 - - - - 10010 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/ExclusionRoute - - - bool - - true - - - +```xml + + 10008 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/Address + + 192.168.0.0 + + + + 10009 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/PrefixSize + + + int + + 24 + + + + 10010 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/RouteList/0/ExclusionRoute + + + bool + + true + + ``` DomainNameInformationList -``` syntax - - - - 10013 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DomainName - - .contoso.com - - - - 10014 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DnsServers - - 192.168.0.11,192.168.0.12 - - - +```xml + + + 10013 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DomainName + + .contoso.com + + + + 10014 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/DnsServers + + 192.168.0.11,192.168.0.12 + + + - - 10013 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/DomainName - - .contoso.com - - - - - 10015 - - -./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/WebProxyServers - - 192.168.0.100:8888 - - - + + 10013 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/DomainName + + .contoso.com + + + + + 10015 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/WebProxyServers + + 192.168.0.100:8888 + + + - - - 10016 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DomainName - - finance.contoso.com - - - - 10017 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DnsServers - - 192.168.0.11,192.168.0.12 - - - + + + 10016 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DomainName + + finance.contoso.com + + + + 10017 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/2/DnsServers + + 192.168.0.11,192.168.0.12 + + + - - - 10016 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/DomainName - - finance.contoso.com - - - - 10017 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/WebProxyServers - - 192.168.0.11:8080 - - - + + + 10016 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/DomainName + + finance.contoso.com + + + + 10017 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/3/WebProxyServers + + 192.168.0.11:8080 + + + - - 10016 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DomainName - - . - - - - 10017 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DnsServers - - 192.168.0.11,192.168.0.12 - - - + + 10016 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DomainName + + . + + + + 10017 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/4/DnsServers + + 192.168.0.11,192.168.0.12 + + + - - - 10016 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/DomainName - - . - - - - 10017 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/WebProxyServers - - 192.168.0.11 - - + + + 10016 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/DomainName + + . + + + + 10017 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/5/WebProxyServers + + 192.168.0.11 + + ``` AutoTrigger -``` syntax +```xml - 10010 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/AutoTrigger - - - bool - - true - - + 10010 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/0/AutoTrigger + + + bool + + true + + ``` Persistent -``` syntax +```xml - 10010 - - - ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/Persistent - - - bool - - true - - + 10010 + + + ./Vendor/MSFT/VPNv2/VPNProfileName/DomainNameInformationList/1/Persistent + + + bool + + true + + ``` TrafficFilterLIst App -``` syntax +```xml Desktop App 10013 @@ -929,7 +926,7 @@ TrafficFilterLIst App Protocol, LocalPortRanges, RemotePortRanges, LocalAddressRanges, RemoteAddressRanges, RoutingPolicyType, EDPModeId, RememberCredentials, AlwaysOn, Lockdown, DnsSuffix, TrustedNetworkDetection -``` syntax +```xml Protocol $CmdID$ @@ -1077,7 +1074,7 @@ Protocol Proxy - Manual or AutoConfigUrl -``` syntax +```xml Manual $CmdID$ @@ -1103,7 +1100,7 @@ Manual Device Compliance - Sso -``` syntax +```xml Enabled 10011 @@ -1143,7 +1140,7 @@ Device Compliance - Sso PluginProfile -``` syntax +```xml PluginPackageFamilyName @@ -1181,7 +1178,7 @@ PluginPackageFamilyName NativeProfile -``` syntax +```xml Servers 10001 diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 2aa15af132..fbb8abae88 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -344,7 +344,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro ## Plug-in profile example -``` syntax +```xml testserver1.contoso.com;testserver2.contoso..com diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 0a7adafa8c..eff35b4fd4 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -160,7 +160,7 @@ Stores specifies which certificate stores the DM client will search to find the Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: -``` syntax +```xml ``` diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 7db7e01ffb..79992abc08 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -121,7 +121,7 @@ These XML examples show how to perform various tasks using OMA DM. The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80. -``` syntax +```xml @@ -160,7 +160,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor The following example shows how to query Wi-Fi profiles installed on an MDM server. -``` syntax +```xml 301 @@ -173,7 +173,7 @@ The following example shows how to query Wi-Fi profiles installed on an MDM serv The following example shows the response. -``` syntax +```xml 3 1 @@ -190,17 +190,17 @@ The following example shows the response. The following example shows how to remove a network with SSID ‘MyNetwork’ and no proxy. Removing all network authentication types is done in this same manner. -``` syntax +```xml - 300 - - 301 - - - ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml - - - + 300 + + 301 + + + ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml + + + ``` @@ -208,21 +208,21 @@ The following example shows how to remove a network with SSID ‘MyNetwork’ an The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetwork’ and root CA validation for server certificate. -``` syntax +```xml - 300 - - 301 - - - ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml - - - chr - - MyNetworkMyNetworkfalseESSmanualWPA2AEStrueuser2500025true InsertCertThumbPrintHere truefalse26falsefalsefalsetruefalse - - + 300 + + 301 + + + ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml + + + chr + + MyNetworkMyNetworkfalseESSmanualWPA2AEStrueuser2500025true InsertCertThumbPrintHere truefalse26falsefalsefalsetruefalse + + ``` diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 6ae22efd72..2508fa2863 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -120,7 +120,7 @@ The following list describes the characteristics and parameters. ## Examples -``` syntax +```xml diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 4d421e7c6a..b6fb182eae 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -27,7 +27,7 @@ The child node names of the result from a WMI query are separated by a forward s Get the list of network adapters from the device. -``` syntax +```xml ./cimV2/Win32_NetworkAdapter @@ -37,7 +37,7 @@ Get the list of network adapters from the device. Result -``` syntax +```xml ./cimV2/Win32_NetworkAdapter From 6890f078457b1c42b35c6f67f8e723ef3987411e Mon Sep 17 00:00:00 2001 From: Albert Cabello Serrano Date: Mon, 12 Aug 2019 07:46:28 -0700 Subject: [PATCH 325/395] Update upgrade-readiness-additional-insights.md Removing references to spectre-meltdown as the functionality is EOL --- .../upgrade-readiness-additional-insights.md | 38 +------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 93d1f63cc0..c6c73aa23e 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -5,7 +5,8 @@ manager: laurawi ms.author: greglin description: Explains additional features of Upgrade Readiness. ms.prod: w10 -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.topic: article ms.collection: M365-analytics --- @@ -14,44 +15,9 @@ ms.collection: M365-analytics This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include: -- [Spectre and Meltdown protections](#spectre-and-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities. - [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer. - [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers. -## Spectre and Meltdown protection status -Microsoft has published guidance for IT Pros that outlines the steps you can take to improve protection against the hardware vulnerabilities known as "Spectre" and "Meltdown." See [Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities](https://go.microsoft.com/fwlink/?linkid=867468) for details about the vulnerabilities and steps you can take. - -Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities: -- Verify that you are running a supported antivirus application. -- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates. -- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s). - -Upgrade Readiness reports on status of your devices in these three areas. - -![Spectre-Meltdown protection blades](../images/spectre-meltdown-prod-closeup.png) - ->[!IMPORTANT] ->To provide these blades with data, ensure that your devices can reach the endpoint **http://adl.windows.com**. (See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) for more about necessary endpoints and how to whitelist them.) - -### Anti-virus status blade -This blade helps you determine if your devices' anti-virus solution is compatible with the latest Windows operating system updates. It shows the number of devices that have an anti-virus solution with no known issues, issues reported, or an unknown status for a particular Windows security update. In the following example, an anti-virus solution that has no known issues with the January 3, 2018 Windows update is installed on about 2,800 devices. - -![Spectre-Meltdown antivirus blade](../images/AV-status-by-computer.png) - -### Security update status blade -This blade indicates whether a Windows security update that includes Spectre- or Meltdown-related fixes (January 3, 2018 or later) has been installed, as well as whether specific fixes have been disabled. Though protections are enabled by default on devices running Windows (but not Windows Server) operating systems, some IT administrators might choose to disable specific protections. In the following example, about 4,300 devices have a Windows security update that includes Spectre or Meltdown protections installed, and those protections are enabled. - -![Spectre-Meltdown antivirus blade](../images/win-security-update-status-by-computer.png) - ->[!IMPORTANT] ->If you are seeing computers with statuses of either “Unknown – action may be required” or “Installed, but mitigation status unknown,” it is likely that you need to whitelist the **http://adl.windows.com** endpoint. - -### Firmware update status blade -This blade reports the number of devices that have installed a firmware update that includes Spectre or Meltdown protections. The blade might report a large number of blank, “unknown”, or “to be determined” statuses at first. As CPU information is provided by partners, the blade will automatically update with no further action required on your part. - - - - ## Site discovery The IE site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. From 7215157ba44eafeaef6fd1784eb6b910bd858a69 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 12 Aug 2019 11:17:37 -0700 Subject: [PATCH 326/395] minor fixes --- .../windows-autopilot-requirements.md | 243 +++++++++--------- 1 file changed, 122 insertions(+), 121 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index c216835569..a9317ae207 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -1,121 +1,122 @@ ---- -title: Windows Autopilot requirements -ms.reviewer: -manager: laurawi -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Windows Autopilot requirements - -**Applies to: Windows 10** - -Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met. - -**Note**: For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsautopilot). - -## Software requirements - -- Windows 10 version 1703 (semi-annual channel) or higher is required. -- The following editions are supported: - - Windows 10 Pro - - Windows 10 Pro Education - - Windows 10 Pro for Workstations - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Enterprise 2019 LTSC - -## Networking requirements - -Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: - -- Ensure DNS name resolution for internet DNS names -- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) - -In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details: - -
ServiceInformation -
Windows Autopilot Deployment Service and Windows ActivationAfter a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 builds 18204 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com.
- -For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See Windows activation or validation fails with error code 0x8004FE33 for details about problems that might occur when you connect to the Internet through a proxy server. -
Azure Active DirectoryUser credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information. -
IntuneOnce authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth. -
Windows UpdateDuring the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
- -If Windows Update is inaccessible, the AutoPilot process will still continue but critical updates will not be available. - -
Delivery OptimizationWhen downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
- -If the Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer). - -
Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. -
Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. -
Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
- -If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. -
Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). - -www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP. -
Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
- -If the WNS services are not available, the Autopilot process will still continue without notifications. -
Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
- -If the Microsoft Store is not accessible, the AutoPilot process will still continue without Microsoft Store apps. - -
Office 365As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above). -
Certificate revocation lists (CRLs)Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at Office 365 URLs and IP address ranges and Office 365 Certificate Chains. -
Hybrid AAD joinHybrid AAD can be join, the machine should be on corporate network for hybrid AAD join to work. See details at Windows Autopilot user-driven mode -
- -## Licensing requirements - -Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: - -To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: - - [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) - - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) - - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) - - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). - - [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. - - [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. - - [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). - -Additionally, the following are also recommended (but not required): -- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). -- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. - -## Configuration requirements - -Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios. - -- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services. -- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties). -- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise. - -Specific scenarios will then have additional requirements. Generally, there are two specific tasks: - -- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details. -- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an AutoPilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an AutoPilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group) for more information. - -See [Windows Autopilot Scenarios](windows-autopilot-scenarios.md) for additional details. - -For a walkthrough for some of these and related steps, see this video: -
 
- - -There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications). - -## Related topics - -[Configure Autopilot deployment](configure-autopilot.md) +--- +title: Windows Autopilot requirements +ms.reviewer: +manager: laurawi +description: Windows Autopilot deployment +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot requirements + +**Applies to: Windows 10** + +Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met. + +**Note**: For a list of OEMs that currently support Windows Autopilot, see the Participant device manufacturers section at [Windows Autopilot](https://aka.ms/windowsautopilot). + +## Software requirements + +- Windows 10 version 1703 (semi-annual channel) or higher is required. +- The following editions are supported: + - Windows 10 Pro + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Enterprise 2019 LTSC + +## Networking requirements + +Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: + +- Ensure DNS name resolution for internet DNS names +- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) + +In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details: + +
ServiceInformation +
Windows Autopilot Deployment Service and Windows ActivationAfter a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 builds 18204 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com.
+ +For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See Windows activation or validation fails with error code 0x8004FE33 for details about problems that might occur when you connect to the Internet through a proxy server. +
Azure Active DirectoryUser credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See Office 365 IP Address and URL Web service for more information. +
IntuneOnce authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: Intune network configuration requirements and bandwidth. +
Windows UpdateDuring the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see How to solve connection problems concerning Windows Update or Microsoft Update.
+ +If Windows Update is inaccessible, the AutoPilot process will still continue but critical updates will not be available. + +
Delivery OptimizationWhen downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
+ +If the Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer). + +
Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. +
Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. +
Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
+ +If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. +
Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). + +www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP. +
Windows Notification Services (WNS)This service is used to enable Windows to receive notifications from apps and services. See Microsoft Store for more information.
+ +If the WNS services are not available, the Autopilot process will still continue without notifications. +
Microsoft Store, Microsoft Store for BusinessApps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM).  App updates and additional apps may also be needed when the user first logs in. For more information, see Prerequisites for Microsoft Store for Business and Education (also includes Azure AD and Windows Notification Services).
+ +If the Microsoft Store is not accessible, the AutoPilot process will still continue without Microsoft Store apps. + +
Office 365As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see Office 365 URLs and IP address ranges (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above). +
Certificate revocation lists (CRLs)Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at Office 365 URLs and IP address ranges and Office 365 Certificate Chains. +
Hybrid AAD joinThe device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at Windows Autopilot user-driven mode +
+ +## Licensing requirements + +Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: + +To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: + - [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) + - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) + - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) + - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). + - [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. + - [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. + - [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). + +Additionally, the following are also recommended (but not required): +- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). +- [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. + +## Configuration requirements + +Before Windows Autopilot can be used, some configuration tasks are required to support the common Autopilot scenarios. + +- Configure Azure Active Directory automatic enrollment. For Microsoft Intune, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment) for details. If using a different MDM service, contact the vendor for the specific URLs or configuration needed for those services. +- Configure Azure Active Directory custom branding. In order to display an organization-specific logon page during the Autopilot process, Azure Active Directory needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details. Note that the "square logo" and "sign-in page text" are the key elements for Autopilot, as well as the Azure Active Directory tenant name (configured separately in the Azure AD tenant properties). +- Enable [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) if desired, in order to automatically step up from Windows 10 Pro to Windows 10 Enterprise. + +Specific scenarios will then have additional requirements. Generally, there are two specific tasks: + +- Device registration. Devices need to be added to Windows Autopilot to support most Windows Autopilot scenarios. See [Adding devices to Windows Autopilot](add-devices.md) for more details. +- Profile configuration. Once devices have been added to Windows Autopilot, a profile of settings needs to be applied to each device. See [Configure Autopilot profiles](profiles.md) for details. Note that Microsoft Intune can automate this profile assignment; see [Create an AutoPilot device group](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Assign an AutoPilot deployment profile to a device group](https://docs.microsoft.com/intune/enrollment-autopilot#assign-an-autopilot-deployment-profile-to-a-device-group) for more information. + +See [Windows Autopilot Scenarios](windows-autopilot-scenarios.md) for additional details. + +For a walkthrough for some of these and related steps, see this video: +
 
+ + +There are no additional hardware requirements to use Windows 10 Autopilot, beyond the [requirements to run Windows 10](https://www.microsoft.com/windows/windows-10-specifications). + +## Related topics + +[Configure Autopilot deployment](configure-autopilot.md) From 2eed56d93568893d6e22389f400832b95db0a338 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 12 Aug 2019 12:03:49 -0700 Subject: [PATCH 327/395] Added Intune configuration note --- .../microsoft-defender-atp/configuration-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md index 1eadc36802..11998ea410 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md @@ -34,6 +34,8 @@ Your configuration score widget shows the collective security configuration stat - Security controls ## How it works +>[!NOTE] +> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management. The data in the configuration score widget is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously: - Compare collected configurations to the collected benchmarks to discover misconfigured assets From 5f72abd71541a2761737d5bd8490029bcd434beb Mon Sep 17 00:00:00 2001 From: illgitthat Date: Mon, 12 Aug 2019 16:15:52 -0400 Subject: [PATCH 328/395] Minor typo fix for update-alerts.md Fixed "no yet assigned" to "not yet assigned" --- .../threat-protection/microsoft-defender-atp/manage-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index 3113e4b4f9..36e579945b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -36,7 +36,7 @@ Selecting an alert in either of those places brings up the **Alert management pa You can create a new incident from the alert or link to an existing incident. ## Assign alerts -If an alert is no yet assigned, you can select **Assign to me** to assign the alert to yourself. +If an alert is not yet assigned, you can select **Assign to me** to assign the alert to yourself. ## Suppress alerts From 86538c86f4885303c52b38a2a7b824d8cfcdfa24 Mon Sep 17 00:00:00 2001 From: Jarrett Renshaw Date: Mon, 12 Aug 2019 13:39:49 -0700 Subject: [PATCH 329/395] Update support-solutions-surface.md Corrected cracked screen link to contact support --- devices/surface/support-solutions-surface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md index a6099038b0..5cc8e9de9d 100644 --- a/devices/surface/support-solutions-surface.md +++ b/devices/surface/support-solutions-surface.md @@ -25,7 +25,7 @@ These are the top Microsoft Support solutions for common issues experienced when ## Screen cracked or scratched issues -- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged) +- [Contact Microsoft Support](https://support.microsoft.com/en-us/supportforbusiness/productselection) ## Device cover or keyboard issues From ba49c98822fc8614078d58af06ab538a4492fa2b Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 12 Aug 2019 14:33:17 -0700 Subject: [PATCH 330/395] still fixing glitches --- windows/deployment/update/waas-overview.md | 25 +--------------------- 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 765d69d2cc..dcade04187 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -5,18 +5,9 @@ keywords: updates, servicing, current, deployment, semi-annual channel, feature, ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -<<<<<<< HEAD author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -======= -audience: itpro -author: greg-lindsay -ms.localizationpriority: medium -ms.audience: itpro -author: greg-lindsay -ms.date: 09/24/2018 ->>>>>>> 1682d137057c63a81145c556ac06a5eea8c576b6 ms.reviewer: manager: laurawi ms.topic: article @@ -88,13 +79,8 @@ There are currently two release channels for Windows 10: > >You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change. -<<<<<<< HEAD >[!IMPORTANT] >Devices on the Semi-Annual Channel must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). -======= -> [!IMPORTANT] -> Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). ->>>>>>> 1682d137057c63a81145c556ac06a5eea8c576b6 ### Feature updates @@ -147,11 +133,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s > [!NOTE] > Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version. > -<<<<<<< HEAD ->Long-term Servicing channel is not intended for deployment on most or all the devicess in an organization; it should be used only for special-purpose devices. As a general guideline, a devices with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel. -======= -> Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices. As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel. ->>>>>>> 1682d137057c63a81145c556ac06a5eea8c576b6 +>Long-term Servicing channel is not intended for deployment on most or all the devicess in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel. Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. @@ -169,13 +151,8 @@ For many IT pros, gaining visibility into feature updates early—before they’ Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](waas-windows-insider-for-business.md). -<<<<<<< HEAD >[!NOTE] >Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. -======= -> [!NOTE] -> Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app. ->>>>>>> 1682d137057c63a81145c556ac06a5eea8c576b6 > > The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. From 35c99b2c44aa1f9ca801325887439ca9600d6502 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 12 Aug 2019 14:57:37 -0700 Subject: [PATCH 331/395] removed instances of Windows 10 Mobile --- windows/deployment/update/waas-branchcache.md | 74 --- .../deployment/update/waas-configure-wufb.md | 5 +- ...aas-deployment-rings-windows-10-updates.md | 10 +- .../deployment/update/waas-integrate-wufb.md | 1 - ...as-manage-updates-configuration-manager.md | 2 +- windows/deployment/update/waas-overview.md | 1 - windows/deployment/update/waas-quick-start.md | 1 - windows/deployment/update/waas-restart.md | 2 +- ...s-servicing-channels-windows-10-updates.md | 2 +- ...s-servicing-strategy-windows-10-updates.md | 2 +- windows/deployment/update/waas-wu-settings.md | 9 +- windows/deployment/update/waas-wufb-intune.md | 588 +++++++++--------- 12 files changed, 310 insertions(+), 387 deletions(-) diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index 826846e2fb..6e8a4ba345 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -1,4 +1,3 @@ -<<<<<<< HEAD --- title: Configure BranchCache for Windows 10 updates (Windows 10) description: Use BranchCache to optimize network bandwidth during update deployment. @@ -70,76 +69,3 @@ In addition to these steps, there is one requirement for WSUS to be able to use - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) - [Deploy Windows 10 updates using Configuration Manager](waas-manage-updates-configuration-manager.md) - [Manage device restarts after updates](waas-restart.md) -======= ---- -title: Configure BranchCache for Windows 10 updates (Windows 10) -description: Use BranchCache to optimize network bandwidth during update deployment. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.author: greglin -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.topic: article ---- - -# Configure BranchCache for Windows 10 updates - - -**Applies to** - -- Windows 10 - -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it’s easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. - -- Distributed Cache mode operates like the [Delivery Optimization](waas-delivery-optimization.md) feature in Windows 10: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file. - - >[!TIP] - >Distributed Cache mode is preferred to Hosted Cache mode for Windows 10 updates to get the most benefit from peer-to-peer distribution. - -- In Hosted Cache mode, designated servers at specific locations act as a cache for files requested by clients in its area. Then, rather than clients retrieving files from a latent source, the hosted cache server provides the content on its behalf. - -For detailed information about how Distributed Cache mode and Hosted Cache mode work, see [BranchCache Overview](https://technet.microsoft.com/library/dd637832(v=ws.10).aspx). - -## Configure clients for BranchCache - -Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](https://technet.microsoft.com/library/dd637820%28v=ws.10%29.aspx) in the [BranchCache Early Adopter’s Guide](https://technet.microsoft.com/library/dd637762(v=ws.10).aspx). - -In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows 10, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode. - -## Configure servers for BranchCache - -You can use WSUS and Configuration Manager with BranchCache in Distributed Cache mode. BranchCache in Distributed Cache mode is easy to configure for both WSUS and System Center Configuration Manager. - -For a step-by-step guide to configuring BranchCache on Windows Server devices, see the [BranchCache Deployment Guide (Windows Server 2012)](https://technet.microsoft.com/library/jj572990) or [BranchCache Deployment Guide (Windows Server 2016)](https://technet.microsoft.com/windows-server-docs/networking/branchcache/deploy/branchcache-deployment-guide). - -In addition to these steps, there is one requirement for WSUS to be able to use BranchCache in either operating mode: the WSUS server must be configured to download updates locally on the server to a shared folder. This way, you can select BranchCache publication for the share. For Configuration Manager, you can enable BranchCache on distribution points; no other server-side configuration is necessary for Distributed Cache mode. - ->[!NOTE] ->Configuration Manager only supports Distributed Cache mode. - - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Overview of Windows as a service](waas-overview.md) -- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) -- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) -- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) -- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) -- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) -- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) -- [Deploy Windows 10 updates using Configuration Manager](waas-manage-updates-configuration-manager.md) -- [Manage device restarts after updates](waas-restart.md) ->>>>>>> 1682d137057c63a81145c556ac06a5eea8c576b6 diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 36aa2a2099..c6b56e8162 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -7,9 +7,9 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro -author: greg-lindsay +author: jaimeo ms.localizationpriority: medium -ms.author: greglin +ms.author: jaimeo ms.topic: article --- @@ -19,7 +19,6 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile - Windows Server 2016 - Windows Server 2019 diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index 19f5813303..30023d81bb 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -4,10 +4,9 @@ description: Deployment rings in Windows 10 are similar to the deployment groups ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: greg-lindsay +author: jaimeo ms.localizationpriority: medium -ms.author: greglin -ms.date: 07/11/2018 +ms.author: jaimeo ms.reviewer: manager: laurawi ms.collection: M365-modern-desktop @@ -20,10 +19,12 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> [!NOTE] +> We're in the process of updating this topic with more definitive guidance. In the meantime, see [this post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) on the Windows 10 IT Pro blog for some great suggestions for a deployment ring structure. + For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different. Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. @@ -37,7 +38,6 @@ Table 1 provides an example of the deployment rings you might use. | Deployment ring | Servicing channel | Deferral for feature updates | Deferral for quality updates | Example | | --- | --- | --- | --- | --- | | Preview | Windows Insider Program | None | None | A few machines to evaluate early builds prior to their arrival to the semi-annual channel | -| Targeted | Semi-annual channel (Targeted) | None | None | Select devices across various teams used to evaluate the major release prior to broad deployment | | Broad | Semi-annual channel | 120 days | 7-14 days | Broadly deployed to most of the organization and monitored for feedback
Pause updates if there are critical issues | | Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization | diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index a99fc9d7ce..1bc196ce0e 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -19,7 +19,6 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index 7d938fa496..5ab254f79d 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index dcade04187..4396b9d4b7 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -19,7 +19,6 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile - Windows 10 IoT Mobile > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 3897c0d891..56b4cc46a7 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -19,7 +19,6 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile - Windows 10 IoT Mobile Windows as a service is a new concept, introduced with the release of Windows 10. While [an extensive set of documentation](index.md) is available explaining all the specifics and nuances, here is a quick guide to the most important concepts. diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index f33cad3273..bab9a9e136 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -19,7 +19,7 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index bde875509e..2375cfd6b8 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 365ef3cd83..32e06ed8f5 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 9646afd361..2b0e2f7f98 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -5,11 +5,10 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro -author: greg-lindsay +author: jaimeo ms.localizationpriority: medium ms.audience: itpro -author: greg-lindsay -ms.date: 07/27/2017 +author: jaimeo ms.reviewer: manager: laurawi ms.topic: article @@ -21,14 +20,14 @@ ms.topic: article **Applies to** - Windows 10 -- Windows 10 Mobile + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more. >[!IMPORTANT] ->In Windows 10, any Group Policy user configuration settings for Windows Update were deprecated and are no longer supported on this platform. +>In Windows 10, any Group Policy user configuration settings for Windows Update are no longer supported on this platform. ## Summary of Windows Update settings diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index 30f7702f19..7736d4e6c7 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -1,293 +1,295 @@ ---- -title: Walkthrough use Intune to configure Windows Update for Business (Windows 10) -description: Configure Windows Update for Business settings using Microsoft Intune. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.audience: itpro author: greg-lindsay -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.topic: article ---- - -# Walkthrough: use Microsoft Intune to configure Windows Update for Business - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - ->[!IMPORTANT] ->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. -> ->In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. - -You can use Intune to configure Windows Update for Business even if you don’t have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment. - -Windows Update for Business in Windows 10 version 1511 allows you to delay quality updates up to 4 weeks and feature updates up to an additional 8 months after Microsoft releases builds to the Current Branch for Business (CBB) servicing branch. In Windows 10 version 1607 and later, you can delay quality updates for up to 30 days and feature updates up to an additional 180 days after the release of either a Current Branch (CB) or CBB build. - -To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings. - ->[!NOTE] ->Coming soon: [Intune Groups will be converted to Azure Active Directory-based Security Groups](https://docs.microsoft.com/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune) - -## Configure Windows Update for Business in Windows 10, version 1511 - -In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). - -- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices. -- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release. - ->[!NOTE] ->Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only. - -### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral - -1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials. - -2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. - - ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) - -3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. - -4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**. - -5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. - -6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. - -7. In the **Value** box, type **1**, and then click **OK**. - - >[!NOTE] - >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. - - ![Settings for this policy](images/waas-wufb-intune-step7a.png) - -8. For this deployment ring, you’re required to enable only CBB, so click **Save Policy**. - -9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. - - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. - -10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. - -You have now configured the **Ring 4 Broad business users** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. - -### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals - -1. In the Policy workspace, click **Configuration Policies**, and then click **Add**. - -2. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. - -3. Name the policy **Windows Update for Business – CBB2**. Then, in the **OMA-URI Settings** section, click **Add**. - In this policy, you add two OMA-URI settings, one for each deferment type. - -4. In **Setting name**, type **Enable Clients for CBB**, and then in the **Data type** list, select **Integer**. - -6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. Then, in the **Value** box, type **1**. - -7. Click **OK** to save the setting. - -8. In the **OMA-URI Settings** section, click **Add**. - -9. For this setting, in **Setting name**, type **Defer Updates for 1 Week**, and then in the **Data type** list, select **Integer**. - -11. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod**. - -12. In the **Value** box, type **1**. - -13. Click **OK** to save the setting. - -14. In the **OMA-URI Settings** section, click **Add**. - -15. For this setting, in **Setting name**, type **Defer Upgrades for 1 Month**, and then in the **Data type** list, select **Integer**. - -17. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod**. - -18. In the **Value** box, type **1**. - -19. Click **OK** to save the setting. - - Three settings should appear in the **Windows Update for Business – CBB2** policy. - - ![Settings for CBB2 policy](images/waas-wufb-intune-step19a.png) - -20. Click **Save Policy**, and then click **Yes** at the **Deploy Policy** prompt. - -21. In the **Manage Deployment** dialog box, select the **Ring 5 Broad business users #2** computer group, click **Add**, and then click **OK**. - -## Configure Windows Update for Business in Windows 10 version 1607 - -To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings. - -In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: - -- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 28 days after they are released. -- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch. -- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. - -### Configure Ring 2 Pilot Business Users policy - -1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials. - -2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. - - ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) - -3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. - -4. Name the policy **Windows Update for Business - CB2**. Then, in the **OMA-URI Settings** section, click **Add**. - -4. In **Setting name**, type **Enable Clients for CB**, and then select **Integer** from the **Data type** list. - -6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. - -7. In the **Value** box, type **0**, and then click **OK**. - - >[!NOTE] - >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. - - ![Settings for this policy](images/waas-wufb-intune-cb2a.png) - -8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. - -8. In **Setting name**, type **Defer feature updates for 28 days**, and then select **Integer** from the **Data type** list. -10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. -11. In the **Value** box, type **28**, and then click **OK**. - - ![Settings for this policy](images/waas-wufb-intune-step11a.png) - -9. Click **Save Policy**. - -9. In the **Deploy Policy: Windows Update for Business – CB2** dialog box, click **Yes**. - - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. - -10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**. - -You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they’re available. - -### Configure Ring 4 Broad business users policy - -2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. - - ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) - -3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. - -4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**. - -5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. - -6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. - -7. In the **Value** box, type **1**, and then click **OK**. - - >[!NOTE] - >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. - - -8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. - -9. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list. - -10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. - -11. In the **Value** box, type **0**, and then click **OK**. - - ![Settings for this policy](images/waas-wufb-intune-cbb1a.png) - -12. Click **Save Policy**. - -13. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. - - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. - -14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. - -You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates. - - -### Configure Ring 5 Broad business users \#2 policy - -2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. - - ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) - -3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. - -4. Name the policy **Windows Update for Business - CBB2**. Then, in the **OMA-URI Settings** section, click **Add**. - -5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. - -6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. - -7. In the **Value** box, type **1**, and then click **OK**. - - >[!NOTE] - >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. - - -8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. - -9. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list. - -10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays**. - -11. In the **Value** box, type **7**, and then click **OK**. - -12. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. - -13. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list. - -14. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. - -15. In the **Value** box, type **14**, and then click **OK**. - - ![Settings for this policy](images/waas-wufb-intune-cbb2a.png) - -16. Click **Save Policy**. - -17. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**. - - >[!NOTE] - >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. - -18. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**. - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Overview of Windows as a service](waas-overview.md) -- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) -- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) -- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) -- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) -- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) -- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) -- [Manage device restarts after updates](waas-restart.md) - - - - - - - - +--- +title: Walkthrough use Intune to configure Windows Update for Business (Windows 10) +description: Configure Windows Update for Business settings using Microsoft Intune. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.audience: itpro +author: greg-lindsay +ms.date: 07/27/2017 +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +# Walkthrough: use Microsoft Intune to configure Windows Update for Business + + +**Applies to** + +- Windows 10 + + +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) + +>[!IMPORTANT] +>Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products. +> +>In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. + +You can use Intune to configure Windows Update for Business even if you don’t have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment. + +Windows Update for Business in Windows 10 version 1511 allows you to delay quality updates up to 4 weeks and feature updates up to an additional 8 months after Microsoft releases builds to the Current Branch for Business (CBB) servicing branch. In Windows 10 version 1607 and later, you can delay quality updates for up to 30 days and feature updates up to an additional 180 days after the release of either a Current Branch (CB) or CBB build. + +To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings. + +>[!NOTE] +>Coming soon: [Intune Groups will be converted to Azure Active Directory-based Security Groups](https://docs.microsoft.com/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune) + +## Configure Windows Update for Business in Windows 10, version 1511 + +In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). + +- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices. +- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release. + +>[!NOTE] +>Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only. + +### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral + +1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials. + +2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. + + ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) + +3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. + +4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**. + +5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. + +6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. + +7. In the **Value** box, type **1**, and then click **OK**. + + >[!NOTE] + >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. + + ![Settings for this policy](images/waas-wufb-intune-step7a.png) + +8. For this deployment ring, you’re required to enable only CBB, so click **Save Policy**. + +9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. + + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + +10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. + +You have now configured the **Ring 4 Broad business users** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. + +### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals + +1. In the Policy workspace, click **Configuration Policies**, and then click **Add**. + +2. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. + +3. Name the policy **Windows Update for Business – CBB2**. Then, in the **OMA-URI Settings** section, click **Add**. + In this policy, you add two OMA-URI settings, one for each deferment type. + +4. In **Setting name**, type **Enable Clients for CBB**, and then in the **Data type** list, select **Integer**. + +6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. Then, in the **Value** box, type **1**. + +7. Click **OK** to save the setting. + +8. In the **OMA-URI Settings** section, click **Add**. + +9. For this setting, in **Setting name**, type **Defer Updates for 1 Week**, and then in the **Data type** list, select **Integer**. + +11. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod**. + +12. In the **Value** box, type **1**. + +13. Click **OK** to save the setting. + +14. In the **OMA-URI Settings** section, click **Add**. + +15. For this setting, in **Setting name**, type **Defer Upgrades for 1 Month**, and then in the **Data type** list, select **Integer**. + +17. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod**. + +18. In the **Value** box, type **1**. + +19. Click **OK** to save the setting. + + Three settings should appear in the **Windows Update for Business – CBB2** policy. + + ![Settings for CBB2 policy](images/waas-wufb-intune-step19a.png) + +20. Click **Save Policy**, and then click **Yes** at the **Deploy Policy** prompt. + +21. In the **Manage Deployment** dialog box, select the **Ring 5 Broad business users #2** computer group, click **Add**, and then click **OK**. + +## Configure Windows Update for Business in Windows 10 version 1607 + +To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings. + +In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: + +- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 28 days after they are released. +- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch. +- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. + +### Configure Ring 2 Pilot Business Users policy + +1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials. + +2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. + + ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) + +3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. + +4. Name the policy **Windows Update for Business - CB2**. Then, in the **OMA-URI Settings** section, click **Add**. + +4. In **Setting name**, type **Enable Clients for CB**, and then select **Integer** from the **Data type** list. + +6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. + +7. In the **Value** box, type **0**, and then click **OK**. + + >[!NOTE] + >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. + + ![Settings for this policy](images/waas-wufb-intune-cb2a.png) + +8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. + +8. In **Setting name**, type **Defer feature updates for 28 days**, and then select **Integer** from the **Data type** list. +10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. +11. In the **Value** box, type **28**, and then click **OK**. + + ![Settings for this policy](images/waas-wufb-intune-step11a.png) + +9. Click **Save Policy**. + +9. In the **Deploy Policy: Windows Update for Business – CB2** dialog box, click **Yes**. + + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + +10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**. + +You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they’re available. + +### Configure Ring 4 Broad business users policy + +2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. + + ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) + +3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. + +4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**. + +5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. + +6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. + +7. In the **Value** box, type **1**, and then click **OK**. + + >[!NOTE] + >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. + + +8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. + +9. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list. + +10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. + +11. In the **Value** box, type **0**, and then click **OK**. + + ![Settings for this policy](images/waas-wufb-intune-cbb1a.png) + +12. Click **Save Policy**. + +13. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**. + + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + +14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**. + +You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates. + + +### Configure Ring 5 Broad business users \#2 policy + +2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane. + + ![Shows the UI for this step](images/waas-wufb-intune-step2a.png) + +3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**. + +4. Name the policy **Windows Update for Business - CBB2**. Then, in the **OMA-URI Settings** section, click **Add**. + +5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list. + +6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**. + +7. In the **Value** box, type **1**, and then click **OK**. + + >[!NOTE] + >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax. + + +8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. + +9. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list. + +10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays**. + +11. In the **Value** box, type **7**, and then click **OK**. + +12. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. + +13. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list. + +14. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**. + +15. In the **Value** box, type **14**, and then click **OK**. + + ![Settings for this policy](images/waas-wufb-intune-cbb2a.png) + +16. Click **Save Policy**. + +17. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**. + + >[!NOTE] + >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**. + +18. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**. + +## Related topics + +- [Update Windows 10 in the enterprise](index.md) +- [Overview of Windows as a service](waas-overview.md) +- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) +- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) +- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) +- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) +- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) +- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) +- [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) +- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) +- [Configure Windows Update for Business](waas-configure-wufb.md) +- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) +- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) +- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md) +- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) +- [Manage device restarts after updates](waas-restart.md) + + + + + + + + From 94e89df6b7dca292a4fe6ba5db0d305bd3f5842d Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 12 Aug 2019 18:40:32 -0400 Subject: [PATCH 332/395] fix: MD006/ul-start-left Consider starting bulleted lists at the beginning of the line --- ...ct-data-using-enterprise-site-discovery.md | 4 +- ...ct-data-using-enterprise-site-discovery.md | 965 +++++++++--------- devices/hololens/hololens-requirements.md | 8 +- devices/surface/assettag.md | 4 +- ...timal-power-settings-on-Surface-devices.md | 26 +- .../microsoft-surface-brightness-control.md | 10 +- ...-by-step-surface-deployment-accelerator.md | 20 +- education/windows/set-up-windows-10.md | 6 +- ...n-or-plug-in-application--app-v-46-sp1-.md | 8 +- ...new-standard-application--app-v-46-sp1-.md | 8 +- ...-created-in-a-previous-version-of-app-v.md | 4 +- ...-application-with-app-v-50-beta-gb18030.md | 12 +- ...-application-with-app-v-51-beta-gb18030.md | 12 +- ...he-mbam-25-server-feature-configuration.md | 8 +- ...age-orders-microsoft-store-for-business.md | 12 +- .../app-v/appv-capacity-planning.md | 12 +- .../mdm/networkqospolicy-csp.md | 6 +- .../mdm/policy-csp-applicationmanagement.md | 10 +- .../mdm/policy-csp-taskmanager.md | 4 +- .../windowsdefenderapplicationguard-csp.md | 6 +- .../start-layout-troubleshoot.md | 8 +- windows/configuration/wcd/wcd-messaging.md | 2 +- windows/deployment/upgrade/setupdiag.md | 72 +- .../windows-autopilot-requirements.md | 14 +- ...system-components-to-microsoft-services.md | 26 +- .../hello-how-it-works-technology.md | 2 +- .../hello-hybrid-aadj-sso-base.md | 14 +- .../passwordless-strategy.md | 6 +- .../tpm/how-windows-uses-the-tpm.md | 6 +- .../threat-protection/fips-140-validation.md | 40 +- .../configure-mssp-support.md | 4 +- .../configure-proxy-internet.md | 14 +- .../microsoft-defender-atp/evaluation-lab.md | 22 +- .../exposed-apis-full-sample-powershell.md | 6 +- .../fix-unhealthy-sensors.md | 4 +- .../offboard-machines.md | 12 +- .../threat-indicator-concepts.md | 6 +- .../troubleshoot-onboarding.md | 6 +- ...ployment-vdi-windows-defender-antivirus.md | 2 +- ...ged-apps-to-existing-applocker-rule-set.md | 4 +- .../applocker/administer-applocker.md | 4 +- .../applocker-architecture-and-components.md | 4 +- .../applocker/applocker-functions.md | 4 +- .../applocker/applocker-overview.md | 4 +- .../applocker-policies-deployment-guide.md | 4 +- .../applocker-policies-design-guide.md | 4 +- .../applocker-policy-use-scenarios.md | 4 +- .../applocker-processes-and-interactions.md | 4 +- .../applocker/applocker-settings.md | 4 +- .../applocker-technical-reference.md | 4 +- ...gure-an-applocker-policy-for-audit-only.md | 4 +- ...e-an-applocker-policy-for-enforce-rules.md | 4 +- ...figure-exceptions-for-an-applocker-rule.md | 4 +- ...onfigure-the-appLocker-reference-device.md | 4 +- ...figure-the-application-identity-service.md | 4 +- .../create-a-rule-for-packaged-apps.md | 4 +- ...-a-rule-that-uses-a-file-hash-condition.md | 4 +- ...reate-a-rule-that-uses-a-path-condition.md | 4 +- ...-a-rule-that-uses-a-publisher-condition.md | 4 +- .../create-applocker-default-rules.md | 4 +- ...cations-deployed-to-each-business-group.md | 4 +- .../create-your-applocker-policies.md | 4 +- .../applocker/create-your-applocker-rules.md | 4 +- .../applocker/delete-an-applocker-rule.md | 4 +- ...cies-by-using-the-enforce-rules-setting.md | 4 +- ...oy-the-applocker-policy-into-production.md | 4 +- ...p-policy-structure-and-rule-enforcement.md | 4 +- ...igitally-signed-on-a-reference-computer.md | 4 +- ...ine-your-application-control-objectives.md | 4 +- ...-users-try-to-run-a-blocked-application.md | 4 +- .../applocker/dll-rules-in-applocker.md | 4 +- ...tructure-and-applocker-rule-enforcement.md | 4 +- .../document-your-application-list.md | 4 +- .../document-your-applocker-rules.md | 4 +- .../applocker/edit-an-applocker-policy.md | 4 +- .../applocker/edit-applocker-rules.md | 4 +- .../enable-the-dll-rule-collection.md | 4 +- .../applocker/enforce-applocker-rules.md | 4 +- .../executable-rules-in-applocker.md | 4 +- .../export-an-applocker-policy-from-a-gpo.md | 4 +- ...port-an-applocker-policy-to-an-xml-file.md | 4 +- .../applocker/how-applocker-works-techref.md | 4 +- ...-applocker-policy-from-another-computer.md | 4 +- .../import-an-applocker-policy-into-a-gpo.md | 4 +- .../applocker/maintain-applocker-policies.md | 4 +- .../manage-packaged-apps-with-applocker.md | 4 +- ...r-policies-by-using-set-applockerpolicy.md | 4 +- .../merge-applocker-policies-manually.md | 4 +- ...onitor-application-usage-with-applocker.md | 4 +- .../optimize-applocker-performance.md | 4 +- ...ckaged-app-installer-rules-in-applocker.md | 4 +- .../plan-for-applocker-policy-management.md | 4 +- .../applocker/refresh-an-applocker-policy.md | 4 +- ...ements-for-deploying-applocker-policies.md | 4 +- .../requirements-to-use-applocker.md | 4 +- ...the-automatically-generate-rules-wizard.md | 4 +- .../applocker/script-rules-in-applocker.md | 4 +- .../security-considerations-for-applocker.md | 4 +- .../select-types-of-rules-to-create.md | 4 +- ...er-policy-by-using-test-applockerpolicy.md | 4 +- .../test-and-update-an-applocker-policy.md | 4 +- .../applocker/tools-to-use-with-applocker.md | 4 +- ...derstand-applocker-enforcement-settings.md | 4 +- ...stand-applocker-policy-design-decisions.md | 4 +- ...ent-setting-inheritance-in-group-policy.md | 4 +- ...the-applocker-policy-deployment-process.md | 4 +- ...plocker-allow-and-deny-actions-on-rules.md | 4 +- .../understanding-applocker-default-rules.md | 4 +- .../understanding-applocker-rule-behavior.md | 4 +- ...nderstanding-applocker-rule-collections.md | 4 +- ...standing-applocker-rule-condition-types.md | 4 +- ...understanding-applocker-rule-exceptions.md | 4 +- ...e-file-hash-rule-condition-in-applocker.md | 4 +- ...ng-the-path-rule-condition-in-applocker.md | 4 +- ...e-publisher-rule-condition-in-applocker.md | 4 +- ...-create-and-maintain-applocker-policies.md | 4 +- ...restriction-policies-in-the-same-domain.md | 4 +- ...he-applocker-windows-powershell-cmdlets.md | 4 +- .../using-event-viewer-with-applocker.md | 4 +- ...riction-policies-and-applocker-policies.md | 4 +- .../applocker/what-is-applocker.md | 4 +- .../windows-installer-rules-in-applocker.md | 4 +- .../working-with-applocker-policies.md | 4 +- .../applocker/working-with-applocker-rules.md | 4 +- ...r-application-control-planning-document.md | 4 +- ...pplication-control-management-processes.md | 4 +- ...fender-application-control-design-guide.md | 4 +- ...tion-based-protection-of-code-integrity.md | 10 +- .../windows-platform-common-criteria.md | 205 ++-- .../ltsc/whats-new-windows-10-2019.md | 20 +- 130 files changed, 998 insertions(+), 1000 deletions(-) diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md index c90d6b1c59..15560fccc7 100644 --- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md +++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md @@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow **To set up data collection using a domain allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. **To set up data collection using a zone allow list** - - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index aaabccc9ae..12049fdcb9 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -1,482 +1,483 @@ ---- -ms.localizationpriority: medium -ms.mktglfcycl: deploy -description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. -author: dansimp -ms.prod: ie11 -ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6 -ms.reviewer: -audience: itpro manager: dansimp -ms.author: dansimp -title: Collect data using Enterprise Site Discovery -ms.sitesec: library -ms.date: 07/27/2017 ---- - -# Collect data using Enterprise Site Discovery - -**Applies to:** - -- Windows 10 -- Windows 8.1 -- Windows 7 with Service Pack 1 (SP1) - -Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. - ->**Upgrade Readiness and Windows upgrades**
->You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). - - -## Before you begin -Before you start, you need to make sure you have the following: - -- Latest cumulative security update (for all supported versions of Internet Explorer): - - 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**. - - ![microsoft security bulletin techcenter](images/securitybulletin-filter.png) - - 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table. - - ![affected software section](images/affectedsoftware.png) - - 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section. - -- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including: - - - Configuration-related PowerShell scripts - - - IETelemetry.mof file - - - Sample System Center 2012 report templates - - You must use System Center 2012 R2 Configuration Manager or later for these samples to work. - -Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts. - -## What data is collected? -Data is collected on the configuration characteristics of IE and the sites it browses, as shown here. - -|Data point |IE11 |IE10 |IE9 |IE8 |Description | -|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------| -|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. | -|Domain | X | X | X | X |Top-level domain of the browsed site. | -|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. | -|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. | -|Document mode reason | X | X | | |The reason why a document mode was set by IE. | -|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. | -|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. | -|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. | -|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. | -|Number of visits | X | X | X | X |Number of times a site has been visited. | -|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. | - - ->**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. - -### Understanding the returned reason codes -The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection. - -#### DocMode reason -The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. - -|Code |Description | -|-----|------------| -|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.| -|4 |Page is using an X-UA-compatible meta tag. | -|5 |Page is using an X-UA-compatible HTTP header. | -|6 |Page appears on an active **Compatibility View** list. | -|7 |Page is using native XML parsing. | -|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. | -|9 |Page state is set by the browser mode and the page's DOCTYPE.| - -#### Browser state reason -The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. - -|Code |Description | -|-----|------------| -|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. | -|2 |Site appears on an active **Compatibility View** list, created in Group Policy. | -|3 |Site appears on an active **Compatibility View** list, created by the user. | -|4 |Page is using an X-UA-compatible tag. | -|5 |Page state is set by the **Developer** toolbar. | -|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. | -|7 |Site appears on the Microsoft **Compatibility View (CV)** list. | -|8 |Site appears on the **Quirks** list, created in Group Policy. | -|11 |Site is using the default browser. | - -#### Zone -The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. - -|Code |Description | -|-----|------------| -|-1 |Internet Explorer is using an invalid zone. | -|0 |Internet Explorer is using the Local machine zone. | -|1 |Internet Explorer is using the Local intranet zone. | -|2 |Internet Explorer is using the Trusted sites zone. | -|3 |Internet Explorer is using the Internet zone. | -|4 |Internet Explorer is using the Restricted sites zone. | - -## Where is the data stored and how do I collect it? -The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend: - -- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer. - -- **XML file**. Any agent that works with XML can be used. - -## WMI Site Discovery suggestions -We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company. - -On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:

250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB - ->**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. - -## Getting ready to use Enterprise Site Discovery -Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options: - -- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.

--OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) - -### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges -You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes. - ->**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output. - -**To set up Enterprise Site Discovery** - -- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). - -### WMI only: Set up your firewall for WMI data -If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: - -**To set up your firewall** - -1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**. - -2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**. - -3. Restart your computer to start collecting your WMI data. - -## Use PowerShell to finish setting up Enterprise Site Discovery -You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery). - ->**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device. - -- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process. - -- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process. - -**To set up data collection using a domain allow list** - - - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. - - >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. - -**To set up data collection using a zone allow list** - - - Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. - - >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. - -## Use Group Policy to finish setting up Enterprise Site Discovery -You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery). - ->**Note**
 All of the Group Policy settings can be used individually or as a group. - - **To set up Enterprise Site Discovery using Group Policy** - -- Open your Group Policy editor, and go to these new settings: - - |Setting name and location |Description |Options | - |---------------------------|-------------|---------| - |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |

  • **On.** Turns on WMI recording.
  • **Off.** Turns off WMI recording.
| - |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |
  • **XML file path.** Including this turns on XML recording.
  • **Blank.** Turns off XML recording.
| - |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone

**Example 1:** Include only the Local Intranet zone

Binary representation: *00010*, based on:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone

**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones

Binary representation: *10110*, based on:

1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone | - |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:

microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com | - -### Combining WMI and XML Group Policy settings -You can use both the WMI and XML settings individually or together: - -**To turn off Enterprise Site Discovery** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputBlank
- -**Turn on WMI recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputBlank
- -**To turn on XML recording only** - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputXML file path
- -To turn on both WMI and XML recording - - - - - - - - - - - - - -
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputXML file path
- -## Use Configuration Manager to collect your data -After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: - -- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

--OR- -- Collect your hardware inventory using the MOF Editor with a .MOF import file.

--OR- -- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) - -### Collect your hardware inventory using the MOF Editor while connected to a client device -You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. - - **To collect your inventory** - -1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. - - ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png) - -2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes. - -3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**. - - ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png) - -4. Select the check boxes next to the following classes, and then click **OK**: - - - IESystemInfo - - - IEURLInfo - - - IECountInfo - -5. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports. - -### Collect your hardware inventory using the MOF Editor with a .MOF import file -You can collect your hardware inventory using the MOF Editor and a .MOF import file. - - **To collect your inventory** - -1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. - -2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**. - -3. Pick the inventory items to install, and then click **Import**. - -4. Click **OK** to close the default windows.
-Your environment is now ready to collect your hardware inventory and review the sample reports. - -### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) -You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. - -**To collect your inventory** - -1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `\inboxes\clifiles.src\hinv` directory. - -2. Add this text to the end of the file: - - ``` - [SMS_Report (TRUE), - SMS_Group_Name ("IESystemInfo"), - SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"), - Namespace ("root\\\\cimv2\\\\IETelemetry") ] - Class IESystemInfo: SMS_Class_Template - { - [SMS_Report (TRUE), Key ] - String SystemKey; - [SMS_Report (TRUE) ] - String IEVer; - }; - - [SMS_Report (TRUE), - SMS_Group_Name ("IEURLInfo"), - SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"), - Namespace ("root\\\\cimv2\\\\IETelemetry") ] - Class IEURLInfo: SMS_Class_Template - { - [SMS_Report (TRUE), Key ] - String URL; - [SMS_Report (TRUE) ] - String Domain; - [SMS_Report (TRUE) ] - UInt32 DocMode; - [SMS_Report (TRUE) ] - UInt32 DocModeReason; - [SMS_Report (TRUE) ] - UInt32 Zone; - [SMS_Report (TRUE) ] - UInt32 BrowserStateReason; - [SMS_Report (TRUE) ] - String ActiveXGUID[]; - [SMS_Report (TRUE) ] - UInt32 CrashCount; - [SMS_Report (TRUE) ] - UInt32 HangCount; - [SMS_Report (TRUE) ] - UInt32 NavigationFailureCount; - [SMS_Report (TRUE) ] - UInt32 NumberOfVisits; - [SMS_Report (TRUE) ] - UInt32 MostRecentNavigationFailure; - }; - - [SMS_Report (TRUE), - SMS_Group_Name ("IECountInfo"), - SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"), - Namespace ("root\\\\cimv2\\\\IETelemetry") ] - Class IECountInfo: SMS_Class_Template - { - [SMS_Report (TRUE), Key ] - String CountKey; - [SMS_Report (TRUE) ] - UInt32 CrashCount; - [SMS_Report (TRUE) ] - UInt32 HangCount; - [SMS_Report (TRUE) ] - UInt32 NavigationFailureCount; - }; - ``` - -3. Save the file and close it to the same location. - Your environment is now ready to collect your hardware inventory and review the sample reports. - -## View the sample reports with your collected data -The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. - -### SCCM Report Sample – ActiveX.rdl -Gives you a list of all of the ActiveX-related sites visited by the client computer. - -![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png) - -### SCCM Report Sample – Site Discovery.rdl -Gives you a list of all of the sites visited by the client computer. - -![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png) - -## View the collected XML data -After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like: - -``` xml - - - [dword] - [dword] - [dword] - - - [string] - - [guid] - - [dword] - [dword] - [dword] - [dword] - [dword] - [dword] - [dword] - [dword] - [string] - [dword] - - - - -``` -You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list. - -**To add your XML data to your Enterprise Mode site list** - -1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**. - - ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png) - -2. Go to your XML file to add the included sites to the tool, and then click **Open**.
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). - -3. Click **OK** to close the **Bulk add sites to the list** menu. - -## Turn off data collection on your client devices -After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off. - -**To stop collecting data, using PowerShell** - -- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`. - - >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer. - - -**To stop collecting data, using Group Policy** - -1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**. - -2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location. - -### Delete already stored data from client computers -You can completely remove the data stored on your employee’s computers. - -**To delete all existing data** - -- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands: - - - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo` - - - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo` - - - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo` - - - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'` - -## Related topics -* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562) -* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) - - - - +--- +ms.localizationpriority: medium +ms.mktglfcycl: deploy +description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. +author: dansimp +ms.prod: ie11 +ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6 +ms.reviewer: +audience: itpro +manager: dansimp +ms.author: dansimp +title: Collect data using Enterprise Site Discovery +ms.sitesec: library +ms.date: 07/27/2017 +--- + +# Collect data using Enterprise Site Discovery + +**Applies to:** + +- Windows 10 +- Windows 8.1 +- Windows 7 with Service Pack 1 (SP1) + +Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. + +>**Upgrade Readiness and Windows upgrades**
+>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). + + +## Before you begin +Before you start, you need to make sure you have the following: + +- Latest cumulative security update (for all supported versions of Internet Explorer): + + 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**. + + ![microsoft security bulletin techcenter](images/securitybulletin-filter.png) + + 2. Click the title of the latest cumulative security update, and then scroll down to the **Affected software** table. + + ![affected software section](images/affectedsoftware.png) + + 3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section. + +- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including: + + - Configuration-related PowerShell scripts + + - IETelemetry.mof file + + - Sample System Center 2012 report templates + + You must use System Center 2012 R2 Configuration Manager or later for these samples to work. + +Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts. + +## What data is collected? +Data is collected on the configuration characteristics of IE and the sites it browses, as shown here. + +|Data point |IE11 |IE10 |IE9 |IE8 |Description | +|------------------------|-----|-----|-----|-----|------------------------------------------------------------------------| +|URL | X | X | X | X |URL of the browsed site, including any parameters included in the URL. | +|Domain | X | X | X | X |Top-level domain of the browsed site. | +|ActiveX GUID | X | X | X | X |GUID of the ActiveX controls loaded by the site. | +|Document mode | X | X | X | X |Document mode used by IE for a site, based on page characteristics. | +|Document mode reason | X | X | | |The reason why a document mode was set by IE. | +|Browser state reason | X | X | | |Additional information about why the browser is in its current state. Also called, browser mode. | +|Hang count | X | X | X | X |Number of visits to the URL when the browser hung. | +|Crash count | X | X | X | X |Number of visits to the URL when the browser crashed. | +|Most recent navigation failure (and count) | X | X | X | X |Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened. | +|Number of visits | X | X | X | X |Number of times a site has been visited. | +|Zone | X | X | X | X |Zone used by IE to browse sites, based on browser settings. | + + +>**Important**
By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. + +### Understanding the returned reason codes +The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection. + +#### DocMode reason +The codes in this table can tell you what document mode was set by IE for a webpage.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.| +|4 |Page is using an X-UA-compatible meta tag. | +|5 |Page is using an X-UA-compatible HTTP header. | +|6 |Page appears on an active **Compatibility View** list. | +|7 |Page is using native XML parsing. | +|8 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. | +|9 |Page state is set by the browser mode and the page's DOCTYPE.| + +#### Browser state reason +The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.
These codes only apply to Internet Explorer 10 and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. | +|2 |Site appears on an active **Compatibility View** list, created in Group Policy. | +|3 |Site appears on an active **Compatibility View** list, created by the user. | +|4 |Page is using an X-UA-compatible tag. | +|5 |Page state is set by the **Developer** toolbar. | +|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. | +|7 |Site appears on the Microsoft **Compatibility View (CV)** list. | +|8 |Site appears on the **Quirks** list, created in Group Policy. | +|11 |Site is using the default browser. | + +#### Zone +The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.
These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. + +|Code |Description | +|-----|------------| +|-1 |Internet Explorer is using an invalid zone. | +|0 |Internet Explorer is using the Local machine zone. | +|1 |Internet Explorer is using the Local intranet zone. | +|2 |Internet Explorer is using the Trusted sites zone. | +|3 |Internet Explorer is using the Internet zone. | +|4 |Internet Explorer is using the Restricted sites zone. | + +## Where is the data stored and how do I collect it? +The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend: + +- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer. + +- **XML file**. Any agent that works with XML can be used. + +## WMI Site Discovery suggestions +We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company. + +On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:

250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB + +>**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. + +## Getting ready to use Enterprise Site Discovery +Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options: + +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges +You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes. + +>**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output. + +**To set up Enterprise Site Discovery** + +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460). + +### WMI only: Set up your firewall for WMI data +If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: + +**To set up your firewall** + +1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**. + +2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**. + +3. Restart your computer to start collecting your WMI data. + +## Use PowerShell to finish setting up Enterprise Site Discovery +You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery). + +>**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device. + +- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process. + +- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process. + +**To set up data collection using a domain allow list** + +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. + + >**Important**
Wildcards, like \*.microsoft.com, aren’t supported. + +**To set up data collection using a zone allow list** + +- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. + + >**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. + +## Use Group Policy to finish setting up Enterprise Site Discovery +You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery). + +>**Note**
 All of the Group Policy settings can be used individually or as a group. + + **To set up Enterprise Site Discovery using Group Policy** + +- Open your Group Policy editor, and go to these new settings: + + |Setting name and location |Description |Options | + |---------------------------|-------------|---------| + |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |

  • **On.** Turns on WMI recording.
  • **Off.** Turns off WMI recording.
| + |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |
  • **XML file path.** Including this turns on XML recording.
  • **Blank.** Turns off XML recording.
| + |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone

**Example 1:** Include only the Local Intranet zone

Binary representation: *00010*, based on:

0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone

**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones

Binary representation: *10110*, based on:

1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone | + |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:

microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com | + +### Combining WMI and XML Group Policy settings +You can use both the WMI and XML settings individually or together: + +**To turn off Enterprise Site Discovery** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputBlank
+ +**Turn on WMI recording only** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputBlank
+ +**To turn on XML recording only** + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOff
Turn on Site Discovery XML outputXML file path
+ +To turn on both WMI and XML recording + + + + + + + + + + + + + +
Setting nameOption
Turn on Site Discovery WMI outputOn
Turn on Site Discovery XML outputXML file path
+ +## Use Configuration Manager to collect your data +After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: + +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### Collect your hardware inventory using the MOF Editor while connected to a client device +You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. + + **To collect your inventory** + +1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. + + ![Configuration Manager, showing the hardware inventory settings for client computers](images/configmgrhardwareinventory.png) + +2. Click **Add**, click **Connect**, and connect to a computer that has completed the setup process and has already existing classes. + +3. Change the **WMI Namespace** to `root\cimv2\IETelemetry`, and click **Connect**. + + ![Configuration Manager, with the Connect to Windows Management Instrumentation (WMI) box](images/ie11-inventory-addclassconnectscreen.png) + +4. Select the check boxes next to the following classes, and then click **OK**: + + - IESystemInfo + + - IEURLInfo + + - IECountInfo + +5. Click **OK** to close the default windows.
+Your environment is now ready to collect your hardware inventory and review the sample reports. + +### Collect your hardware inventory using the MOF Editor with a .MOF import file +You can collect your hardware inventory using the MOF Editor and a .MOF import file. + + **To collect your inventory** + +1. From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**. + +2. Click **Import**, choose the MOF file from the downloaded package we provided, and click **Open**. + +3. Pick the inventory items to install, and then click **Import**. + +4. Click **OK** to close the default windows.
+Your environment is now ready to collect your hardware inventory and review the sample reports. + +### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. + +**To collect your inventory** + +1. Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `\inboxes\clifiles.src\hinv` directory. + +2. Add this text to the end of the file: + + ``` + [SMS_Report (TRUE), + SMS_Group_Name ("IESystemInfo"), + SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IESystemInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String SystemKey; + [SMS_Report (TRUE) ] + String IEVer; + }; + + [SMS_Report (TRUE), + SMS_Group_Name ("IEURLInfo"), + SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IEURLInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String URL; + [SMS_Report (TRUE) ] + String Domain; + [SMS_Report (TRUE) ] + UInt32 DocMode; + [SMS_Report (TRUE) ] + UInt32 DocModeReason; + [SMS_Report (TRUE) ] + UInt32 Zone; + [SMS_Report (TRUE) ] + UInt32 BrowserStateReason; + [SMS_Report (TRUE) ] + String ActiveXGUID[]; + [SMS_Report (TRUE) ] + UInt32 CrashCount; + [SMS_Report (TRUE) ] + UInt32 HangCount; + [SMS_Report (TRUE) ] + UInt32 NavigationFailureCount; + [SMS_Report (TRUE) ] + UInt32 NumberOfVisits; + [SMS_Report (TRUE) ] + UInt32 MostRecentNavigationFailure; + }; + + [SMS_Report (TRUE), + SMS_Group_Name ("IECountInfo"), + SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"), + Namespace ("root\\\\cimv2\\\\IETelemetry") ] + Class IECountInfo: SMS_Class_Template + { + [SMS_Report (TRUE), Key ] + String CountKey; + [SMS_Report (TRUE) ] + UInt32 CrashCount; + [SMS_Report (TRUE) ] + UInt32 HangCount; + [SMS_Report (TRUE) ] + UInt32 NavigationFailureCount; + }; + ``` + +3. Save the file and close it to the same location. + Your environment is now ready to collect your hardware inventory and review the sample reports. + +## View the sample reports with your collected data +The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. + +### SCCM Report Sample – ActiveX.rdl +Gives you a list of all of the ActiveX-related sites visited by the client computer. + +![ActiveX.rdl report, lists all ActiveX-related sites visited by the client computer](images/configmgractivexreport.png) + +### SCCM Report Sample – Site Discovery.rdl +Gives you a list of all of the sites visited by the client computer. + +![Site Discovery.rdl report, lists all websites visited by the client computer](images/ie-site-discovery-sample-report.png) + +## View the collected XML data +After the XML files are created, you can use your own solutions to extract and parse the data. The data will look like: + +``` xml + + + [dword] + [dword] + [dword] + + + [string] + + [guid] + + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [dword] + [string] + [dword] + + + + +``` +You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list. + +**To add your XML data to your Enterprise Mode site list** + +1. Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**. + + ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png) + +2. Go to your XML file to add the included sites to the tool, and then click **Open**.
Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md). + +3. Click **OK** to close the **Bulk add sites to the list** menu. + +## Turn off data collection on your client devices +After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off. + +**To stop collecting data, using PowerShell** + +- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`. + + >**Note**
Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer. + + +**To stop collecting data, using Group Policy** + +1. Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**. + +2. Go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output`, and clear the file path location. + +### Delete already stored data from client computers +You can completely remove the data stored on your employee’s computers. + +**To delete all existing data** + +- On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands: + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo` + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo` + + - `Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo` + + - `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'` + +## Related topics +* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562) +* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) + + + + diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 6cb247c60b..0ff5596fa3 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -37,10 +37,10 @@ When you develop for HoloLens, there are [system requirements and tools](https:/ - TTLS-TLS ### Device management - - Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) - - Wi-Fi network - - Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs - +- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) +- Wi-Fi network +- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs + ### Upgrade to Windows Holographic for Business - HoloLens Enterprise license XML file diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 60ff9078bd..e0df401dea 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -20,9 +20,9 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices. ## System requirements - - Surface Pro 3 or later +- Surface Pro 3 or later - - UEFI firmware version 3.9.150.0 or later +- UEFI firmware version 3.9.150.0 or later ## Using Surface Asset Tag diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 6dcd9db277..4a3c4f93b3 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -59,14 +59,14 @@ instant on/instant off functionality typical of smartphones. S0ix, also known as Deepest Runtime Idle Platform State (DRIPS), is the default power mode for Surface devices. Modern standby has two modes: - - **Connected standby.** The default mode for up-to-the minute - delivery of emails, messaging, and cloud-synced data, connected - standby keeps Wi-Fi on and maintains network connectivity. +- **Connected standby.** The default mode for up-to-the minute + delivery of emails, messaging, and cloud-synced data, connected + standby keeps Wi-Fi on and maintains network connectivity. - - **Disconnected standby.** An optional mode for extended battery - life, disconnected standby delivers the same instant-on experience - and saves power by turning off Wi-Fi, Bluetooth, and related network - connectivity. +- **Disconnected standby.** An optional mode for extended battery + life, disconnected standby delivers the same instant-on experience + and saves power by turning off Wi-Fi, Bluetooth, and related network + connectivity. To learn more about modern standby, refer to the [Microsoft Hardware Dev Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources). @@ -76,13 +76,13 @@ Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/mo Surface integrates the following features designed to help users optimize the power management experience: - - [Singular power plan](#singular-power-plan) +- [Singular power plan](#singular-power-plan) - - [Simplified power settings user - interface](#simplified-power-settings-user-interface) +- [Simplified power settings user + interface](#simplified-power-settings-user-interface) - - [Windows performance power - slider](#windows-performance-power-slider) +- [Windows performance power + slider](#windows-performance-power-slider) ### Singular power plan @@ -171,4 +171,4 @@ To learn more, see: - [Battery saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) \ No newline at end of file +- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 34ccb3aa18..41b2e3d994 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -25,16 +25,16 @@ designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. The tool automatically dims the screen when not in use and includes the following configuration options: - - Period of inactivity before dimming the display. +- Period of inactivity before dimming the display. - - Brightness level when dimmed. +- Brightness level when dimmed. - - Maximum brightness level when in use. +- Maximum brightness level when in use. **To run Surface Brightness Control:** - - Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control - will begin working immediately. +- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control + will begin working immediately. ## Configuring Surface Brightness Control diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index a1e5874ea2..956924345f 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -100,25 +100,25 @@ The following steps show you how to create a deployment share for Windows 10 tha 7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes: - - Download of Windows ADK + - Download of Windows ADK - - Installation of Windows ADK + - Installation of Windows ADK - - Download of MDT + - Download of MDT - - Installation of MDT + - Installation of MDT - - Download of Surface apps and drivers + - Download of Surface apps and drivers - - Creation of the deployment share + - Creation of the deployment share - - Import of Windows installation files into the deployment share + - Import of Windows installation files into the deployment share - - Import of the apps and drivers into the deployment share + - Import of the apps and drivers into the deployment share - - Creation of rules and task sequences for Windows deployment + - Creation of rules and task sequences for Windows deployment - ![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window") + ![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window") *Figure 5. The Installation Progress window* diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md index eaa22faf91..1f8eb4eb0f 100644 --- a/education/windows/set-up-windows-10.md +++ b/education/windows/set-up-windows-10.md @@ -20,9 +20,9 @@ manager: dansimp - Windows 10 You have two tools to choose from to set up PCs for your classroom: - * Set up School PCs - * Windows Configuration Designer - +* Set up School PCs +* Windows Configuration Designer + Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account). You can use the following diagram to compare the tools. diff --git a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md index d572d752a6..acfe510e08 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md +++ b/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md @@ -79,13 +79,13 @@ Click **Next**. 10. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. If you want to customize any of the items in the following list, select **Customize**. - - Edit the file type associations associated with an application. + - Edit the file type associations associated with an application. - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. + - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 11. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application that you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. Under the application, select **Shortcuts** to review the shortcut information associated with an application. In the **Location** pane, you can review the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**. diff --git a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md index c1dbfafeb3..baf39c7e2c 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md +++ b/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md @@ -69,13 +69,13 @@ Click **Next**. 11. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 15 of this procedure. If you want to customize any of the items in the following list, select **Customize**. - - Edit the file type associations and the icons associated with an application. + - Edit the file type associations and the icons associated with an application. - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. + - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 12. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) and shortcut locations that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. To review the shortcut information associated with an application, under the application, select **Shortcuts**, and in the **Location** pane, you can edit the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**. diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md index 7bc0c4e2c1..e1e6432a8a 100644 --- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md +++ b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md @@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients Import-Module AppVPkgConverter ``` -3. - - The following cmdlets are available: +3. The following cmdlets are available: - Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`. diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md index f69cd05803..8652ce06d6 100644 --- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md +++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md @@ -143,11 +143,11 @@ Click **Next**. 11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**. - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. + - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. @@ -234,11 +234,11 @@ Click **Next**. 10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**. - - Optimize how the package will run across a slow or unreliable network. + - Optimize how the package will run across a slow or unreliable network. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**. diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md index 5143059379..ba6d5a807d 100644 --- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md +++ b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md @@ -128,11 +128,11 @@ Click **Next**. 11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**. - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. + - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. @@ -210,11 +210,11 @@ On the computer that runs the sequencer, click **All Programs**, and then Click 10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**. - - Optimize how the package will run across a slow or unreliable network. + - Optimize how the package will run across a slow or unreliable network. - - Specify the operating systems that can run this package. + - Specify the operating systems that can run this package. - Click **Next**. + Click **Next**. 11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**. diff --git a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md index 4c7082ea57..76b918713f 100644 --- a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md +++ b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md @@ -90,13 +90,13 @@ If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the rep 10. Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page does not display any metadata. - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMAdministrationService/AdministrationService.svc + - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMAdministrationService/AdministrationService.svc - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMUserSupportService/UserSupportService.svc + - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMUserSupportService/UserSupportService.svc - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMComplianceStatusService/StatusReportingService.svc + - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMComplianceStatusService/StatusReportingService.svc - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMRecoveryAndHardwareService/CoreService.svc + - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMRecoveryAndHardwareService/CoreService.svc ## Validating the MBAM Server deployment with the Configuration Manager Integration topology diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md index 115dd3fa5b..91a18494e2 100644 --- a/store-for-business/manage-orders-microsoft-store-for-business.md +++ b/store-for-business/manage-orders-microsoft-store-for-business.md @@ -42,14 +42,14 @@ Refunds work a little differently for free apps, and apps that have a price. In **Refunds for free apps** - For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory. +For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory. - **Refunds for apps that have a price** +**Refunds for apps that have a price** - There are a few requirements for apps that have a price: - - **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30. - - **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization. - - **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory. +There are a few requirements for apps that have a price: +- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30. +- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization. +- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory. **To refund an order** diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md index 3d117f1d01..099bcdf1c4 100644 --- a/windows/application-management/app-v/appv-capacity-planning.md +++ b/windows/application-management/app-v/appv-capacity-planning.md @@ -128,9 +128,9 @@ Computers running the App-V client connect to the App-V publishing server to sen > [!IMPORTANT] > The following list displays the main factors to consider when setting up the App-V publishing server: -> * The number of clients connecting simultaneously to a single publishing server. -> * The number of packages in each refresh. -> * The available network bandwidth in your environment between the client and the App-V publishing server. +> * The number of clients connecting simultaneously to a single publishing server. +> * The number of packages in each refresh. +> * The available network bandwidth in your environment between the client and the App-V publishing server. |Scenario|Summary| |---|---| @@ -153,9 +153,9 @@ Computers running the App-V client stream the virtual application package from t > [!IMPORTANT] > The following list identifies the main factors to consider when setting up the App-V streaming server: -> * The number of clients streaming application packages simultaneously from a single streaming server. -> * The size of the package being streamed. -> * The available network bandwidth in your environment between the client and the streaming server. +> * The number of clients streaming application packages simultaneously from a single streaming server. +> * The size of the package being streamed. +> * The available network bandwidth in your environment between the client and the streaming server. |Scenario|Summary| |---|---| diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index e35af4bde2..debd9dbd5a 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -49,9 +49,9 @@ The following diagram shows the NetworkQoSPolicy configuration service provider

Valid values are: - - 0 (default) - Both TCP and UDP - - 1 - TCP - - 2 - UDP +- 0 (default) - Both TCP and UDP +- 1 - TCP +- 2 - UDP

The data type is int. diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 5ce6a56526..9feb66be2d 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -478,11 +478,11 @@ An XML blob that specifies the application restrictions company want to put to t > > Here's additional guidance for the upgrade process: > -> - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents). -> - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it. -> - In the SyncML, you must use lowercase product ID. -> - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error. -> - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents). +> - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents). +> - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it. +> - In the SyncML, you must use lowercase product ID. +> - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error. +> - You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents). An application that is running may not be immediately terminated. diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 5e4b03fa34..1553b89d93 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -70,8 +70,8 @@ manager: dansimp This setting determines whether non-administrators can use Task Manager to end tasks. Value type is integer. Supported values: - - 0 - Disabled. EndTask functionality is blocked in TaskManager. - - 1 - Enabled (default). Users can perform EndTask in TaskManager. +- 0 - Disabled. EndTask functionality is blocked in TaskManager. +- 1 - Enabled (default). Users can perform EndTask in TaskManager. diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 0b9e8aa3aa..7831cfbce6 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -30,9 +30,9 @@ Interior node. Supported operation is Get. **Settings/AllowWindowsDefenderApplicationGuard** Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment. - - 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container. + +- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment. +- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container. **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete. diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index b7a9b2ca2d..2e002f5962 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -233,10 +233,10 @@ XML files can and should be tested locally on a Hyper-V or other virtual machine - User-initiated changes to the start layout are not roamed. Specifically, behaviors include - - Applications (apps or icons) pinned to the start menu are missing. - - Entire tile window disappears. - - The start button fails to respond. - - If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing. +- Applications (apps or icons) pinned to the start menu are missing. +- Entire tile window disappears. +- The start button fails to respond. +- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing. ![Example of a working layout](images/start-ts-3.png) diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md index 9dd957088d..cb9a984961 100644 --- a/windows/configuration/wcd/wcd-messaging.md +++ b/windows/configuration/wcd/wcd-messaging.md @@ -357,4 +357,4 @@ For networks that require non-standard handling of single-segment incoming MMS W ## Related topics - - [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms) +- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index cd3aaab920..355c0da246 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -319,54 +319,54 @@ Each rule name and its associated unique rule identifier are listed with a descr ## Release notes 06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. - - All date and time outputs are updated to localized format per user request. - - Added setup Operation and Phase information to /verbose log. - - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). - - Performance improvement in searching setupact.logs to determine correct log to parse. - - Added SetupDiag version number to text report (xml and json always had it). - - Added "no match" reports for xml and json per user request. - - Formatted Json output for easy readability. - - Performance improvements when searching for setup logs; this should be much faster now. - - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. - - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** - - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. - - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. - - This registry key also gets deleted when a new update instance is invoked. - - For an example, see [Sample registry key](#sample-registry-key). +- All date and time outputs are updated to localized format per user request. +- Added setup Operation and Phase information to /verbose log. +- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). +- Performance improvement in searching setupact.logs to determine correct log to parse. +- Added SetupDiag version number to text report (xml and json always had it). +- Added "no match" reports for xml and json per user request. +- Formatted Json output for easy readability. +- Performance improvements when searching for setup logs; this should be much faster now. +- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. +- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** + - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. + - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. + - This registry key also gets deleted when a new update instance is invoked. + - For an example, see [Sample registry key](#sample-registry-key). 05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset). +- This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset). 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - - The FindDownlevelFailure rule is up to 10x faster. - - New rules have been added to analyze failures upgrading to Windows 10 version 1809. - - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. - - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. - - Some functional and output improvements were made for several rules. +- This release includes major improvements in rule processing performance: ~3x faster rule processing performance! + - The FindDownlevelFailure rule is up to 10x faster. +- New rules have been added to analyze failures upgrading to Windows 10 version 1809. +- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. +- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. +- Some functional and output improvements were made for several rules. 07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. - - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. +- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. 07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. - - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. - - New feature: Ability to output logs in JSON and XML format. - - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. - - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. - - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. - - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. +- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. +- New feature: Ability to output logs in JSON and XML format. + - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. + - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. +- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. +- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. 05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. - - Fixed a bug in device install failure detection in online mode. - - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. - - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. +- Fixed a bug in device install failure detection in online mode. +- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. +- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. 05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. - - A performance enhancment has been added to result in faster rule processing. - - Rules output now includes links to support articles, if applicable. - - SetupDiag now provides the path and name of files that it is processing. - - You can now run SetupDiag by simply clicking on it and then examining the output log file. - - An output log file is now always created, whether or not a rule was matched. +- A performance enhancment has been added to result in faster rule processing. +- Rules output now includes links to support articles, if applicable. +- SetupDiag now provides the path and name of files that it is processing. +- You can now run SetupDiag by simply clicking on it and then examining the output log file. +- An output log file is now always created, whether or not a rule was matched. 03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index a9317ae207..4fcd4811c2 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -84,13 +84,13 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: - - [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) - - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) - - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) - - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). - - [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. - - [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. - - [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). +- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) +- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) +- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) +- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). +- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. +- [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. +- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). Additionally, the following are also recommended (but not required): - [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index a7aec9de77..af50e5b96b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1049,11 +1049,11 @@ To turn off dictation of your voice, speaking to Cortana and other apps, and to If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models: - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** -or- - - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** +- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** @@ -1415,11 +1415,11 @@ In the **Inking & Typing** area you can configure the functionality as such: To turn off Inking & Typing data collection (note: there is no Group Policy for this setting): - - In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off** +- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off** -or- - - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)** +- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)** ### 18.22 Activity History @@ -1484,29 +1484,29 @@ To turn this Off in the UI: Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following: - **For Windows 10:** +**For Windows 10:** - - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** +- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** -or- - - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**. +- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**. **For Windows Server 2019 or later:** - - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** +- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** -or- - - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). **For Windows Server 2016:** - - Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). - >[!NOTE] - >Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead. - >The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. +>[!NOTE] +>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead. +>The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. ### 20. Storage health diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 26b5607798..f32db55329 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -71,7 +71,7 @@ Azure AD Join is intended for organizations that desire to be cloud-first or clo [Join Type](#join-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined) ### More information - - [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction). +- [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction). [Return to Top](hello-how-it-works-technology.md) ## Azure AD Registered diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 847bbfdf0e..d1c11a2a8c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -309,13 +309,13 @@ Sign-in a workstation with access equivalent to a _domain user_. ![Intune Windows Hello for Business policy settings](images/aadj/IntuneWHFBPolicy-01.png) 11. Select the appropriate configuration for the following settings. - * **Lowercase letters in PIN** - * **Uppercase letters in PIN** - * **Special characters in PIN** - * **PIN expiration (days)** - * **Remember PIN history** - > [!NOTE] - > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. + * **Lowercase letters in PIN** + * **Uppercase letters in PIN** + * **Special characters in PIN** + * **PIN expiration (days)** + * **Remember PIN history** + > [!NOTE] + > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. 12. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. 13. Select **No** to **Allow phone sign-in**. This feature has been deprecated. diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index d9a19aed80..57238c3214 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -34,9 +34,9 @@ With Windows Hello for Business and passwords coexisting in your environment, th ### 3. Transition into a passwordless deployment Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where: - - the users never type their password - - the users never change their password - - the users do not know their password +- the users never type their password +- the users never change their password +- the users do not know their password In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index a0d1ffbf6e..fbb2f028fd 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -24,11 +24,11 @@ The Windows 10 operating system improves most existing security features in the **See also:** - - [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) +- [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) - - [TPM Fundamentals](tpm-fundamentals.md) +- [TPM Fundamentals](tpm-fundamentals.md) - - [TPM Recommendations](tpm-recommendations.md)  +- [TPM Recommendations](tpm-recommendations.md)  ## TPM Overview diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index ac3e78109d..5548e18dd5 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -18,14 +18,14 @@ ms.reviewer: On this page - - [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo) - - [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd) - - [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd) - - [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve) - - [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac) - - [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac) - - [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac) - - [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg) +- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo) +- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd) +- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd) +- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve) +- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac) +- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac) +- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac) +- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg) Updated: March 2018 @@ -103,12 +103,12 @@ Rather than validate individual components and products, Microsoft chooses to va The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules: - - Schannel Security Package - - Remote Desktop Protocol (RDP) Client - - Encrypting File System (EFS) - - Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) - - BitLocker® Drive Full-volume Encryption - - IPsec Settings of Windows Firewall +- Schannel Security Package +- Remote Desktop Protocol (RDP) Client +- Encrypting File System (EFS) +- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) +- BitLocker® Drive Full-volume Encryption +- IPsec Settings of Windows Firewall ## Information for System Integrators @@ -145,12 +145,12 @@ While there are alternative methods for setting the FIPS local/group security po The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy. - - Schannel Security Package - - Remote Desktop Protocol (RDP) Client - - Encrypting File System (EFS) - - Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) - - BitLocker® Drive Full-volume Encryption - - IPsec Settings of Windows Firewall +- Schannel Security Package +- Remote Desktop Protocol (RDP) Client +- Encrypting File System (EFS) +- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) +- BitLocker® Drive Full-volume Encryption +- IPsec Settings of Windows Firewall #### Effects of Setting FIPS Local/Group Security Policy Flag diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index aa7a994ca7..406b15ff97 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -143,8 +143,8 @@ For more information, see [Create rules for alert notifications](configure-email These check boxes must be checked: - - **Include organization name** - The customer name will be added to email notifications - - **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal +- **Include organization name** - The customer name will be added to email notifications +- **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal ## Fetch alerts from MSSP customer's tenant into the SIEM system diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index dba3eaf576..71cc754e25 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -36,17 +36,17 @@ The embedded Microsoft Defender ATP sensor runs in system context using the Loca The WinHTTP configuration setting is independent of the Windows Internet (WinINet) Internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: - - Auto-discovery methods: - - Transparent proxy - - Web Proxy Auto-discovery Protocol (WPAD) +- Auto-discovery methods: + - Transparent proxy + - Web Proxy Auto-discovery Protocol (WPAD) > [!NOTE] > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). - - Manual static proxy configuration: - - Registry based configuration - - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy) +- Manual static proxy configuration: + - Registry based configuration + - WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy) @@ -182,4 +182,4 @@ However, if the connectivity check results indicate a failure, an HTTP error is ## Related topics - [Onboard Windows 10 machines](configure-endpoints.md) -- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) \ No newline at end of file +- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md index 9b2eecd333..14ad8b673c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md @@ -49,19 +49,19 @@ When you add a machine to your environment, Microsoft Defender ATP sets up a wel The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. - The following security components are pre-configured in the test machines: + The following security components are pre-configured in the test machines: - - [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) - - [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) - - [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) - - [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection) - - [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard) - - [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) - - [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) - - [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview) +- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) +- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus) +- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard) +- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection) +- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard) +- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus) +- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) +- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview) - >[!NOTE] - > Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +>[!NOTE] +> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index 34c8475792..31fa70aa03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -26,9 +26,9 @@ ms.date: 09/24/2018 Full scenario using multiple APIs from Microsoft Defender ATP. In this section we share PowerShell samples to - - Retrieve a token - - Use token to retrieve the latest alerts in Microsoft Defender ATP - - For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL. +- Retrieve a token +- Use token to retrieve the latest alerts in Microsoft Defender ATP +- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL. >**Prerequisite**: You first need to [create an app](apis-intro.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md index bd6891a8c2..badfd2aed7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md @@ -53,8 +53,8 @@ Do you expect a machine to be in ‘Active’ status? [Open a support ticket](ht ## Misconfigured machines Misconfigured machines can further be classified to: - - Impaired communications - - No sensor data +- Impaired communications +- No sensor data ### Impaired communications This status indicates that there's limited communication between the machine and the service. diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md index 66a4fdedf6..ada385d846 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md @@ -32,13 +32,13 @@ ms.topic: conceptual Follow the corresponding instructions depending on your preferred deployment method. ## Offboard Windows 10 machines - - [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script) - - [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy) - - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager) - - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools) +- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script) +- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy) +- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager) +- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools) ## Offboard Servers - - [Offboard servers](configure-server-endpoints.md#offboard-servers) +- [Offboard servers](configure-server-endpoints.md#offboard-servers) ## Offboard non-Windows machines - - [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines) +- [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md index 7b758a94bc..0be4b4e073 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md @@ -44,9 +44,9 @@ In the context of Microsoft Defender ATP, alert definitions are containers for I Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console. Here is an example of an IOC: - - Type: Sha1 - - Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56 - - Action: Equals +- Type: Sha1 +- Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56 +- Action: Equals IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index 289a76f1c5..fa862e9599 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -296,9 +296,9 @@ You might also need to check the following: ## Licensing requirements Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - Windows 10 Enterprise E5 - - Windows 10 Education E5 - - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 +- Windows 10 Enterprise E5 +- Windows 10 Education E5 +- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index b61fbe54d1..115361ba35 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -191,7 +191,7 @@ This setting will prevent a scan from occurring after receiving an update. You c ### Enable headless UI mode - - Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users. +- Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 3622d0e101..f762644195 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Add rules for packaged apps to existing AppLocker rule-set **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md index 86c295cf9e..8730c6c545 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md @@ -20,8 +20,8 @@ ms.date: 02/28/2019 # Administer AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md index d2d3584bf7..f7a0f16873 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker architecture and components **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professional describes AppLocker’s basic architecture and its major components. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md index c12a1e59ac..3bfb26bb30 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker functions **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 37045a74e8..7f4112593f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -20,8 +20,8 @@ ms.date: 10/16/2017 # AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index 7758f45ec7..e92450d695 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -21,8 +21,8 @@ ms.date: 09/21/2017 # AppLocker deployment guide **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md index a7258ab473..d723d9a054 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker design guide **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index 6e50eebbd2..3e660d6659 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker policy use scenarios **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index e32e6bf896..54ec678b22 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker processes and interactions **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md index c02fce9a90..f289a40fe7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker settings **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional lists the settings used by AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md index f330084b0b..031ce25230 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # AppLocker technical reference **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This overview topic for IT professionals provides links to the topics in the technical reference. AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index ce69d9e064..2dd978d52b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -20,8 +20,8 @@ ms.date: 06/08/2018 # Configure an AppLocker policy for audit only **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 24f5aeb1ef..36cce5baec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Configure an AppLocker policy for enforce rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index 018d76dd6b..dfb7c8814a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Add exceptions for an AppLocker rule **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index 52899e5621..a3a2d593bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Configure the AppLocker reference device **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md index fffa53c756..c2c55cccf6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -20,8 +20,8 @@ ms.date: 04/02/2018 # Configure the Application Identity service **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index d87b6b2d31..7ac5a2faeb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create a rule for packaged apps **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 9248042379..f7689c76f7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create a rule that uses a file hash condition **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index 7d7608f7c8..728693dc35 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create a rule that uses a path condition **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals shows how to create an AppLocker rule with a path condition. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index 58609a7102..5a875b4b84 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create a rule that uses a publisher condition **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md index 8f20bf3c9a..f68602c282 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create AppLocker default rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 7afc539899..e0c0cb658f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create a list of apps deployed to each business group **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md index 859761b9b9..4cb2f24434 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create Your AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md index 6fb52b2843..6d75ecfc99 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create Your AppLocker rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index 84e53cfb2d..be00ebc127 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -20,8 +20,8 @@ ms.date: 08/02/2018 # Delete an AppLocker rule **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to delete an AppLocker rule. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 0fe96e42aa..65374479fc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Deploy AppLocker policies by using the enforce rules setting **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index dd81603afd..058e736230 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Deploy the AppLocker policy into production **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 2226a672dd..e03376d487 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Determine the Group Policy structure and rule enforcement **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This overview topic describes the process to follow when you are planning to deploy AppLocker rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index c8d4acc789..3b75aaec82 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Determine which apps are digitally signed on a reference device **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index e1b0bef761..7f43b4f3cd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Determine your application control objectives **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index c39d07f07a..f87c93e451 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Display a custom URL message when users try to run a blocked app **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 60741a87ed..ec45f1d75e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # DLL rules in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the file formats and available default rules for the DLL rule collection. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 415d381cc4..44a181aa71 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Document the Group Policy structure and AppLocker rule enforcement **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 1ea62b509f..3cac5abbce 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Document your app list **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index a748a0fb9d..2147e2fe3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Document your AppLocker rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index 08db847c8a..03b04a1190 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Edit an AppLocker policy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps required to modify an AppLocker policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md index 8bf42722e6..028a8237bc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Edit AppLocker rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index 1f45a8cb4d..575de45499 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Enable the DLL rule collection **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md index e34cd10524..b396db1cfb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Enforce AppLocker rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to enforce application control rules by using AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 09e13411bb..ffdc7ace8c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Executable rules in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the file formats and available default rules for the executable rule collection. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index 579f6a1677..0443b67c6b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Export an AppLocker policy from a GPO **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 1d42dabe51..6856386f4a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Export an AppLocker policy to an XML file **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md index 6d259a430f..b4adeb4b33 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # How AppLocker works **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index cd3f2ab32d..eaa7c7aa78 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Import an AppLocker policy from another computer **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to import an AppLocker policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index 07ffba8bd0..ac5ac53cd5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Import an AppLocker policy into a GPO **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index af959d3197..20b1b50dae 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Maintain AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes how to maintain rules within AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index bd4497b964..3a9dee486d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Manage packaged apps with AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 575ad0d393..47c7db9884 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Merge AppLocker policies by using Set-ApplockerPolicy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index 0ccb16202c..f40ead0fc0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Merge AppLocker policies manually **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index 72378b52ca..9d03415f49 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Monitor app usage with AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md index 50e84edb7a..d669f7c890 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Optimize AppLocker performance **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how to optimize AppLocker policy enforcement. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index eb87d51320..1057121e64 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 10/13/2017 # Packaged apps and packaged app installer rules in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the AppLocker rule collection for packaged app installers and packaged apps. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index d0e2f069fe..90bf198903 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Plan for AppLocker policy management **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index de3556a475..9e6a10f475 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Refresh an AppLocker policy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to force an update for an AppLocker policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index b1187d6b13..5bfe8d38ed 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Requirements for deploying AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index edcc2be0d3..ded7e2d592 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Requirements to use AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index a0a509e1ae..a87df1bc69 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Run the Automatically Generate Rules wizard **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 068f4f5786..1854e961d1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Script rules in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the file formats and available default rules for the script rule collection. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md index 2fbfbf63aa..bde5f92033 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Security considerations for AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index 74fe7bc8ec..4daacad66d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Select the types of rules to create **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic lists resources you can use when selecting your application control policy rules by using AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index dd5cb6b46d..00511d0f23 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Test an AppLocker policy by using Test-AppLockerPolicy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index e1d63a2f9d..6306c10479 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Test and update an AppLocker policy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic discusses the steps required to test an AppLocker policy prior to deployment. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index d3666a1e1e..974a0000cc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Tools to use with AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the tools available to create and administer AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index 38e080a194..0cd67f03d8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understand AppLocker enforcement settings **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the AppLocker enforcement settings for rule collections. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 29a92cb366..fedd0c187e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -20,8 +20,8 @@ ms.date: 10/13/2017 # Understand AppLocker policy design decisions **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index 60372d5be9..eef85dda63 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understand AppLocker rules and enforcement setting inheritance in Group Policy **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index cf93b27a4b..5e0c80b55d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understand the AppLocker policy deployment process **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index 50811e33c0..f9cdae7831 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker allow and deny actions on rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the differences between allow and deny actions on AppLocker rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index aab40287b6..d2d2d98598 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker default rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index fb7afc79b9..cbb7806a6b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker rule behavior **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index f2788d4bfc..0392b51405 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker rule collections **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index f937e73090..ace4b89837 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker rule condition types **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the three types of AppLocker rule conditions. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index 08aeb4091d..9420c1f20f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding AppLocker rule exceptions **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the result of applying AppLocker rule exceptions to rule collections. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 3bb3ba52c4..b0e028c79d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding the file hash rule condition in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 0e59ec885b..95863340c0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding the path rule condition in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 52259c9248..73bd0d992a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Understanding the publisher rule condition in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 9c5076e4c6..adf5eb6279 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -21,8 +21,8 @@ ms.date: 09/21/2017 # Use a reference device to create and maintain AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 1f70ea7e87..828934ca43 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Use AppLocker and Software Restriction Policies in the same domain **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index 0f4a4872cf..58edb0059e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Use the AppLocker Windows PowerShell cmdlets **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index a3834e3625..78c04357c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Using Event Viewer with AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic lists AppLocker events and describes how to use Event Viewer with AppLocker. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index 3583e3fd1b..1dd5197ddd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Use Software Restriction Policies and AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index a3c525fbfa..2ddcbb332e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # What Is AppLocker? **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index a853be9f44..50fff5a7b2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Windows Installer rules in AppLocker **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic describes the file formats and available default rules for the Windows Installer rule collection. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index d3c403d633..2bde016bc2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Working with AppLocker policies **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index c899126846..1b92efcccf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -18,8 +18,8 @@ ms.date: 08/27/2018 # Working with AppLocker rules **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. diff --git a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md index abaa31c6ff..d7f2a132fb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Create your Windows Defender Application Control (WDAC) planning document **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This planning topic for the IT professional summarizes the information you need to research and include in your WDAC planning document. diff --git a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md index 6a6df72992..f29188cd79 100644 --- a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md +++ b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md @@ -20,8 +20,8 @@ ms.date: 09/21/2017 # Document your application control management processes **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This planning topic describes the Windows Defender Application Control (WDAC) policy maintenance information to record for your design document. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 44ff0aa926..e9719fd4e4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -18,8 +18,8 @@ ms.author: dansimp # Windows Defender Application Control design guide **Applies to** - - Windows 10 - - Windows Server +- Windows 10 +- Windows Server This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 07172573b3..ea7aa818f2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -293,8 +293,8 @@ Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true ``` ### Requirements for running HVCI in Hyper-V virtual machines - - The Hyper-V host must run at least Windows Server 2016 or Windows 10 version 1607. - - The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10. - - HVCI and [nested virtualization](https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time - - Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`. - - The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`. +- The Hyper-V host must run at least Windows Server 2016 or Windows 10 version 1607. +- The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10. +- HVCI and [nested virtualization](https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time +- Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`. +- The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`. diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index d9cd25a523..149ba35f1d 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -23,33 +23,33 @@ Microsoft is committed to optimizing the security of its products and services. The Security Target describes security functionality and assurance measures used to evaluate Windows. - - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf) - - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) - - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) - - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) - - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) - - [Windows 10 and Windows Server 2012 R2](http://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf) - - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) - - [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-st.pdf) - - [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-st.pdf) - - [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-st.pdf) - - [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-st.pdf) - - [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-st.pdf) - - [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf) - - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf) - - [Windows 7 and Windows Server 2008 R2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf) - - [Microsoft Windows Server 2008 R2 Hyper-V Role](http://www.microsoft.com/download/en/details.aspx?id=29305) - - [Windows Vista and Windows Server 2008 at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf) - - [Microsoft Windows Server 2008 Hyper-V Role](http://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf) - - [Windows Vista and Windows Server 2008 at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf) - - [Windows Server 2003 SP2 including R2, x64, and IA64; Windows XP Professional SP2 and x64 SP2; and Windows XP Embedded SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10184-st.pdf) - - [Windows Server 2003 Certificate Server](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-st.pdf) - - [Windows Rights Management Services (RMS) 1.0 SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-st.pdf) +- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf) +- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) +- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) +- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) +- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) +- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) +- [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) +- [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) +- [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) +- [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) +- [Windows 10 and Windows Server 2012 R2](http://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf) +- [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) +- [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-st.pdf) +- [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-st.pdf) +- [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-st.pdf) +- [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-st.pdf) +- [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-st.pdf) +- [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf) +- [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf) +- [Windows 7 and Windows Server 2008 R2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf) +- [Microsoft Windows Server 2008 R2 Hyper-V Role](http://www.microsoft.com/download/en/details.aspx?id=29305) +- [Windows Vista and Windows Server 2008 at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf) +- [Microsoft Windows Server 2008 Hyper-V Role](http://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf) +- [Windows Vista and Windows Server 2008 at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf) +- [Windows Server 2003 SP2 including R2, x64, and IA64; Windows XP Professional SP2 and x64 SP2; and Windows XP Embedded SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10184-st.pdf) +- [Windows Server 2003 Certificate Server](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-st.pdf) +- [Windows Rights Management Services (RMS) 1.0 SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-st.pdf) ## Common Criteria Deployment and Administration @@ -59,77 +59,77 @@ These documents describe how to configure Windows to replicate the configuration **Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2** - - - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf) - - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) - - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](https://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) - - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](https://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) - - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](https://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) - - [Windows 10 and Windows Server 2012 R2 Administrative Guide](https://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) - - [Windows 10 Common Criteria Operational Guidance](https://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) + +- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf) +- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) +- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) +- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) +- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) +- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) +- [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](https://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) +- [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) +- [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](https://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) +- [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](https://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) +- [Windows 10 and Windows Server 2012 R2 Administrative Guide](https://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) +- [Windows 10 Common Criteria Operational Guidance](https://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) **Windows 8.1 and Windows Phone 8.1** - - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) - - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](https://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) +- [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) +- [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](https://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) **Windows 8, Windows RT, and Windows Server 2012** - - [Windows 8 and Windows Server 2012](https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) - - [Windows 8 and Windows RT](https://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) - - [Windows 8 and Windows Server 2012 BitLocker](https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) - - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) +- [Windows 8 and Windows Server 2012](https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) +- [Windows 8 and Windows RT](https://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) +- [Windows 8 and Windows Server 2012 BitLocker](https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) +- [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) **Windows 7 and Windows Server 2008 R2** - - [Windows 7 and Windows Server 2008 R2 Supplemental CC Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00) - - [Windows Server 2008 R2 Hyper-V Common Criteria Configuration Guide](http://www.microsoft.com/download/en/details.aspx?id=29308) +- [Windows 7 and Windows Server 2008 R2 Supplemental CC Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00) +- [Windows Server 2008 R2 Hyper-V Common Criteria Configuration Guide](http://www.microsoft.com/download/en/details.aspx?id=29308) **Windows Vista and Windows Server 2008** - - [Windows Vista and Windows Server 2008 Supplemental CC Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567) - - [Windows Server 2008 Hyper-V Role Common Criteria Administrator Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=cb19538d-9e13-4ab6-af38-8f48abfdad08) +- [Windows Vista and Windows Server 2008 Supplemental CC Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567) +- [Windows Server 2008 Hyper-V Role Common Criteria Administrator Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=cb19538d-9e13-4ab6-af38-8f48abfdad08) **Windows Server 2003 SP2 including R2, x64, and Itanium** - - [Windows Server 2003 SP2 R2 Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=39598841-e693-4891-9234-cfd1550f3949) - - [Windows Server 2003 SP2 R2 Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=4f7b6a93-0307-480f-a5af-a20268cbd7cc) +- [Windows Server 2003 SP2 R2 Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=39598841-e693-4891-9234-cfd1550f3949) +- [Windows Server 2003 SP2 R2 Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=4f7b6a93-0307-480f-a5af-a20268cbd7cc) **Windows Server 2003 SP1(x86), x64, and IA64** - - [Windows Server 2003 with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=8a26829f-c177-4b79-913a-4135fb7b96ef) - - [Windows Server 2003 with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=3f9ecd0a-74dd-4d23-a4e5-d7b63fed70e8) +- [Windows Server 2003 with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=8a26829f-c177-4b79-913a-4135fb7b96ef) +- [Windows Server 2003 with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=3f9ecd0a-74dd-4d23-a4e5-d7b63fed70e8) **Windows Server 2003 SP1** - - [Windows Server 2003 Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=75736009-59e9-4a71-879e-cf581817b8cc) - - [Windows Server 2003 Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=a0ad1856-beb7-4285-b47c-381e8a210c38) +- [Windows Server 2003 Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=75736009-59e9-4a71-879e-cf581817b8cc) +- [Windows Server 2003 Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=a0ad1856-beb7-4285-b47c-381e8a210c38) **Windows XP Professional SP2 (x86) and x64 Edition** - - [Windows XP Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=9a7f0b16-72ce-4675-aec8-58785c4e37ee) - - [Windows XP Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=165da57d-f066-4ddf-9462-cbecfcd68694) - - [Windows XP Common Criteria User Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=7c1a4761-9b9e-429c-84eb-cd7b034c5779) - - [Windows XP Professional with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=346f041e-d641-4af7-bdea-c5a3246d0431) - - [Windows XP Professional with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=a7075319-cc3d-4420-a00b-8c9a7068ad54) - - [Windows XP Professional with x64 Hardware User’s Guide](http://www.microsoft.com/downloads/details.aspx?familyid=26c49cf5-6159-4197-97ce-bf1fdfc54569) +- [Windows XP Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=9a7f0b16-72ce-4675-aec8-58785c4e37ee) +- [Windows XP Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=165da57d-f066-4ddf-9462-cbecfcd68694) +- [Windows XP Common Criteria User Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=7c1a4761-9b9e-429c-84eb-cd7b034c5779) +- [Windows XP Professional with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=346f041e-d641-4af7-bdea-c5a3246d0431) +- [Windows XP Professional with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=a7075319-cc3d-4420-a00b-8c9a7068ad54) +- [Windows XP Professional with x64 Hardware User’s Guide](http://www.microsoft.com/downloads/details.aspx?familyid=26c49cf5-6159-4197-97ce-bf1fdfc54569) **Windows XP Professional SP2, and XP Embedded SP2** - - [Windows XP Professional Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9bcac470-a0b3-4d34-a561-fa8308c0ff60) - - [Windows XP Professional Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9f04915e-571a-422d-8ffa-5797051e81de) - - [Windows XP Professional User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=d39d0028-7093-495c-80da-2b5b29a54bd8) +- [Windows XP Professional Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9bcac470-a0b3-4d34-a561-fa8308c0ff60) +- [Windows XP Professional Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9f04915e-571a-422d-8ffa-5797051e81de) +- [Windows XP Professional User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=d39d0028-7093-495c-80da-2b5b29a54bd8) **Windows Server 2003 Certificate Server** - - [Windows Server 2003 Certificate Server Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=445093d8-45e2-4cf6-884c-8802c1e6cb2d) - - [Windows Server 2003 Certificate Server Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=46abc8b5-11be-4e3d-85c2-63226c3688d2) - - [Windows Server 2003 Certificate Server User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=74f66d84-2654-48d0-b9b5-b383d383425e) +- [Windows Server 2003 Certificate Server Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=445093d8-45e2-4cf6-884c-8802c1e6cb2d) +- [Windows Server 2003 Certificate Server Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=46abc8b5-11be-4e3d-85c2-63226c3688d2) +- [Windows Server 2003 Certificate Server User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=74f66d84-2654-48d0-b9b5-b383d383425e) ## Common Criteria Evaluation Technical Reports and Certification / Validation Reports @@ -137,41 +137,40 @@ These documents describe how to configure Windows to replicate the configuration An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team. - - [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf) - - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) - - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) - - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) - - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10694-vr.pdf) - - [Windows 10 and Windows Server 2012 R2](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf) - - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-vr.pdf) - - [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-vr.pdf) - - [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-vr.pdf) - - [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-vr.pdf) - - [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-vr.pdf) - - [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-vr.pdf) - - [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-vr.pdf) - - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-vr.pdf) - - [Windows 7 and Windows Server 2008 R2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-vr.pdf) - - [Windows Vista and Windows Server 2008 Validation Report at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-vr.pdf) - - [Windows Server 2008 Hyper-V Role Certification Report](http://www.commoncriteriaportal.org/files/epfiles/0570a_pdf.pdf) - - [Windows Vista and Windows Server 2008 Certification Report at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_cr_v1.0.pdf) - - [Windows XP / Windows Server 2003 with x64 Hardware ETR](http://www.microsoft.com/downloads/details.aspx?familyid=6e8d98f9-25b9-4c85-9bd9-24d91ea3c9ef) - - [Windows XP / Windows Server 2003 with x64 Hardware ETR, Part II](http://www.microsoft.com/downloads/details.aspx?familyid=0c35e7d8-9c56-4686-b902-d5ffb9915658) - - [Windows Server 2003 SP2 including R2, Standard, Enterprise, Datacenter, x64, and Itanium Editions Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) - - [Windows XP Professional SP2 and x64 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) - - [Windows XP Embedded SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) - - [Windows XP and Windows Server 2003 ETR](http://www.microsoft.com/downloads/details.aspx?familyid=63cf2a1e-f578-4bb5-9245-d411f0f64265) - - [Windows XP and Windows Server 2003 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9506-vr.pdf) - - [Windows Server 2003 Certificate Server ETR](http://www.microsoft.com/downloads/details.aspx?familyid=a594e77f-dcbb-4787-9d68-e4689e60a314) - - [Windows Server 2003 Certificate Server Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-vr.pdf) - - [Microsoft Windows Rights Management Services (RMS) 1.0 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-vr.pdf) +- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf) +- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) +- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) +- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) +- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) +- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) +- [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) +- [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) +- [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) +- [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10694-vr.pdf) +- [Windows 10 and Windows Server 2012 R2](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf) +- [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-vr.pdf) +- [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-vr.pdf) +- [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-vr.pdf) +- [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-vr.pdf) +- [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-vr.pdf) +- [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-vr.pdf) +- [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-vr.pdf) +- [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-vr.pdf) +- [Windows 7 and Windows Server 2008 R2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-vr.pdf) +- [Windows Vista and Windows Server 2008 Validation Report at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-vr.pdf) +- [Windows Server 2008 Hyper-V Role Certification Report](http://www.commoncriteriaportal.org/files/epfiles/0570a_pdf.pdf) +- [Windows Vista and Windows Server 2008 Certification Report at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_cr_v1.0.pdf) +- [Windows XP / Windows Server 2003 with x64 Hardware ETR](http://www.microsoft.com/downloads/details.aspx?familyid=6e8d98f9-25b9-4c85-9bd9-24d91ea3c9ef) +- [Windows XP / Windows Server 2003 with x64 Hardware ETR, Part II](http://www.microsoft.com/downloads/details.aspx?familyid=0c35e7d8-9c56-4686-b902-d5ffb9915658) +- [Windows Server 2003 SP2 including R2, Standard, Enterprise, Datacenter, x64, and Itanium Editions Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) +- [Windows XP Professional SP2 and x64 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) +- [Windows XP Embedded SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) +- [Windows XP and Windows Server 2003 ETR](http://www.microsoft.com/downloads/details.aspx?familyid=63cf2a1e-f578-4bb5-9245-d411f0f64265) +- [Windows XP and Windows Server 2003 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9506-vr.pdf) +- [Windows Server 2003 Certificate Server ETR](http://www.microsoft.com/downloads/details.aspx?familyid=a594e77f-dcbb-4787-9d68-e4689e60a314) +- [Windows Server 2003 Certificate Server Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-vr.pdf) +- [Microsoft Windows Rights Management Services (RMS) 1.0 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-vr.pdf) ## Other Common Criteria Related Documents - - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) - +- [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 1db0749694..4c6f69c1a2 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -24,10 +24,10 @@ This article lists new and updated features and content that are of interest to >Features in Windows 10 Enterprise 2019 LTSC are equivalent to Windows 10, version 1809. Windows 10 Enterprise LTSC 2019 builds on Windows 10 Pro, version 1809 adding premium features designed to address the needs of large and mid-size organizations (including large academic institutions), such as: - - Advanced protection against modern security threats - - Full flexibility of OS deployment - - Updating and support options - - Comprehensive device and app management and control capabilities +- Advanced protection against modern security threats +- Full flexibility of OS deployment +- Updating and support options +- Comprehensive device and app management and control capabilities The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC users because it includes the cumulative enhancements provided in Windows 10 versions 1703, 1709, 1803, and 1809. Details about these enhancements are provided below. @@ -108,12 +108,12 @@ Endpoint detection and response is improved. Enterprise customers can now take a - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. Additional capabilities have been added to help you gain a holistic view on **investigations** include: - - [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. - - [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) - - [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) - - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. - - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. - - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP. +- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics) - Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. +- [Query data using Advanced hunting in Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) +- [Use Automated investigations to investigate and remediate threats](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) +- [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. +- [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. +- [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Windows Defender ATP. Other enhanced security features include: - [Check sensor health state](/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. From 4321583a9c828b8007c024277d90191ec6d46b02 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 12 Aug 2019 19:11:21 -0400 Subject: [PATCH 333/395] fix: MD005/list-indent Inconsistent indentation for list items at the same level --- windows/deployment/update/waas-wu-settings.md | 84 +++++++++---------- ...-basic-audit-policy-on-a-file-or-folder.md | 2 +- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 2b0e2f7f98..2b84969903 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -9,7 +9,7 @@ author: jaimeo ms.localizationpriority: medium ms.audience: itpro author: jaimeo -ms.reviewer: +ms.reviewer: manager: laurawi ms.topic: article --- @@ -22,7 +22,7 @@ ms.topic: article - Windows 10 -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more. @@ -31,7 +31,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure ## Summary of Windows Update settings -| Group Policy setting | MDM setting | Supported from version | +| Group Policy setting | MDM setting | Supported from version | | --- | --- | --- | | [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) | [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | All | | [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) | [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | 1703 | @@ -62,9 +62,9 @@ For additional settings that configure when Feature and Quality updates are rece ### Specify Intranet Microsoft update service location Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. -This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. +This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. -To use this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify Intranet Microsoft update service location**. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service. +To use this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify Intranet Microsoft update service location**. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service. If the setting is set to **Enabled**, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them. If the setting is set to **Disabled** or **Not Configured**, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet. @@ -125,7 +125,7 @@ If the intranet Microsoft update service supports multiple target groups, this p ### Allow signed updates from an intranet Microsoft update service location -This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. To configure this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows update\Allow signed updates from an intranet Microsoft update service location**. @@ -148,7 +148,7 @@ To add more flexibility to the update process, settings are available to control Allows admins to exclude Windows Update (WU) drivers during updates. -To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**. +To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**. Enable this policy to not include drivers with Windows quality updates. If you disable or do not configure this policy, Windows Update will include updates that have a Driver classification. @@ -192,48 +192,48 @@ To do this, follow these steps: 3. Add one of the following registry values to configure Automatic Update. * NoAutoUpdate (REG_DWORD): - + * **0**: Automatic Updates is enabled (default). - + * **1**: Automatic Updates is disabled. - + * AUOptions (REG_DWORD): - + * **1**: Keep my computer up to date is disabled in Automatic Updates. - + * **2**: Notify of download and installation. - + * **3**: Automatically download and notify of installation. - + * **4**: Automatically download and scheduled installation. - * ScheduledInstallDay (REG_DWORD): - - * **0**: Every day. - - * **1** through **7**: The days of the week from Sunday (1) to Saturday (7). - - * ScheduledInstallTime (REG_DWORD): - - **n**, where **n** equals the time of day in a 24-hour format (0-23). - - * UseWUServer (REG_DWORD) - - Set this value to **1** to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update. - - * RescheduleWaitTime (REG_DWORD) - - **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes) - - > [!NOTE] - > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions. - - * NoAutoRebootWithLoggedOnUsers (REG_DWORD): - - **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on. - - > [!NOTE] - > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + * ScheduledInstallDay (REG_DWORD): + + * **0**: Every day. + + * **1** through **7**: The days of the week from Sunday (1) to Saturday (7). + + * ScheduledInstallTime (REG_DWORD): + + **n**, where **n** equals the time of day in a 24-hour format (0-23). + + * UseWUServer (REG_DWORD) + + Set this value to **1** to configure Automatic Updates to use a server that is running Software Update Services instead of Windows Update. + + * RescheduleWaitTime (REG_DWORD) + + **m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes) + + > [!NOTE] + > This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions. + + * NoAutoRebootWithLoggedOnUsers (REG_DWORD): + + **0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on. + + > [!NOTE] + > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance. @@ -256,7 +256,7 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ - [Update Windows 10 in the enterprise](index.md) - [Overview of Windows as a service](waas-overview.md) -- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) +- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) - [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) - [Configure BranchCache for Windows 10 updates](waas-branchcache.md) - [Configure Windows Update for Business](waas-configure-wufb.md) diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index d72c39898d..f623632235 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -49,7 +49,7 @@ To complete this procedure, you must be logged on as a member of the built-in Ad - **This folder and files** - **Subfolders and files only** - **Subfolders only** - - **Files only** + - **Files only** 7. By default, the selected **Basic Permissions** to audit are the following: - **Read and execute** From 29e7f6d63324b05bd96758f896b20527fc4e7ff4 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 12 Aug 2019 19:12:38 -0400 Subject: [PATCH 334/395] fix: MD006/ul-start-left Consider starting bulleted lists at the beginning of the line --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index af50e5b96b..f4e4106726 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1730,7 +1730,7 @@ If you're running Windows 10, version 1607 or later, you need to: > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. --AND- + \-AND- - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips** to **Enabled** @@ -1740,7 +1740,7 @@ If you're running Windows 10, version 1607 or later, you need to: - Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)** --AND- + \-AND- - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences** to **Enabled** From 503a73635027547d8f9f0e76c58971f10523454a Mon Sep 17 00:00:00 2001 From: vskab Date: Tue, 13 Aug 2019 09:37:13 +0300 Subject: [PATCH 335/395] instruct to use absolute path to python --- .../microsoft-defender-atp-mac-install-manually.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 73f3bdc5e1..872f7f0588 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -151,7 +151,7 @@ realTimeProtectionEnabled : true 2. Install the configuration file on a client machine: ```bash - python WindowsDefenderATPOnboarding.py + /usr/bin/python WindowsDefenderATPOnboarding.py Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) ``` From 7fa8350a6ffde8ad8cac220b52251ccdba823b35 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 13 Aug 2019 08:28:07 -0700 Subject: [PATCH 336/395] Removed reference to secure score page --- .../microsoft-defender-atp/configuration-score.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md index 11998ea410..f6f11da946 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md @@ -22,7 +22,7 @@ ms.date: 04/11/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!NOTE] -> Secure score is now part of Threat & Vulnerability Management as Configuration score. The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page. +> Secure score is now part of Threat & Vulnerability Management as Configuration score. The secure score page will be available for a few weeks. The Microsoft Defender Advanced Threat Protection Configuration score gives you visibility and control over the security posture of your organization based on security best practices. High configuration score means your endpoints are more resilient from cybersecurity threat attacks. From 210ee05777593417c93affa0024fbcdf0a3e87ce Mon Sep 17 00:00:00 2001 From: Matthew Palko Date: Tue, 13 Aug 2019 08:58:34 -0700 Subject: [PATCH 337/395] updating table of contents --- windows/security/identity-protection/hello-for-business/toc.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md index c286b36226..fece037015 100644 --- a/windows/security/identity-protection/hello-for-business/toc.md +++ b/windows/security/identity-protection/hello-for-business/toc.md @@ -53,7 +53,6 @@ #### [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md) #### [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md) #### [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) -##### [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md) #### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) ## [Windows Hello and password changes](hello-and-password-changes.md) From 1b67afcf69330767602b51c9b7bf226119d2a0ab Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 13 Aug 2019 09:48:25 -0700 Subject: [PATCH 338/395] Update deploy-the-latest-firmware-and-drivers-for-surface-devices.md --- ...irmware-and-drivers-for-surface-devices.md | 38 +++++++++++++------ 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index 76e1c293cc..78eb4bd170 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -1,5 +1,5 @@ --- -title: Download the latest firmware and drivers for Surface devices (Surface) +title: Deploy the latest firmware and drivers for Surface devices (Surface) description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A ms.reviewer: @@ -11,27 +11,43 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: dansimp -ms.date: 11/15/2018 +ms.date: 08/13/2018 ms.author: dansimp ms.topic: article --- -# Deploying the latest firmware and drivers for Surface devices +# Deploy the latest firmware and drivers for Surface devices Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. -## Downloading MSI files +## Download MSI files To download MSI files, refer to the following Microsoft Support page: - [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices. ## Deploying MSI files -Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10. -In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6. +Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10. +The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book. + +To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information). ### Surface MSI naming convention -Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows: +Beginning in August 2019, MSI files use the following naming formula: + +- Product > Windows release > Windows build number > Version number > Revision of version number (typically zero). + +**Example:** +SurfacePro6_Win10_18362_19.073.44195_0.msi : + +| Product | Windows release | Build | Version | Revision of version | +| --- | --- | --- | --- | --- | +| SurfacePro6 | Win10 | 18362 | 19.073.44195 | 0 | +| | | | Indicates key date and sequence information. | Indicates release history of the update. | +| | | | **19:** Signifies the year (2019).
**073**: Signifies the month (July) and week of the release (3).
**44195**: Signifies the minute of the month that the MSI file was created. |**0:** Signifies it's the first release of version 1907344195 and has not been re-released for any reason. | + +### Legacy Surface MSI naming convention +Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number. **Example:** SurfacePro6_Win10_16299_1900307_0.msi : @@ -39,8 +55,8 @@ SurfacePro6_Win10_16299_1900307_0.msi : | Product | Windows release | Build | Version | Revision of version | | --- | --- | --- | --- | --- | | SurfacePro6 | Win10 | 16299 | 1900307 | 0 | -| | | | Indicates key date and sequence information | Indicates release history of the MSI file | -| | | | **19:** Signifies the year (2019)
**003**: Signifies that it’s the third release of 2019
**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. | +| | | | Indicates key date and sequence information. | Indicates release history of the MSI file. | +| | | | **19:** Signifies the year (2019)
**003**: Signifies that it’s the third release of 2019.
**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. | Look to the **version** number to determine the latest files that contain the most recent security updates. For example, you might need to install the newest file from the following list: @@ -60,9 +76,9 @@ There are no downloadable firmware or driver updates available for Surface devic For more information about deploying Surface drivers and firmware, refer to: -- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). +- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) -- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business). +- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)   From d1c417e6080262b5dc0e1e241920a93670a27504 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:03:52 -0700 Subject: [PATCH 339/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ecurity-settings-with-tamper-protection.md | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index dad9f48e05..fa057e0d10 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -42,7 +42,7 @@ With Tamper Protection, malicious apps are prevented from taking actions like th - Editing or removing security settings through group policies - and so on. -Tamper Protection doesn't prevent you from viewing your security settings, or your security team from viewing or changing settings for your organization. In addition, Tamper Protection doesn't affect how third-party antivirus apps register with the Windows Security app. Note that if your organization is using Windows 10 Enterprise E5, individual users can't change the Tamper Protection setting; this is managed by your security team. +Tamper Protection doesn't prevent you from viewing your security settings. And, Tamper Protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the Tamper Protection setting; this is managed by your security team. ### What do you want to do? @@ -76,10 +76,10 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 1. Make sure your organization meets the following requirements: - - Your organization must have Microsoft 365 E5, which includes Microsoft Defender Advanced Threat Protection. (See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.) - - Your organization's devices must be managed by Intune. + - Your organization must have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.) + - Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities). - Your Windows machines must be running Windows OS 1903 or later. - - Your machines must be using antimalware platform version 4.18.1906.3 (or above) and antimalware engine version 15500.X (or above) + - Your machines must be using antimalware platform version 4.18.1906.3 (or above) and antimalware engine version 1.1.15500.X (or above) - You must be using Windows Security and update security intelligence to version 1.287.60.0 (or above) 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. @@ -94,7 +94,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 5. Assign the profile to one or more groups. -### Frequently asked questions about configuring Tamper Protection in Intune (Microsoft 365 E5) +### Frequently asked questions #### To which Windows OS versions is configuring Tamper Protection is applicable? @@ -104,13 +104,13 @@ Windows 1903 May release No -#### Will configuring Tamper Protection in Intune have any impact on third party AV registration? +#### Will Tamper Protection have any impact on third party antivirus registration? -Third-party antivirus must be registered with the Windows Security Application. +No, third-party antivirus will continue to register with the Windows Security application. #### What happens if Microsoft Defender is not active on a device? -Configuring Tamper Protection in Intune will not have any impact on such devices. +Tamper Protection will not have any impact on such devices. #### How can I turn Tamper Protection on/off? @@ -137,7 +137,7 @@ Currently, configuring Tamper Protection in Intune is only available for custome #### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? -You won’t be able to turn the feature on; those change requests are ignored. +You won’t be able to change the features that are protected by Tamper Protection; those change requests are ignored. #### I’m an enterprise customer. Can local admins change Tamper Protection on their devices? @@ -154,3 +154,7 @@ Yes. The alert is shown in [https://microsoft.securitycenter.com](https://micros In addition, your security operations team can use hunting queries, such as the following: `AlertEvents | where Title == "Tamper Protection bypass"` + +## Related articles + +[Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) From fa608c5b333a88220eed6f424e99f6872640a066 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:29:07 -0700 Subject: [PATCH 340/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...-security-settings-with-tamper-protection.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index fa057e0d10..5c6baa68ea 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -78,9 +78,10 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- - Your organization must have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.) - Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities). - - Your Windows machines must be running Windows OS 1903 or later. - - Your machines must be using antimalware platform version 4.18.1906.3 (or above) and antimalware engine version 1.1.15500.X (or above) - - You must be using Windows Security and update security intelligence to version 1.287.60.0 (or above) + - Your Windows machines must be running [Windows OS 1903](https://docs.microsoft.com/windows/release-information/status-windows-10-1903) or later. + - You must be using Windows security and update [security intelligence](https://www.microsoft.com/wdsi/definitions) to version 1.287.60.0 (or above) + - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above) + 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. @@ -88,9 +89,9 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 4. Create a profile that includes the following settings: - - Platform: Windows 10 and later - - ProfileType: Endpoint protection - - Settings > Windows Defender Security Center > Tamper Protection + - **Platform**: Windows 10 and later + - **ProfileType**: Endpoint protection + - **Settings** > Windows Defender Security Center > Tamper Protection 5. Assign the profile to one or more groups. @@ -157,4 +158,8 @@ In addition, your security operations team can use hunting queries, such as the ## Related articles +[Windows 10 Enterprise Security](https://docs.microsoft.com/windows/security/index) + [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) + +[Microsoft 365 Enterprise overview (at a glance)](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview#at-a-glance) From cea0bde34dcd6df76a4b06b7b8189766bea89680 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:30:36 -0700 Subject: [PATCH 341/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ecurity-settings-with-tamper-protection.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 5c6baa68ea..3a746057d9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -95,60 +95,60 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- 5. Assign the profile to one or more groups. -### Frequently asked questions +## Frequently asked questions -#### To which Windows OS versions is configuring Tamper Protection is applicable? +### To which Windows OS versions is configuring Tamper Protection is applicable? Windows 1903 May release -#### Is configuring Tamper Protection in Intune supported on servers? +### Is configuring Tamper Protection in Intune supported on servers? No -#### Will Tamper Protection have any impact on third party antivirus registration? +### Will Tamper Protection have any impact on third party antivirus registration? No, third-party antivirus will continue to register with the Windows Security application. -#### What happens if Microsoft Defender is not active on a device? +### What happens if Microsoft Defender is not active on a device? Tamper Protection will not have any impact on such devices. -#### How can I turn Tamper Protection on/off? +### How can I turn Tamper Protection on/off? If you are home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). If you are an organization using Microsoft Defender Advanced Threat Protection E5, you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization with Intune](#turn-tamper-protection-on-or-off-for-your-organization-with-intune). -#### How does configuring Tamper Protection in Intune affect how i manage Windows Defender through my group policy? +### How does configuring Tamper Protection in Intune affect how i manage Windows Defender through my group policy? Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender settings will be ignored when Tamper Protection is on. -#### For MDATP E5, is configuring Tamper Protection in Intune targeted to the entire organization only? +### For MDATP E5, is configuring Tamper Protection in Intune targeted to the entire organization only? Configuring Tamper Protection in Intune can be targeted to your entire organization as well as to devices and user groups with Intune. -#### Can I configure Tamper Protection in System Center Configuration Manager? +### Can I configure Tamper Protection in System Center Configuration Manager? Currently we do not have support to manage Tamper Protection through System Center Configuration Manager. -#### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? +### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? Currently, configuring Tamper Protection in Intune is only available for customers who have Microosft Defender Advanced Threat Protection E5. -#### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? +### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? You won’t be able to change the features that are protected by Tamper Protection; those change requests are ignored. -#### I’m an enterprise customer. Can local admins change Tamper Protection on their devices? +### I’m an enterprise customer. Can local admins change Tamper Protection on their devices? No. Local admins cannot change or modify Tamper Protection settings. -#### What happens if my device is onboarded with Microsoft Defender Advanced Threat Protection and then goes into an off-boarded state? +### What happens if my device is onboarded with Microsoft Defender Advanced Threat Protection and then goes into an off-boarded state? In this case, Tamper Protection status changes, and this feature is no longer applied. -#### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Advanced Threat Protection portal? +### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Advanced Threat Protection portal? Yes. The alert is shown in [https://microsoft.securitycenter.com](https://microsoft.securitycenter.com) under **Alerts**. From 73d485f29380d63947aadea0fc117851713db5fc Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:32:08 -0700 Subject: [PATCH 342/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 3a746057d9..f5d22e64fe 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -46,9 +46,9 @@ Tamper Protection doesn't prevent you from viewing your security settings. And, ### What do you want to do? -- [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine) +[Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine) -- [Turn Tamper Protection on (or off) for your organization with Intune (Preview)](#turn-tamper-protection-on-or-off-for-your-organization-with-intune) +[Turn Tamper Protection on (or off) for your organization with Intune (Preview)](#turn-tamper-protection-on-or-off-for-your-organization-with-intune) ## Turn Tamper Protection on (or off) for an individual machine From 38d426920b2f4124b79074f22cce1a3875c554dc Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:34:47 -0700 Subject: [PATCH 343/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index f5d22e64fe..7f0888c9f7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -124,7 +124,7 @@ If you are an organization using Microsoft Defender Advanced Threat Protection E Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender settings will be ignored when Tamper Protection is on. -### For MDATP E5, is configuring Tamper Protection in Intune targeted to the entire organization only? +### For Microsoft Defender Advanced Threat Protection E5, is configuring Tamper Protection in Intune targeted to the entire organization only? Configuring Tamper Protection in Intune can be targeted to your entire organization as well as to devices and user groups with Intune. @@ -134,7 +134,7 @@ Currently we do not have support to manage Tamper Protection through System Cent ### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? -Currently, configuring Tamper Protection in Intune is only available for customers who have Microosft Defender Advanced Threat Protection E5. +Currently, configuring Tamper Protection in Intune is only available for customers who have Microsoft Defender Advanced Threat Protection E5. ### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? From 772b51534a9e93fb312826b24ff6ca534fc53891 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Tue, 13 Aug 2019 11:51:14 -0700 Subject: [PATCH 344/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 7f0888c9f7..ae2c287e14 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -63,7 +63,7 @@ If you are a home user, or you are not subject to settings managed by a security > [!NOTE] > Tamper Protection blocks attempts to modify Windows Defender Antivirus settings through the registry. > -> To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. +> To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. (See [Security intelligence updates](https://www.microsoft.com/wdsi/definitions).) > > Once you’ve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. From 231283aecf192e18af53ac889f7593d774aa0f32 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 13 Aug 2019 12:34:49 -0700 Subject: [PATCH 345/395] Update change-history-for-surface.md updated change history --- devices/surface/change-history-for-surface.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 14eea5c91d..992080cdb0 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -15,6 +15,12 @@ ms.topic: article This topic lists new and updated topics in the Surface documentation library. +## August 2019 + +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | + ## July 2019 | **New or changed topic** | **Description** | From 99915c3b3ba29f317befcf680ac95f17d4eb8e32 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 13 Aug 2019 12:37:13 -0700 Subject: [PATCH 346/395] Update TOC.md updated for title consistency and placement of SEMM files --- devices/surface/TOC.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index e74076b642..d467d86338 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -35,10 +35,10 @@ ### [Surface Brightness Control](microsoft-surface-brightness-control.md) ### [Surface Asset Tag](assettag.md) ### [Surface firmware and driver updates](update.md) -### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) ### [Surface Dock Updater](surface-dock-updater.md) -### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) + ## Secure ### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) @@ -46,6 +46,7 @@ ### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) +### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) ## Support ### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) From d4be3472e68f700bd645cd26619ed760de54715f Mon Sep 17 00:00:00 2001 From: Lauren Moynihan Date: Tue, 13 Aug 2019 12:45:56 -0700 Subject: [PATCH 347/395] Update index.md --- education/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/index.md b/education/index.md index f07f216119..8dfa606f42 100644 --- a/education/index.md +++ b/education/index.md @@ -56,7 +56,7 @@ ms.prod: w10

Deployment Guidance

-

Dive right into the step-by-step process for the easiest deployment path to M365 EDU. We walk you through setting up cloud infrastructure, configuring and managing devices, and migrating on-premise servers for Sharepoint and Exchange to the cloud.

+

Learn the easiest path to deploy Microsoft 365 Education through our step-by-step process. We walk you through cloud deployment, device management,apps set up and configuration, and how to find deployment assistance.

From 44048c726cfcba58f9d7f3e5534adf2e5cf4f825 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Tue, 13 Aug 2019 18:43:45 -0700 Subject: [PATCH 348/395] CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) --- .../resolved-issues-windows-10-1507.yml | 8 ++----- .../resolved-issues-windows-10-1607.yml | 21 +++++++++++++------ .../resolved-issues-windows-10-1703.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1709.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1803.yml | 19 +++++++++++------ ...indows-10-1809-and-windows-server-2019.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1903.yml | 4 ++-- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 10 +++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- ...esolved-issues-windows-server-2008-sp2.yml | 6 ++---- .../resolved-issues-windows-server-2012.yml | 6 ++---- .../status-windows-10-1507.yml | 4 ++-- ...indows-10-1607-and-windows-server-2016.yml | 14 ++++++------- .../status-windows-10-1703.yml | 10 ++++----- .../status-windows-10-1709.yml | 10 ++++----- .../status-windows-10-1803.yml | 10 ++++----- ...indows-10-1809-and-windows-server-2019.yml | 10 ++++----- .../status-windows-10-1903.yml | 20 +++++++----------- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 12 +++++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../windows-message-center.yml | 5 +++++ 23 files changed, 142 insertions(+), 108 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index ab7065d60a..798d3fa659 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,17 +32,15 @@ sections: - type: markdown text: " - + - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved
KB4507458		July 09, 2019
10:00 AM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Resolved
KB4505051		May 19, 2019
02:00 PM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		February 12, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Error 1309 when installing/uninstalling MSI or MSP files
Users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4491101		February 21, 2019
02:00 PM PT
First character of Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 10240.18158

March 12, 2019
KB4489872		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
" @@ -59,7 +57,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -108,8 +106,6 @@ sections: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Unable to access hotspots with third-party applications
After installing KB4480962, third-party applications may have difficulty authenticating hotspots.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4487018.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493475.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487018.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 2c0de867c7..e8b0598941 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -52,10 +54,8 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Resolved
KB4507460		July 09, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4487006		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 14393.2759

January 17, 2019
KB4480977		Resolved
KB4487006		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 14393.2848

March 12, 2019
KB4489882		Resolved
KB4493473		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4487026		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4487006		February 19, 2019
02:00 PM PT
Issue hosting multiple terminal server sessions and a user logs off on Windows Server
In some cases, Windows Server will stop working and restart when hosting multiple terminal server sessions and a user logs off.

See details >		OS Build 14393.2828

February 19, 2019
KB4487006		Resolved
KB4489882		March 12, 2019
10:00 AM PT
Instant search in Microsoft Outlook fails on Windows Server 2016
Instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\" on Windows Server 2016.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4487026		February 12, 2019
10:00 AM PT
" @@ -71,7 +71,18 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4512517.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 26, 2019
04:58 PM PT
" @@ -140,7 +151,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493470.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4493470Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493470.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4493470Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480977, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487006.

Back to topOS Build 14393.2759

January 17, 2019
KB4480977Resolved
KB4487006Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 17, 2019
02:00 PM PT -
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487026.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4487026Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " @@ -150,6 +160,5 @@ sections: text: " -
DetailsOriginating updateStatusHistory
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host after installing KB4467684.

Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
November 27, 2018
10:00 AM PT
Instant search in Microsoft Outlook fails on Windows Server 2016
After installing KB4467684 on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\".

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Resolution: This issue is resolved in KB4487026.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4487026		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 27, 2018
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 3401b26fdf..0786837bf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 15063.1839

May 28, 2019
KB4499162		Resolved
KB4509476		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved
KB4503289		June 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4487011		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 15063.1596

January 15, 2019
KB4480959		Resolved
KB4487011		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 15063.1689

March 12, 2019
KB4489871		Resolved
KB4493436		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4487011		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
" @@ -64,7 +63,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -119,7 +128,5 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 may cause applications to stop responding
After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493474.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4493474		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487011.

Back to top		OS Build 15063.1596

January 15, 2019
KB4480959		Resolved
KB4487011		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487020.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480973, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address.
  • Cannot load web pages on the Internet using a VPN connection.
Browsing fails or the web page may become unresponsive.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index d2b59916e7..36039dceaa 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved
KB4503281		June 18, 2019
02:00 PM PT
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4503284		June 11, 2019
10:00 AM PT
Error 1309 when installing/uninstalling MSI or MSP files
Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4489886		March 12, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4487021		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 16299.936

January 15, 2019
KB4480967		Resolved
KB4487021		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4487021		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		February 12, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493441		April 09, 2019
10:00 AM PT
" @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -129,7 +138,5 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 causes applications to stop responding if an exception was thrown
After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493441.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487021.

Back to top		OS Build 16299.936

January 15, 2019
KB4480967		Resolved
KB4487021		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format.”

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4486996.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480978, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 24ad1254f2..c94998225d 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4509478		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved
KB4503288		June 18, 2019
02:00 PM PT
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4503286		June 11, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 17134.590

February 12, 2019
KB4487017		Resolved
KB4487029		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493437		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		February 12, 2019
10:00 AM PT
Cannot pin a web link on the Start menu or the taskbar
Some users cannot pin a web link on the Start menu or the taskbar.

See details >		OS Build 17134.471

December 11, 2018
KB4471324		Resolved
KB4487029		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		February 12, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493464		April 09, 2019
10:00 AM PT
" @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -128,8 +137,6 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 may cause applications to stop responding
After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493464

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4493464		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized
After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487029

Back to top		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487017.

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480966, some Microsoft Edge users report that they: 
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4487017

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index f2dc569ffb..2dd93de94b 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -55,13 +56,11 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.

See details >		OS Build 17763.503

May 14, 2019
KB4494441		Resolved
KB4501371		June 18, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved
KB4501371		June 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 9 file format may randomly stop working.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		February 12, 2019
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Global DNS outage affects Windows Update customers
Windows Update customers were recently affected by a network infrastructure event caused by an external DNS service provider's global outage.

See details >		N/A

Resolved
March 08, 2019
11:15 AM PT
Apps may stop working after selecting an audio output device other than the default
Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.

See details >		OS Build 17763.348

March 01, 2019
KB4482887		Resolved
KB4490481		April 02, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4487044		February 12, 2019
10:00 AM PT
" @@ -77,7 +76,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -149,7 +158,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
  • Cache size and location show zero or empty. 
  • Keyboard shortcuts may not work properly. 
  • Webpages may intermittently fail to load or render correctly. 
  • Issues with credential prompts. 
  • Issues when downloading files. 
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493509

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4493509Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
 
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493509

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4493509Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Global DNS outage affects Windows Update customers
Windows Update customers were affected by a network infrastructure event on January 29, 2019 (21:00 UTC), caused by an external DNS service provider's global outage. A software update to the external provider's DNS servers resulted in the distribution of corrupted DNS records that affected connectivity to the Windows Update service. The DNS records were restored by January 30, 2019 (00:10 UTC), and the majority of local Internet Service Providers (ISP) have refreshed their DNS servers and customer services have been restored. 
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
While this was not an issue with Microsoft's services, we take any service disruption for our customers seriously. We will work with partners to better understand this so we can provide higher quality service in the future even across diverse global network providers. 
 
If you are still unable to connect to Windows Update services due to this problem, please contact your local ISP or network administrator. You can also refer to our new KB4493784 for more information to determine if your network is affected, and to provide your local ISP or network administrator with additional information to assist you. 

Back to topN/A

Resolved
Resolved:
March 08, 2019
11:15 AM PT

Opened:
January 29, 2019
02:00 PM PT -
Webpages become unresponsive in Microsoft Edge
After installing KB4480116, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.
Browsing fails or the web page may become unresponsive.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4487020

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4487044Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " @@ -159,7 +167,6 @@ sections: text: " - diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index ad7c9065b6..46128ad713 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

Resolution: Microsoft has removed the safeguard hold.



Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
May 21, 2019
07:42 AM PT

Opened:
November 13, 2018
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
 
Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
 
Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4487044, and the block was removed.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
 
Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
 
To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
 
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
- + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 33a6733fd2..56fbefcd4d 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -48,7 +50,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499164		Resolved
KB4505050		May 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		February 12, 2019
KB4486563		Resolved
KB4486565		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		January 17, 2019
KB4480955		Resolved
KB4486565		February 19, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480970		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480970		Resolved
KB4486563		February 12, 2019
10:00 AM PT
Event Viewer may not show some event descriptions for network interface cards
The Event Viewer may not show some event descriptions for network interface cards (NIC).

See details >		October 18, 2018
KB4462927		Resolved
KB4489878		March 12, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480970		Resolved
KB4490511		February 19, 2019
02:00 PM PT
@@ -66,7 +67,8 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -94,6 +96,7 @@ sections: - type: markdown text: " + @@ -130,7 +133,6 @@ sections:
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:23 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
-
DetailsOriginating updateStatusHistory
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480955, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4486565.

Back to top		January 17, 2019
KB4480955		Resolved
KB4486565		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 17, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493472.

Back to top		January 08, 2019
KB4480970		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected Platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 

Resolution: This issue is resolved in KB4486563.

Back to top		January 08, 2019
KB4480970		Resolved
KB4486563		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480970, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490511.

Back to top		January 08, 2019
KB4480970		Resolved
KB4490511		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 9bf1ac9d82..dbb57e0e0b 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -51,7 +52,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
04:25 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503276		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489881		Resolved
KB4503276		June 11, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480963		Resolved
KB4490512		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480963		Resolved
KB4487000		February 12, 2019
10:00 AM PT
" @@ -67,7 +67,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -96,6 +96,7 @@ sections: - type: markdown text: " + @@ -134,6 +135,5 @@ sections: -
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490512.

Back to top		January 08, 2019
KB4480963		Resolved
KB4490512		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487000.

Back to top		January 08, 2019
KB4480963		Resolved
KB4487000		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index aeb08c2fd5..b83e9cc1e7 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -42,7 +42,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:19 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		January 17, 2019
KB4480974		Resolved
KB4489880		March 12, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4487023		Resolved
KB4493471		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480968		Resolved
KB4490514		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480968		Resolved
KB4487023		February 12, 2019
10:00 AM PT
" @@ -58,7 +57,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -108,6 +107,5 @@ sections: -
DetailsOriginating updateStatusHistory
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480974, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4489880.

Back to top		January 17, 2019
KB4480974		Resolved
KB4489880		Resolved:
March 12, 2019
10:00 AM PT

Opened:
January 17, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480968, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490514.

Back to top		January 08, 2019
KB4480968		Resolved
KB4490514		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487023.

Back to top		January 08, 2019
KB4480968		Resolved
KB4487023		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 532b8144c8..9a3dd8d77a 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -48,7 +48,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 20, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480975		Resolved
KB4490516		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480975		Resolved
KB4487025		February 12, 2019
10:00 AM PT
Event Viewer may not show some event descriptions for network interface cards
The Event Viewer may not show some event descriptions for network interface cards (NIC).

See details >		September 11, 2018
KB4457135		Resolved
KB4489891		March 12, 2019
10:00 AM PT
" @@ -65,7 +64,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -129,7 +128,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493451.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4493451Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493451.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4493451Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490516.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4490516Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT -
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487025.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4487025Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 010cb9d55b..55d16a4b23 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index a554e88e9e..407e511420 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + + - @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
August 01, 2019
05:00 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
July 26, 2019
04:58 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
" @@ -95,9 +95,9 @@ sections: - type: markdown text: " - - + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

You can configure the below registry key:
Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
Value: Disable Script Debugger
Type: REG_SZ
Data: no

Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
Last updated:
July 26, 2019
04:58 PM PT

Opened:
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4512517.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 26, 2019
04:58 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 58b6047c36..895bd3c1db 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
" @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -87,8 +87,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 279e20ebd2..930121e60e 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
@@ -79,7 +79,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -88,8 +88,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index ab543899da..0d6c3bc4dd 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
June 14, 2019
04:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -94,8 +94,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index d67d705cf0..a6f1d702b4 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,8 +64,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
July 10, 2019
07:09 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
June 14, 2019
04:41 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
" @@ -96,8 +96,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 1eff433b4f..3ea2e03409 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,18 +65,15 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - - + + + - - - @@ -97,7 +94,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
04:25 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
02:20 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
05:24 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
August 01, 2019
06:27 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 16, 2019
09:04 AM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 12, 2019
04:42 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
July 10, 2019
07:09 PM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
June 10, 2019
06:06 PM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:48 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -106,9 +103,9 @@ sections: - type: markdown text: " - - + + @@ -132,9 +129,6 @@ sections: - - - diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 88c5129963..f55dd568c1 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,11 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
02:20 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
05:24 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
Last updated:
August 01, 2019
08:44 PM PT

Opened:
May 21, 2019
07:13 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
August 01, 2019
06:27 PM PT

Opened:
May 21, 2019
07:28 AM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
Last updated:
June 10, 2019
06:06 PM PT

Opened:
May 24, 2019
04:20 PM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

  • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
  • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:48 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Workaround:
On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

Note We recommend you do not attempt to update your devices until newer device drivers are installed.

Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:22 AM PT
- + + + + -
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
10:05 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
" @@ -78,7 +80,9 @@ sections: - type: markdown text: " - + + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
10:05 AM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -96,6 +100,6 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index a15ed55837..202c053f79 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + -
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
04:25 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Mitigated
April 18, 2019
05:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
" @@ -80,7 +80,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -107,7 +107,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 18, 2019
05:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 7e730c134a..89a7335b26 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index ed7deea5f4..5d1e15e515 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index c7a8b5e2d7..85c3bf144d 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,11 @@ sections: text: " + + + + + From 38853d107bba1b85dfbf5baa5a60fec77d66688a Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Tue, 13 Aug 2019 19:16:43 -0700 Subject: [PATCH 349/395] CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) --- .../resolved-issues-windows-10-1507.yml | 8 ++----- .../resolved-issues-windows-10-1607.yml | 21 +++++++++++++------ .../resolved-issues-windows-10-1703.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1709.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1803.yml | 19 +++++++++++------ ...indows-10-1809-and-windows-server-2019.yml | 19 +++++++++++------ .../resolved-issues-windows-10-1903.yml | 4 ++-- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 10 +++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- ...esolved-issues-windows-server-2008-sp2.yml | 6 ++---- .../resolved-issues-windows-server-2012.yml | 6 ++---- .../status-windows-10-1507.yml | 4 ++-- ...indows-10-1607-and-windows-server-2016.yml | 14 ++++++------- .../status-windows-10-1703.yml | 10 ++++----- .../status-windows-10-1709.yml | 10 ++++----- .../status-windows-10-1803.yml | 10 ++++----- ...indows-10-1809-and-windows-server-2019.yml | 10 ++++----- .../status-windows-10-1903.yml | 20 +++++++----------- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 12 +++++++---- ...windows-8.1-and-windows-server-2012-r2.yml | 8 +++---- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../windows-message-center.yml | 5 +++++ 23 files changed, 142 insertions(+), 108 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index ab7065d60a..798d3fa659 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,17 +32,15 @@ sections: - type: markdown text: "
MessageDate
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
August 13, 2019
10:00 AM PT
Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
August 13, 2019
10:00 AM PT
Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
August 06, 2019
10:00 AM PT
Resolved August 1, 2019 16:00 PT: Microsoft Store users may encounter blank screens when clicking on certain buttons
Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.
August 01, 2019
02:00 PM PT
Status update: Windows 10, version 1903 “D” release now available
The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
July 26, 2019
02:00 PM PT
- + - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved
KB4507458		July 09, 2019
10:00 AM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Resolved
KB4505051		May 19, 2019
02:00 PM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		February 12, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Error 1309 when installing/uninstalling MSI or MSP files
Users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4491101		February 21, 2019
02:00 PM PT
First character of Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 10240.18158

March 12, 2019
KB4489872		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4489872		March 12, 2019
10:00 AM PT
" @@ -59,7 +57,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -108,8 +106,6 @@ sections: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Unable to access hotspots with third-party applications
After installing KB4480962, third-party applications may have difficulty authenticating hotspots.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4487018.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493475.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487018.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4487018		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 2c0de867c7..e8b0598941 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -52,10 +54,8 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Resolved
KB4507460		July 09, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4487006		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 14393.2759

January 17, 2019
KB4480977		Resolved
KB4487006		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 14393.2848

March 12, 2019
KB4489882		Resolved
KB4493473		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4487026		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4487006		February 19, 2019
02:00 PM PT
Issue hosting multiple terminal server sessions and a user logs off on Windows Server
In some cases, Windows Server will stop working and restart when hosting multiple terminal server sessions and a user logs off.

See details >		OS Build 14393.2828

February 19, 2019
KB4487006		Resolved
KB4489882		March 12, 2019
10:00 AM PT
Instant search in Microsoft Outlook fails on Windows Server 2016
Instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\" on Windows Server 2016.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4487026		February 12, 2019
10:00 AM PT
" @@ -71,7 +71,18 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4512517.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 26, 2019
04:58 PM PT
" @@ -140,7 +151,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493470.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4493470Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493470.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4493470Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480977, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487006.

Back to topOS Build 14393.2759

January 17, 2019
KB4480977Resolved
KB4487006Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 17, 2019
02:00 PM PT -
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487026.

Back to topOS Build 14393.2724

January 08, 2019
KB4480961Resolved
KB4487026Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " @@ -150,6 +160,5 @@ sections: text: " -
DetailsOriginating updateStatusHistory
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host after installing KB4467684.

Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
November 27, 2018
10:00 AM PT
Instant search in Microsoft Outlook fails on Windows Server 2016
After installing KB4467684 on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, \"Outlook cannot perform the search\".

Affected platforms:
  • Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2016
Resolution: This issue is resolved in KB4487026.

Back to top		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4487026		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 27, 2018
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 3401b26fdf..0786837bf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 15063.1839

May 28, 2019
KB4499162		Resolved
KB4509476		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved
KB4503289		June 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4487011		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 15063.1596

January 15, 2019
KB4480959		Resolved
KB4487011		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 15063.1689

March 12, 2019
KB4489871		Resolved
KB4493436		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4487011		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
" @@ -64,7 +63,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -119,7 +128,5 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 may cause applications to stop responding
After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493474.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4493474		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487011.

Back to top		OS Build 15063.1596

January 15, 2019
KB4480959		Resolved
KB4487011		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487020.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480973, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address.
  • Cannot load web pages on the Internet using a VPN connection.
Browsing fails or the web page may become unresponsive.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index d2b59916e7..36039dceaa 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved
KB4503281		June 18, 2019
02:00 PM PT
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4503284		June 11, 2019
10:00 AM PT
Error 1309 when installing/uninstalling MSI or MSP files
Users may receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4489886		March 12, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4487021		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 16299.936

January 15, 2019
KB4480967		Resolved
KB4487021		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		February 12, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4487021		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		February 12, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493441		April 09, 2019
10:00 AM PT
" @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -129,7 +138,5 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 causes applications to stop responding if an exception was thrown
After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493441.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487021.

Back to top		OS Build 16299.936

January 15, 2019
KB4480967		Resolved
KB4487021		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format.”

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4486996.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480978, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4486996		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 24ad1254f2..c94998225d 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -46,9 +47,7 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4509478		June 26, 2019
04:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved
KB4503288		June 18, 2019
02:00 PM PT
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

See details >		OS Build 17134.799

May 21, 2019
KB4499183		Resolved
KB4503286		June 11, 2019
10:00 AM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 17134.590

February 12, 2019
KB4487017		Resolved
KB4487029		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		February 19, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493437		April 25, 2019
02:00 PM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		February 12, 2019
10:00 AM PT
Cannot pin a web link on the Start menu or the taskbar
Some users cannot pin a web link on the Start menu or the taskbar.

See details >		OS Build 17134.471

December 11, 2018
KB4471324		Resolved
KB4487029		February 19, 2019
02:00 PM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		February 12, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493464		April 09, 2019
10:00 AM PT
" @@ -65,7 +64,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -128,8 +137,6 @@ sections: - -
DetailsOriginating updateStatusHistory
MSXML6 may cause applications to stop responding
After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493464

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4493464		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized
After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487029

Back to top		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487017.

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480966, some Microsoft Edge users report that they: 
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4487017

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4487017		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index f2dc569ffb..2dd93de94b 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -55,13 +56,11 @@ sections: - -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.

See details >		OS Build 17763.503

May 14, 2019
KB4494441		Resolved
KB4501371		June 18, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved
KB4501371		June 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 9 file format may randomly stop working.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		February 12, 2019
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

See details >		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		March 01, 2019
10:00 AM PT
Global DNS outage affects Windows Update customers
Windows Update customers were recently affected by a network infrastructure event caused by an external DNS service provider's global outage.

See details >		N/A

Resolved
March 08, 2019
11:15 AM PT
Apps may stop working after selecting an audio output device other than the default
Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.

See details >		OS Build 17763.348

March 01, 2019
KB4482887		Resolved
KB4490481		April 02, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4487044		February 12, 2019
10:00 AM PT
" @@ -77,7 +76,17 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
+ " + +- title: July 2019 +- items: + - type: markdown + text: " + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" @@ -149,7 +158,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
  • Cache size and location show zero or empty. 
  • Keyboard shortcuts may not work properly. 
  • Webpages may intermittently fail to load or render correctly. 
  • Issues with credential prompts. 
  • Issues when downloading files. 
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493509

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4493509Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
 
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493509

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4493509Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Global DNS outage affects Windows Update customers
Windows Update customers were affected by a network infrastructure event on January 29, 2019 (21:00 UTC), caused by an external DNS service provider's global outage. A software update to the external provider's DNS servers resulted in the distribution of corrupted DNS records that affected connectivity to the Windows Update service. The DNS records were restored by January 30, 2019 (00:10 UTC), and the majority of local Internet Service Providers (ISP) have refreshed their DNS servers and customer services have been restored. 
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
While this was not an issue with Microsoft's services, we take any service disruption for our customers seriously. We will work with partners to better understand this so we can provide higher quality service in the future even across diverse global network providers. 
 
If you are still unable to connect to Windows Update services due to this problem, please contact your local ISP or network administrator. You can also refer to our new KB4493784 for more information to determine if your network is affected, and to provide your local ISP or network administrator with additional information to assist you. 

Back to topN/A

Resolved
Resolved:
March 08, 2019
11:15 AM PT

Opened:
January 29, 2019
02:00 PM PT -
Webpages become unresponsive in Microsoft Edge
After installing KB4480116, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.
Browsing fails or the web page may become unresponsive.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4487020

Back to topOS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4487044Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " @@ -159,7 +167,6 @@ sections: text: " - diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index ad7c9065b6..46128ad713 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

Resolution: Microsoft has removed the safeguard hold.



Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
May 21, 2019
07:42 AM PT

Opened:
November 13, 2018
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
 
Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
 
Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4487044, and the block was removed.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
 
Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
 
To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
 
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
- + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 33a6733fd2..56fbefcd4d 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,7 +32,9 @@ sections: - type: markdown text: " - + + + @@ -48,7 +50,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499164		Resolved
KB4505050		May 18, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		February 12, 2019
KB4486563		Resolved
KB4486565		February 19, 2019
02:00 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		January 17, 2019
KB4480955		Resolved
KB4486565		February 19, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480970		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480970		Resolved
KB4486563		February 12, 2019
10:00 AM PT
Event Viewer may not show some event descriptions for network interface cards
The Event Viewer may not show some event descriptions for network interface cards (NIC).

See details >		October 18, 2018
KB4462927		Resolved
KB4489878		March 12, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480970		Resolved
KB4490511		February 19, 2019
02:00 PM PT
@@ -66,7 +67,8 @@ sections: - type: markdown text: " - + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -94,6 +96,7 @@ sections: - type: markdown text: " + @@ -130,7 +133,6 @@ sections:
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:23 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
-
DetailsOriginating updateStatusHistory
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480955, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4486565.

Back to top		January 17, 2019
KB4480955		Resolved
KB4486565		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 17, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493472.

Back to top		January 08, 2019
KB4480970		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected Platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 

Resolution: This issue is resolved in KB4486563.

Back to top		January 08, 2019
KB4480970		Resolved
KB4486563		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480970, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490511.

Back to top		January 08, 2019
KB4480970		Resolved
KB4490511		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 9bf1ac9d82..dbb57e0e0b 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,8 @@ sections: - type: markdown text: " - + + @@ -51,7 +52,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
04:25 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503276		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489881		Resolved
KB4503276		June 11, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480963		Resolved
KB4490512		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480963		Resolved
KB4487000		February 12, 2019
10:00 AM PT
" @@ -67,7 +67,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -96,6 +96,7 @@ sections: - type: markdown text: " + @@ -134,6 +135,5 @@ sections: -
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490512.

Back to top		January 08, 2019
KB4480963		Resolved
KB4490512		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487000.

Back to top		January 08, 2019
KB4480963		Resolved
KB4487000		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index aeb08c2fd5..b83e9cc1e7 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -42,7 +42,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:19 PM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		January 17, 2019
KB4480974		Resolved
KB4489880		March 12, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4487023		Resolved
KB4493471		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480968		Resolved
KB4490514		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480968		Resolved
KB4487023		February 12, 2019
10:00 AM PT
" @@ -58,7 +57,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -108,6 +107,5 @@ sections: -
DetailsOriginating updateStatusHistory
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480974, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4489880.

Back to top		January 17, 2019
KB4480974		Resolved
KB4489880		Resolved:
March 12, 2019
10:00 AM PT

Opened:
January 17, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480968, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490514.

Back to top		January 08, 2019
KB4480968		Resolved
KB4490514		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487023.

Back to top		January 08, 2019
KB4480968		Resolved
KB4487023		Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 532b8144c8..9a3dd8d77a 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -48,7 +48,6 @@ sections: -
SummaryOriginating updateStatusDate resolved
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 20, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
Virtual machines fail to restore
Virtual machines (VMs) may fail to restore successfully if the VM has been saved and restored once before.

See details >		January 08, 2019
KB4480975		Resolved
KB4490516		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480975		Resolved
KB4487025		February 12, 2019
10:00 AM PT
Event Viewer may not show some event descriptions for network interface cards
The Event Viewer may not show some event descriptions for network interface cards (NIC).

See details >		September 11, 2018
KB4457135		Resolved
KB4489891		March 12, 2019
10:00 AM PT
" @@ -65,7 +64,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -129,7 +128,6 @@ sections:
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493451.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4493451Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493451.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4493451Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Virtual machines fail to restore
After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490516.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4490516Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT -
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487025.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4487025Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 010cb9d55b..55d16a4b23 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index a554e88e9e..407e511420 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + + - @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
August 01, 2019
05:00 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
July 26, 2019
04:58 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
" @@ -95,9 +95,9 @@ sections: - type: markdown text: " - - + +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507459. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Workaround: To mitigate this issue, you need to Enable Script Debugging using one of the following ways.

You can configure the below registry key:
Registry setting: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main
Value: Disable Script Debugger
Type: REG_SZ
Data: no

Or you can Enable Script Debugging in Internet Settings. You can open Internet Setting by either typing Internet Settings into the search box on Windows or by selecting Internet Options in Internet Explorer. Once open, select Advanced then Browsing and finally, select Enable Script Debugging.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Mitigated
Last updated:
July 26, 2019
04:58 PM PT

Opened:
July 26, 2019
04:58 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512517. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast.

Affected platforms:
  • Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4512517.

Back to top		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 26, 2019
04:58 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 58b6047c36..895bd3c1db 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
" @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -87,8 +87,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507467. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512507. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 279e20ebd2..930121e60e 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
@@ -79,7 +79,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -88,8 +88,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507465. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512516. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index ab543899da..0d6c3bc4dd 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
June 14, 2019
04:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -94,8 +94,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4507466. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512501. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index d67d705cf0..a6f1d702b4 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,8 +64,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
04:25 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
July 10, 2019
07:09 PM PT
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
June 14, 2019
04:41 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
" @@ -96,8 +96,8 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4505658. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4511553. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the Windows 10, version 1903 section of the release information dashboard for the most up to date information on this and other safeguard holds.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		Resolved:
August 13, 2019
10:00 AM PT

Opened:
July 25, 2019
06:10 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 1eff433b4f..3ea2e03409 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,18 +65,15 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - - + + + - - - @@ -97,7 +94,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
04:25 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
02:20 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 08, 2019
07:18 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
05:24 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
August 01, 2019
06:27 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		July 26, 2019
02:00 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 16, 2019
09:04 AM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 12, 2019
04:42 PM PT
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
July 11, 2019
01:54 PM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
July 10, 2019
07:09 PM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
June 10, 2019
06:06 PM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
May 21, 2019
04:48 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -106,9 +103,9 @@ sections: - type: markdown text: " - - + + @@ -132,9 +129,6 @@ sections: - - - diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 88c5129963..f55dd568c1 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,11 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
02:20 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in mid-August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 08, 2019
07:18 PM PT

Opened:
July 25, 2019
06:10 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
+

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
05:24 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
Last updated:
August 01, 2019
08:44 PM PT

Opened:
May 21, 2019
07:13 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
August 01, 2019
06:27 PM PT

Opened:
May 21, 2019
07:28 AM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
Last updated:
June 10, 2019
06:06 PM PT

Opened:
May 24, 2019
04:20 PM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

  • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
  • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:48 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Workaround:
On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

Note We recommend you do not attempt to update your devices until newer device drivers are installed.

Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:22 AM PT
- + + + + -
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
10:05 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
" @@ -78,7 +80,9 @@ sections: - type: markdown text: " - + + +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
10:05 AM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -96,6 +100,6 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

Back to top		April 09, 2019
KB4493472		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index a15ed55837..202c053f79 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + -
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
04:25 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Mitigated
April 18, 2019
05:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
" @@ -80,7 +80,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -107,7 +107,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client:  Windows 8.1; Windows 7 SP1
  • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

Back to top		April 09, 2019
KB4493446		Mitigated
Last updated:
April 18, 2019
05:00 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 7e730c134a..89a7335b26 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
" @@ -77,7 +77,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index ed7deea5f4..5d1e15e515 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
04:25 PM PT

Opened:
August 09, 2019
04:25 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index c7a8b5e2d7..85c3bf144d 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,11 @@ sections: text: " + + + + + From fa81b40bfeebabb78f184c7011ed617d3b391333 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Aug 2019 10:10:03 -0700 Subject: [PATCH 350/395] Update windows-defender-antivirus-in-windows-10.md removed ====== --- .../windows-defender-antivirus-in-windows-10.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index bd9df5835d..def6571abc 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -47,7 +47,6 @@ You can configure and manage Windows Defender Antivirus with: > [!NOTE] > For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp). -======= ## Minimum system requirements From b642e9524b4b74cc302c5b9be4d60cf16da4eaef Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 14 Aug 2019 14:05:23 -0700 Subject: [PATCH 351/395] some metadata fixes --- education/docfx.json | 1 + education/get-started/get-started-with-microsoft-education.md | 2 +- mdop/docfx.json | 2 ++ windows/client-management/docfx.json | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/education/docfx.json b/education/docfx.json index 2f691e4f77..15587928ef 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -28,6 +28,7 @@ "audience": "windows-education", "ms.topic": "article", "ms.technology": "windows", + "manager": "laurawi", "audience": "ITPro", "breadcrumb_path": "/education/breadcrumb/toc.json", "ms.date": "05/09/2017", diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index a36cdb45da..64cf56759a 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -5,7 +5,7 @@ keywords: education, Microsoft Education, full cloud IT solution, school, deploy ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.topic: hero-article +ms.topic: article ms.localizationpriority: medium ms.pagetype: edu author: levinec diff --git a/mdop/docfx.json b/mdop/docfx.json index 55e32ba407..0f44ef3a0b 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -27,6 +27,8 @@ "ms.technology": "windows", "audience": "ITPro", "manager": "dansimp", + "ms.author": "dansimp", + "author": "dansimp", "ms.sitesec": "library", "ms.topic": "article", "ms.date": "04/05/2017", diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index bb9c73976e..d687294412 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -35,6 +35,7 @@ "ms.technology": "windows", "audience": "ITPro", "ms.topic": "article", + "manager": "dansimp", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", From 38353cbfe7f1d02d54b644ea08fc6a1503aef860 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 14 Aug 2019 14:42:16 -0700 Subject: [PATCH 352/395] fixing one more metadata issue --- .../General-Data-Privacy-Regulation-and-Surface-Hub.md | 2 -- .../connect-app-in-surface-hub-unexpectedly-exits.md | 2 -- .../known-issues-and-additional-info-about-surface-hub.md | 2 -- ...b-installs-updates-and-restarts-outside-maintenance-hours.md | 2 -- devices/surface-hub/surface-hub-update-history.md | 2 -- .../surfacehub-miracast-not-supported-europe-japan-israel.md | 2 -- .../use-cloud-recovery-for-bitlocker-on-surfacehub.md | 2 -- .../use-surface-hub-diagnostic-test-device-account.md | 2 -- mdop/docfx.json | 1 + 9 files changed, 1 insertion(+), 16 deletions(-) diff --git a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md index 3254e13d6c..e499178078 100644 --- a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md +++ b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md @@ -2,8 +2,6 @@ title: General Data Privacy Regulation and Surface Hub description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub. ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186 -ms.reviewer: -manager: keywords: GDPR ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md index 9e70a8755c..439d3c68d7 100644 --- a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md +++ b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md @@ -2,8 +2,6 @@ title: What to do if the Connect app in Surface Hub exits unexpectedly description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs. ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec -ms.reviewer: -manager: keywords: surface, hub, connect, input, displayport ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md index 93c56d4e28..003795ec22 100644 --- a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md +++ b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md @@ -2,8 +2,6 @@ title: Known issues and additional information about Microsoft Surface Hub description: Outlines known issues with Microsoft Surface Hub. ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7 -ms.reviewer: -manager: keywords: surface, hub, issues ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md index 1ec6740c76..98ad30890e 100644 --- a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md +++ b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md @@ -2,8 +2,6 @@ title: Surface Hub may install updates and restart outside maintenance hours description: troubleshooting information for Surface Hub regarding automatic updates ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA -ms.reviewer: -manager: keywords: surface hub, maintenance window, update ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md index 568e515039..0f70604dac 100644 --- a/devices/surface-hub/surface-hub-update-history.md +++ b/devices/surface-hub/surface-hub-update-history.md @@ -2,8 +2,6 @@ title: Surface Hub update history description: Surface Hub update history ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34 -ms.reviewer: -manager: keywords: ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md index 12678d2a9c..7a30ff1e37 100644 --- a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md +++ b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md @@ -2,8 +2,6 @@ title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f -ms.reviewer: -manager: keywords: ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md index 2cb3ab2414..d03cfe3055 100644 --- a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md +++ b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md @@ -2,8 +2,6 @@ title: How to use cloud recovery for BitLocker on a Surface Hub description: How to use cloud recovery for BitLocker on a Surface Hub ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d -ms.reviewer: -manager: keywords: Accessibility settings, Settings app, Ease of Access ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md index eedbfe9ae5..40a5768d27 100644 --- a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md +++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md @@ -2,8 +2,6 @@ title: Using the Surface Hub Hardware Diagnostic Tool to test a device account description: Using the Surface Hub Hardware Diagnostic Tool to test a device account ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c -ms.reviewer: -manager: keywords: Accessibility settings, Settings app, Ease of Access ms.prod: surface-hub ms.sitesec: library diff --git a/mdop/docfx.json b/mdop/docfx.json index 55e32ba407..fdec25d6d3 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -27,6 +27,7 @@ "ms.technology": "windows", "audience": "ITPro", "manager": "dansimp", + "ms.prod": w10, "ms.sitesec": "library", "ms.topic": "article", "ms.date": "04/05/2017", From 469d976a4d780f727904379b6a1deac3a7e6f1b7 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 14 Aug 2019 15:23:38 -0700 Subject: [PATCH 353/395] Update control-usb-devices-using-intune.md --- .../control-usb-devices-using-intune.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 8c67db295c..2517d1852c 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -112,13 +112,13 @@ To prevent malware infections or data loss, an organization may restrict USB dri | Allow installation and usage of USB drives and other peripherals | Allow users to install only the USB drives and other peripherals included on a list of authorized devices or device types | | Prevent installation and usage of USB drives and other peripherals| Prevent users from installing USB drives and other peripherals included on a list of unauthorized devices and device types | -All of the above controls can be set through the Intune [Administrative Templates](https://docs.microsoft.com/en-us/intune/administrative-templates-windows). The relevant policies are located here in the Intune Administrator Templates: +All of the above controls can be set through the Intune [Administrative Templates](https://docs.microsoft.com/intune/administrative-templates-windows). The relevant policies are located here in the Intune Administrator Templates: ![Admintemplates](images/admintemplates.png) >[!Note] >Using Intune, you can apply device configuration policies to AAD user and/or device groups. -The above policies can also be set through the [Device Installation CSP settings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation) and the [Device Installation GPOs](https://docs.microsoft.com/en-us/previous-versions/dotnet/articles/bb530324(v=msdn.10)). +The above policies can also be set through the [Device Installation CSP settings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) and the [Device Installation GPOs](https://docs.microsoft.com/previous-versions/dotnet/articles/bb530324(v=msdn.10)). >[!Note] >Always test and refine these settings with a pilot group of users and devices first before applying them in production. @@ -131,14 +131,14 @@ One way to approach allowing installation and usage of USB drives and other peri >[!Note] >Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. >1. Enable **prevent installation of devices not described by other policy settings** to all users. ->2. Enable **allow installation of devices using drivers that match these device setup classes** for all [device setup classes](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). +>2. Enable **allow installation of devices using drivers that match these device setup classes** for all [device setup classes](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). To enforce the policy for already installed devices, apply the prevent policies that have this setting. When configuring the allow device installation policy, you will need to allow all parent attributes as well. You can view the parents of a device by opening device manager and view by connection. ![Device by Connection](images/devicesbyconnection.png) -In this example, the following classesneeded to be added: HID, Keboard, and {36fc9e60-c465-11cf-8056-444553540000}. More information on [Microsoft-provided USB drivers](https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/supported-usb-classes). +In this example, the following classesneeded to be added: HID, Keboard, and {36fc9e60-c465-11cf-8056-444553540000}. More information on [Microsoft-provided USB drivers](https://docs.microsoft.com/windows-hardware/drivers/usbcon/supported-usb-classes). ![Device host controller](images/devicehostcontroller.jpg) @@ -152,7 +152,7 @@ If you want to restrict to certain devices, remove the device setup class of the >Using PowerShell: Get-WMIObject -Class Win32_DiskDrive | Select-Object -Property * ->For the typical format for the USB ID please reference the following link; (https://docs.microsoft.com/en-us/windows-hardware/drivers/install/standard-usb-identifiers) +>For the typical format for the USB ID please reference the following link; (https://docs.microsoft.com/windows-hardware/drivers/install/standard-usb-identifiers) ### Prevent installation and usage of USB drives and other peripherals If you want to prevent a device class or certain devices, you can use the prevent device installation policies. @@ -252,11 +252,11 @@ You can create custom alerts and response actions with the WDATP Connector and t **Restrict execution of all applications** on the machine except a predefined set MDATP connector is one of over 200 pre-defined connectors including Outlook, Teams, Slack, etc. Custom connectors can be built. -- [More information on WDATP Connector Response Actions](https://docs.microsoft.com/en-us/connectors/wdatp/) +- [More information on WDATP Connector Response Actions](https://docs.microsoft.com/connectors/wdatp/) **Custom Detection Rules Response Action:** Both machine and file level actions can be applied. -- [More information on Custom Detection Rules Response Actions](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules) +- [More information on Custom Detection Rules Response Actions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules) ## Related topics From b94e5c4c023d6840bb61fbbb32ee160e5e38d35e Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 14 Aug 2019 15:32:23 -0700 Subject: [PATCH 354/395] fixing build error --- mdop/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/docfx.json b/mdop/docfx.json index 648af2a3f1..252c242145 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -27,7 +27,7 @@ "ms.technology": "windows", "audience": "ITPro", "manager": "dansimp", - "ms.prod": w10, + "ms.prod": "w10", "ms.author": "dansimp", "author": "dansimp", "ms.sitesec": "library", From 18bfa96b1b6533d8dfcd6de6cbcafbb4ffb06447 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:21:18 -0700 Subject: [PATCH 355/395] enterprise get started --- devices/hololens/TOC.md | 14 +- devices/hololens/hololens-install-apps.md | 19 +-- devices/hololens/hololens-requirements.md | 195 ++++++++++++++-------- devices/hololens/hololens-status.md | 36 ++++ 4 files changed, 177 insertions(+), 87 deletions(-) create mode 100644 devices/hololens/hololens-status.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 36cbb30a09..131cd75b9d 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,23 +1,26 @@ -# [Microsoft HoloLens](index.md) +# [HoloLens overview](index.md) +# [Hololens status](hololens-status.md) + # [What's new in HoloLens](hololens-whats-new.md) # [Set up HoloLens](hololens-setup.md) -# Deploy HoloLens in a commercial environment +# Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) +## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Configure HoloLens using a provisioning package](hololens-provisioning.md) ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) +## [Set up ring based updates for HoloLens](hololens-updates.md) +## [Manage custom enterprise apps](hololens-install-apps.md) +## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) # Device Management -## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Install localized version of HoloLens](hololens-install-localized.md) -## [Manage updates to HoloLens](hololens-updates.md) ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) ## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) ## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) # Application Management -## [Install apps on HoloLens](hololens-install-apps.md) ## [Share HoloLens with multiple people](hololens-multiple-users.md) ## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) @@ -33,4 +36,3 @@ # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) - diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index c4f9c80521..7ff737a027 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -1,16 +1,15 @@ --- -title: Install apps on HoloLens (HoloLens) +title: Install apps on HoloLens description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business. ms.prod: hololens ms.mktglfcycl: manage ms.sitesec: library -author: dansimp -ms.author: dansimp +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium ms.date: 10/23/2018 ms.reviewer: -manager: dansimp --- # Install apps on HoloLens @@ -72,9 +71,9 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. >[!IMPORTANT] >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode) -1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. +1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. -2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb). +2. On a PC, connect to the HoloLens using [Wi-Fi](https://docs.microsoft.com/windows/mixed-reality/connecting-to-wi-fi-on-hololens) or USB. 3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up. @@ -84,13 +83,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. 4. In the Windows Device Portal, click **Apps**. ![App Manager](images/apps.png) - + 5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**. 6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. - - - - - - diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 0ff5596fa3..6d0b1dcf12 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -1,88 +1,147 @@ --- -title: HoloLens in the enterprise requirements and FAQ (HoloLens) -description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise. +title: Set up HoloLens in a commercial environment +description: Learn more about deploying and managing HoloLens in enterprise environments. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp +ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001 +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 -ms.reviewer: -manager: dansimp +ms.date: 07/15/2019 --- -# Microsoft HoloLens in the enterprise: requirements and FAQ +# Deploy HoloLens in a commercial environment -When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below. +TODO - [Commercial features](https://docs.microsoft.com/en-us/windows/mixed-reality/commercial-features) -## Requirements +Deploy and configure HoloLens at scale in a commercial setting. -### General use -- Microsoft account or Azure Active Directory (Azure AD) account -- Wi-Fi network to set up HoloLens +This article includes: ->[!NOTE] ->After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline). +- infrastructure requirements and recommendations for HoloLens management +- tools for provisioning HoloLens +- instructions for remote device management +- options for application deployment +This guide assumes basic familiarity with HoloLens. Follow the [get started guide](./hololens-setup.md) to set up HoloLens for the first time. + +## Infrastructure for managing HoloLens + +HoloLens are, at their core, a Windows mobile device integrated with Azure. They work best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services. + +Critical cloud services include: + +- Azure active directory (AAD) +- Windows Update (WU) + +Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. + +HoloLens does support a limited set of cloud disconnected experiences. + +## Initial set up at scale + +The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, picking your language and settings manually for each device gets tedious and limits scale. + +This section: + +1. introduces Windows provisioning using provisioning packages +1. walks through applying a provisioning package during first setup + +### Create and apply a provisioning package + +The best way to configure many new HoloLens devices is with Windows provisioning. Using Windows provisioning, you can specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes. + +A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device. + +### Upgrade to Windows Holographic for Business + +- HoloLens Enterprise license XML file + +Some of the HoloLens configurations that you can apply in a provisioning package: + +- Apply certificates to the device +- Set up a Wi-Fi connection +- Pre-configure out of box questions like language and locale. +- (HoloLens 2) bulk enroll in mobile device management +- (HoloLens v1) Apply key to enable Windows Holographic for Business + +Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens. + +### Set up user identity and enroll in device management + +The last step setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll: + +1. Bulk enrollment with a security token in a provisioning package. + Pros: this is the most automated approach + Cons: takes initial server-side setup +1. Auto-enroll on user sign in + Pros: easiest approach + Cons: users will need to complete set up after the provisioning package has been applied +1. _not recommended_ - Manually enroll post-setup + Pros: possible to enroll after set up + Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled. + +Learn more about MDM enrollment [here](hololens-enroll-mdm.md). + +## Ongoing device management + +Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely. + +This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens). + +[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens. + +### Push compliance policy via Intune + +[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are not-compliant. + +For example, you can create a policy that requires Bitlocker be enabled. + +[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows). + +### Manage updates + +Intune includes a feature called update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed. + +For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update. + +Read more about [configuring update rings with Intune](https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure). + +## Application management + +Manage holoLens applications through: + +1. Microsoft Store + The Microsoft Store is the best way to distribute and consume application on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/en-us/windows/uwp/publish/). + All applications in the store are available publicly to everyone, if that isn't acceptable, checkout the Microsoft Store for Business. + +1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) + Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It lets you deploy apps that are specific to your commercial environment but not to the world. + +1. Application deployment and management via Intune or another mobile device management solution + Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy). + +1. _not recommended_ Device Portal + Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use device portal. + +Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps). + +## Get support + +Get support through the Microsoft support site. + +[File a support request](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f). + +## Technical Reference + +### Wireless network EAP support -### Supported wireless network EAP methods - PEAP-MS-CHAPv2 - PEAP-TLS -- TLS +- TLS - TTLS-CHAP - TTLS-CHAPv2 - TTLS-MS-CHAPv2 - TTLS-PAP - TTLS-TLS - -### Device management -- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) -- Wi-Fi network -- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs - -### Upgrade to Windows Holographic for Business -- HoloLens Enterprise license XML file - - -## FAQ for HoloLens - - -#### Is Windows Hello for Business supported on HoloLens? - -Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens: - -1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md). -2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello)) -3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**. - ->[!NOTE] ->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview). - -#### Does the type of account change the sign-in behavior? - -Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type. - -- Microsoft account: signs in automatically -- Local account: always asks for password, not configurable in **Settings** -- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password. - ->[!NOTE] ->Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy. - - -#### How do I remove a HoloLens device from the Intune dashboard? - -You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard. - - -## Related resources - -[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/) - -[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune) - -[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms) - -[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/) - diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md new file mode 100644 index 0000000000..22c5e995db --- /dev/null +++ b/devices/hololens/hololens-status.md @@ -0,0 +1,36 @@ +--- +title: HoloLens status +description: Shows the status of HoloLens online services. +author: todmccoy +ms.author: v-todmc +ms.reviewer: luoreill +manager: jarrettr +audience: Admin +ms.topic: article +ms.prod: hololens +localization_priority: Medium +ms.sitesec: library +--- + +# HoloLens status + +✔️ **All services are active** + +**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical + +Area|HoloLens (1st gen)|HoloLens 2 +----|:----:|:----: +[Azure services](https://status.azure.com/en-us/status)|✔️|✔️ +[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️ +[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️ +[MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️ + +## Notes and related topics + +[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens) + +For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/en-us/status/). + +For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/en-us/windows/mixed-reality/hololens-known-issues). + +Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/). From dcfbc4d9ee7007eed23baa9714bba668769b9d02 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:29:39 -0700 Subject: [PATCH 356/395] navigation --- devices/hololens/TOC.md | 13 ++- devices/hololens/holographic-home.md | 90 +++++++++++++++++++ .../hololens/holographic-photos-and-video.md | 43 +++++++++ devices/hololens/hololens-cortana.md | 50 +++++++++-- .../hololens/hololens-find-and-save-files.md | 3 + devices/hololens/hololens-start.md | 57 ++++++++++++ 6 files changed, 246 insertions(+), 10 deletions(-) create mode 100644 devices/hololens/holographic-home.md create mode 100644 devices/hololens/holographic-photos-and-video.md create mode 100644 devices/hololens/hololens-start.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 131cd75b9d..ae780add6e 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,8 +1,9 @@ # [HoloLens overview](index.md) # [Hololens status](hololens-status.md) -# [What's new in HoloLens](hololens-whats-new.md) -# [Set up HoloLens](hololens-setup.md) +# Get started with HoloLens (gen 1) +## [Start your HoloLens (1st gen) for the first time](hololens-start.md) +## [Install localized version of HoloLens](hololens-install-localized.md) # Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) @@ -13,8 +14,13 @@ ## [Manage custom enterprise apps](hololens-install-apps.md) ## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) +# Navigating Windows Holographic +## [Windows Mixed Reality home](holographic-home.md) +## [Voice and Cortana](hololens-cortana.md) +## [Find and save files](hololens-find-and-save-files.md) +## [Create, share, and view photos and video](holographic-photos-and-video.md) + # Device Management -## [Install localized version of HoloLens](hololens-install-localized.md) ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) ## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) @@ -22,7 +28,6 @@ # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) -## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md new file mode 100644 index 0000000000..d48aa839a2 --- /dev/null +++ b/devices/hololens/holographic-home.md @@ -0,0 +1,90 @@ +--- +title: Navigate the Windows Mixed Reality home +description: Navigate the Windows Mixed Reality home in Windows Holographic. +ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: scooley +ms.author: scooley +ms.topic: article +ms.localizationpriority: medium +--- + +# Navigate the Windows Mixed Reality home + +## [Navigating MR Home](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) + +## Use the Start menu + +The **Start** menu on HoloLens is where you'll open apps and get to the HoloLens camera. + +Wherever you are in HoloLens, you can always open the **Start** menu by using the [bloom gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) on HoloLens (1st gen) or tapping your wrist on HoloLens 2. Usually, you'll use it once to get to **Start**, but sometimes you might need to use it twice. + +> [!TIP] +> When the **Start** menu is open, use the start gesture to hide it again. + +At the top of the **Start** menu, you'll see status indicators for Wi-Fi, battery, and volume, plus a clock. The tiles are your pinned apps. To talk to Cortana, select her tile, or just say "Hey Cortana" from anywhere on HoloLens. At the bottom you'll find the photo and video icons, which open the camera app. + +To see the rest of your apps, select **All apps**. To get back to **Start** from the **All apps** list, select **Pinned apps**. + +## Use apps on HoloLens + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see. + +### Open apps + +You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**. + +On Start or in the All apps list, select an app. It will open in a good position for viewing. + +>[!NOTE] +>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. +>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. +>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info. + +## Move, resize, and rotate apps + +Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens-clicker.md). You can also rotate an app window in 3D space. + +> [!TIP] +> Rearrange apps using your voice—gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move <*app name*> here." + +### Move an app + +Gaze at the app, and then do one of the following. + +- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it. + +- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**. +- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**. + +> [!TIP] +> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze. + +### Resize an app + +Gaze at the app, and then do one of the following. + +- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done. + +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**. +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**. + +> [!TIP] +> In Adjust mode, you can move or resize any hologram. + +### Rotate an app + +Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers. + +## Close apps + +To close an app that uses 2D view, gaze at it, then select **Close**. + +To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**. + +## Pin apps + +Keep your favorite apps handy by pinning them to **Start**. In the **All apps** list, gaze at an app to highlight it. Tap and hold until the menu appears, then select **Pin**. To unpin an app, gaze at the app on **Start**, then tap and hold and select **Unpin**. diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md new file mode 100644 index 0000000000..721198bb1e --- /dev/null +++ b/devices/hololens/holographic-photos-and-video.md @@ -0,0 +1,43 @@ +--- +title: Create, share, and view photos and video +description: Create, share, and view photos and video +ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens (1st gen) +--- + +# Create, share, and view photos and video + +Use your HoloLens to take photos and videos that capture the holograms you've placed in your world. + +To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**. + +## Take a photo + +Use the [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures) gesture to go to **Start**, then select **Photo**. Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.

+ +Want to snap a quick pic? Press the volume up and volume down buttons at the same time. [Where are the buttons?](https://support.microsoft.com/help/12649/hololens-whats-in-the-box) + +## Take a video + +Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app. + +To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a 3-second countdown begins. To stop recording, tap both buttons. + +> [!TIP] +> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md) + +[Take + share photos and video with Mixed reality capture](https://docs.microsoft.com/en-us/windows/mixed-reality/mixed-reality-capture) + +[Find and view your photos](https://docs.microsoft.com/en-us/windows/mixed-reality/see-your-photos) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index dfe9539b1b..5be69e50cf 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -2,9 +2,8 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed -ms.reviewer: jarrettrenshaw -ms.date: 07/01/2019 -manager: v-miegge +ms.date: 08/14/2019 +manager: jarrettrenshaw keywords: hololens ms.prod: hololens ms.sitesec: library @@ -14,14 +13,52 @@ ms.topic: article ms.localizationpriority: medium --- -# Cortana on HoloLens +# Use your voice with HoloLens + +You can use your voice to do many of the same things you do with gestures on HoloLens, like taking a quick photo or opening an app. + +## Voice commands + +Get around HoloLens faster with these basic commands. If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use the following built-in voice commands. + +**Select**. Use this instead of air tap. Gaze at a hologram, then say "Select." + +**Go to start**. Say "Go to Start" anytime to bring up the **Start** menu. Or when you're in an immersive app, say "Go to Start" to get to the quick actions menu. + +**Move this**. Instead of air tapping and dragging an app, say "Move this" and use gaze to move it. + +**Face me**. Gaze at a hologram, and then say "Face me" to turn it your way. + +**Bigger/Smaller**. Gaze at a hologram, and then say "Bigger" or "Smaller" to resize it. + +Many buttons and other elements on HoloLens also respond to your voice—for example, **Adjust** and **Close** on the app bar. To find out if a button is voice-enabled, rest your gaze on it for a moment. If it is, you'll see a voice tip. + +## Dictation mode + +Tired of typing? Switch to dictation mode any time the holographic keyboard is active. Select the microphone icon to get started, or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." + +> [!NOTE] +> You need an Internet connection to use dictation mode. + +HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**." + +Here are the punctuation keywords you can use: + +- Period, comma, question mark, exclamation point/exclamation mark +- New line/new paragraph +- Semicolon, colon +- Open quote(s), close quote(s) +- Hashtag, smiley/smiley face, frowny, winky +- Dollar, percent + +Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com." + +## Do more with Cortana Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime. ![Hey Cortana!](images/cortana-on-hololens.png) -## What do I say to Cortana - Here are some things you can try saying (remember to say "Hey Cortana" first): - What can I say? @@ -44,6 +81,7 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): - Tell me a joke. >[!NOTE] +> >- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. >- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md index ba459eff13..e147ac2845 100644 --- a/devices/hololens/hololens-find-and-save-files.md +++ b/devices/hololens/hololens-find-and-save-files.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Find and save files on HoloLens +Add content from [Find and save files](https://docs.microsoft.com/en-us/windows/mixed-reality/saving-and-finding-your-files) + + Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens. ## View files on HoloLens diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md new file mode 100644 index 0000000000..1e8b575f0f --- /dev/null +++ b/devices/hololens/hololens-start.md @@ -0,0 +1,57 @@ +--- +title: HoloLens (1st gen) first start +description: Go through the first start experience for HoloLens (1st gen). +ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.date: 8/12/19 +manager: jarrettr +ms.topic: article +ms.localizationpriority: medium +--- + +# Set up HoloLens for the first time + +The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. + +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](hololens-basic-usage.md) + +## Before you start + +Before you get started, make sure you have the following available: + +**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. After setup, you can [use your device offline](hololens-offline.md). + +**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free. + +**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661). + +**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). + +> [!NOTE] +> [Cortana](https://support.microsoft.com/help/12630/) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.

+ +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. + - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account. + 2. Accept privacy statement. + 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. + 4. Continue with device setup. + - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account. + 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. + +Congratulations! Setup is complete and you can begin using HoloLens. + +## Next steps + +> [!div class="nextstepaction"] +> [Get started with HoloLens (1st gen)](hololens-basic-usage.md) \ No newline at end of file From 3305a59949c4270978099fe54f0972b1f2644a1a Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:32:52 -0700 Subject: [PATCH 357/395] toc --- devices/hololens/TOC.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index ae780add6e..eede34c38a 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -32,12 +32,10 @@ ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) +## [How HoloLens stores data for spaces](hololens-spaces.md) # User/Access Management ## [Set up single application access](hololens-kiosk.md) -## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -## [How HoloLens stores data for spaces](hololens-spaces.md) -## [Find and save files](hololens-find-and-save-files.md) # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) From 11a12bb7546694302d172aba4fb1ba7b763ff060 Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:39:33 -0700 Subject: [PATCH 358/395] devices and accessories --- devices/hololens/TOC.md | 8 +++- .../hololens-clicker-restart-recover.md | 2 + devices/hololens/hololens-connect-devices.md | 46 +++++++++++++++++++ devices/hololens/hololens-network.md | 39 ++++++++++++++++ devices/hololens/hololens-offline.md | 3 ++ 5 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 devices/hololens/hololens-connect-devices.md create mode 100644 devices/hololens/hololens-network.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index eede34c38a..097d6d4429 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -20,11 +20,15 @@ ## [Find and save files](hololens-find-and-save-files.md) ## [Create, share, and view photos and video](holographic-photos-and-video.md) +# Accessories and connectivity +## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md) +## [Restart or recover the HoloLens (1st gen) clicker](hololens-clicker-restart-recover.md) +## [Connect to a network](hololens-network.md) +## [Use HoloLens offline](hololens-offline.md) + # Device Management ## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Use the HoloLens Clicker](hololens-clicker.md) ## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) -## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md index 81c7ffc704..25e49740c9 100644 --- a/devices/hololens/hololens-clicker-restart-recover.md +++ b/devices/hololens/hololens-clicker-restart-recover.md @@ -16,6 +16,8 @@ ms.localizationpriority: medium # Restart or recover the HoloLens clicker +[Clicker recovery](https://support.microsoft.com/en-us/help/15555) + Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. ## Restart the clicker diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md new file mode 100644 index 0000000000..c702921e14 --- /dev/null +++ b/devices/hololens/hololens-connect-devices.md @@ -0,0 +1,46 @@ +--- +title: Connect to Bluetooth and USB-C devices +description: This guide walks through connecting to Bluetooth and USB-C devices and accessories. +ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30 +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +appliesto: +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect devices and accessories + +## Pair Bluetooth devices + +Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard. Pair the HoloLens [clicker](hololens-clicker.md) for a different way to interact with HoloLens. + +> [!NOTE] +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported. [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660). + +### Pair a Bluetooth keyboard or mouse + +1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. Check the device or visit the manufacturer's website to learn how. + +1. Go to **Start**, then select **Settings**. +1. Select **Devices** and make sure Bluetooth is on. When you see the device name, select **Pair** and follow the instructions. + +### Pair the clicker + +1. Use the bloom gesture to go to **Start**, then select **Settings**. + +1. Select **Devices** and make sure Bluetooth is on. +1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens-clicker.md) +1. On the pairing screen, select **Clicker** > **Pair**. + +## Connect USB-C devices + +## Connect to Miracast + +> Applies to HoloLens 2 only. diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md new file mode 100644 index 0000000000..a3082e1e7c --- /dev/null +++ b/devices/hololens/hololens-network.md @@ -0,0 +1,39 @@ +--- +title: Connect to a network +description: Connect to a wi-fi or ethernet network with HoloLens. +ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect to a network + +You'll need to be connected to a network to do most things on your HoloLens. [What can I do offline](hololens-offline.md)? + +## Connecting for the first time + +The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. + +## Connecting to Wi-Fi after setup + +1. Go to **Start**, then select **Settings**. + +1. _HoloLens (1st gen) only_ - Use your gaze to position the Settings app, then air tap to place it, or say "Place." + +1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list. + +1. Select a network > **Connect**. + +1. Type the network password if asked for one, then select **Next**. + +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) \ No newline at end of file diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md index 49190e6907..7de0cc1381 100644 --- a/devices/hololens/hololens-offline.md +++ b/devices/hololens/hololens-offline.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Use HoloLens offline +[Use offline](https://support.microsoft.com/en-us/help/12645) + + To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how. ## HoloLens limitations From 341bc26804b2cd6b4f23fdc2ade49cdee438506f Mon Sep 17 00:00:00 2001 From: Sarah Date: Wed, 14 Aug 2019 16:40:50 -0700 Subject: [PATCH 359/395] devices and accessories --- devices/hololens/TOC.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 097d6d4429..fe85d293be 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -26,10 +26,6 @@ ## [Connect to a network](hololens-network.md) ## [Use HoloLens offline](hololens-offline.md) -# Device Management -## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) - # Application Management ## [Share HoloLens with multiple people](hololens-multiple-users.md) ## [Get apps for HoloLens](hololens-get-apps.md) @@ -38,6 +34,10 @@ ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) ## [How HoloLens stores data for spaces](hololens-spaces.md) +# Recovery and troubleshooting +## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) +## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) + # User/Access Management ## [Set up single application access](hololens-kiosk.md) From 5c8f62e754bce3aaa60df4e89c02f6897ff5b620 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Wed, 14 Aug 2019 16:47:59 -0700 Subject: [PATCH 360/395] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) --- ...issues-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...d-issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- windows/release-information/status-windows-10-1507.yml | 2 ++ .../status-windows-10-1607-and-windows-server-2016.yml | 2 ++ windows/release-information/status-windows-10-1703.yml | 2 ++ windows/release-information/status-windows-10-1709.yml | 2 ++ windows/release-information/status-windows-10-1803.yml | 2 ++ .../status-windows-10-1809-and-windows-server-2019.yml | 2 ++ windows/release-information/status-windows-10-1903.yml | 6 ++++-- ...status-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 6 ++++-- .../status-windows-server-2008-sp2.yml | 2 ++ .../release-information/status-windows-server-2012.yml | 2 ++ 13 files changed, 34 insertions(+), 12 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 56fbefcd4d..6c32625e16 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -33,7 +33,7 @@ sections: text: "
MessageDate
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
August 13, 2019
10:00 AM PT
Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
August 13, 2019
10:00 AM PT
Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
August 06, 2019
10:00 AM PT
Resolved August 1, 2019 16:00 PT: Microsoft Store users may encounter blank screens when clicking on certain buttons
Some customers running the version of the Microsoft Store app released on July 29, 2019 encountered a blank screen when selecting “Switch out of S mode,” “Get Genuine,” or some “Upgrade to [version]” OS upgrade options. This issue has now been resolved and a new version of the Microsoft Store app has been released. Users who encountered this issue will need to update the Microsoft Store app on their device. If you are still encountering an issue, please see Fix problems with apps from Microsoft Store.
August 01, 2019
02:00 PM PT
Status update: Windows 10, version 1903 “D” release now available
The optional monthly “D” release for Windows 10, version 1903 is now available. Follow @WindowsUpdate for the latest on the availability of this release.
July 26, 2019
02:00 PM PT
- + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
- + diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index dbb57e0e0b..c99e109581 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:23 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
- + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503276		Resolved
KB4503283		June 20, 2019
02:00 PM PT
- + diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 55d16a4b23..ad95a86417 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
+
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -77,6 +78,7 @@ sections: - type: markdown text: " +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 407e511420..91613ec839 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -85,6 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 895bd3c1db..14b06262a2 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -78,6 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 930121e60e..0f421e0330 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -79,6 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 0d6c3bc4dd..43dd7629a1 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -85,6 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index a6f1d702b4..84e577f6f6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -86,6 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 3ea2e03409..ac69403baa 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -94,6 +95,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
05:24 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -104,7 +106,7 @@ sections: text: " +

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index f55dd568c1..e6f0096fc3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
05:24 PM PT

Opened:
July 25, 2019
06:10 PM PT
OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
+ - - + +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
10:05 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
@@ -80,8 +81,9 @@ sections: - type: markdown text: " + - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
10:05 AM PT

Opened:
August 13, 2019
10:05 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -100,6 +102,6 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 202c053f79..14996a4841 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -80,6 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
03:34 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -107,7 +109,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 89a7335b26..033396edf0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -77,6 +78,7 @@ sections: - type: markdown text: " +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 5d1e15e515..08e207a24e 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -79,6 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" From c4f3c8df74786d2c55422822526c0d32fc1e3539 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Wed, 14 Aug 2019 17:19:27 -0700 Subject: [PATCH 361/395] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) --- ...issues-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...d-issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- windows/release-information/status-windows-10-1507.yml | 2 ++ .../status-windows-10-1607-and-windows-server-2016.yml | 2 ++ windows/release-information/status-windows-10-1703.yml | 2 ++ windows/release-information/status-windows-10-1709.yml | 2 ++ windows/release-information/status-windows-10-1803.yml | 2 ++ .../status-windows-10-1809-and-windows-server-2019.yml | 2 ++ windows/release-information/status-windows-10-1903.yml | 6 ++++-- ...status-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 6 ++++-- .../status-windows-server-2008-sp2.yml | 2 ++ .../release-information/status-windows-server-2012.yml | 2 ++ 13 files changed, 34 insertions(+), 12 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 56fbefcd4d..6c32625e16 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -33,7 +33,7 @@ sections: text: " - + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
- + diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index dbb57e0e0b..c99e109581 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:23 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493472		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
- + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503276		Resolved
KB4503283		June 20, 2019
02:00 PM PT
- + diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 55d16a4b23..ad95a86417 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:22 PM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

Back to top		April 09, 2019
KB4493446		Resolved
Resolved:
May 14, 2019
01:21 PM PT

Opened:
April 09, 2019
10:00 AM PT
+
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -77,6 +78,7 @@ sections: - type: markdown text: " +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 407e511420..91613ec839 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -85,6 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 895bd3c1db..14b06262a2 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -78,6 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 930121e60e..0f421e0330 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -79,6 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 0d6c3bc4dd..43dd7629a1 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -85,6 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index a6f1d702b4..84e577f6f6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -86,6 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 3ea2e03409..ac69403baa 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -94,6 +95,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
05:24 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
03:34 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated External
August 01, 2019
08:44 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -104,7 +106,7 @@ sections: text: " +

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index f55dd568c1..e6f0096fc3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.

To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.

Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
-

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Next steps: At this time, we suggest that devices in an affected environment do not install KB4497935. We are working on a resolution and estimate a solution will be available in late August.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
05:24 PM PT

Opened:
July 25, 2019
06:10 PM PT
OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
July 25, 2019
06:10 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).  

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.

Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: To mitigate this issue before the resolution is released, you will need to update the Intel RST drivers for your device to version 15.5.2.1054 or a later.  Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver. Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next Steps: We are working on a resolution and estimate a solution will be available in late August.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
July 25, 2019
06:10 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
+ - - + +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
10:05 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
10:06 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
@@ -80,8 +81,9 @@ sections: - type: markdown text: " + - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
10:05 AM PT

Opened:
August 13, 2019
10:05 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -100,6 +102,6 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles: 

Back to top		April 09, 2019
KB4493472		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 202c053f79..14996a4841 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -80,6 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
10:06 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
03:34 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" @@ -107,7 +109,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
10:06 AM PT

Opened:
April 09, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:  

Back to top		April 09, 2019
KB4493446		Resolved External
Last updated:
August 13, 2019
06:59 PM PT

Opened:
April 09, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 89a7335b26..033396edf0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -77,6 +78,7 @@ sections: - type: markdown text: " +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 5d1e15e515..08e207a24e 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -79,6 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" From 2f92ba88d2303c21d75e378008db6d48bc9d634c Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 14 Aug 2019 17:49:34 -0700 Subject: [PATCH 362/395] Updates text and images --- devices/surface/images/wifi-band.png | Bin 0 -> 73599 bytes devices/surface/images/wifi-roaming.png | Bin 0 -> 87663 bytes ...ace-diagnostic-toolkit-for-business-intro.md | 5 ++--- 3 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 devices/surface/images/wifi-band.png create mode 100644 devices/surface/images/wifi-roaming.png diff --git a/devices/surface/images/wifi-band.png b/devices/surface/images/wifi-band.png new file mode 100644 index 0000000000000000000000000000000000000000..38681a9dc8e0a7fbddb72d617a9fc09aff6da53d GIT binary patch literal 73599 zcmbTd1#leA(k&=kw$Ne*i@EGXm*=Xt5Xz3ZL=~)0wbN~hhynlq?!FsJ1rdpEdvAf2ZGwp#mZjSncB*Z@LvrAhIab4rq=eRKr6gI8g=!6 z4)$CGAD;d_1xxGysI{{DCrlp!qjlD`rlqH$`!l7#fCl>i!C5=lTKr|)K%dso!qC#t z%HHk+OaC9NwF%H3XlDZae^C9O?*C!nBear||FQAE^u^NhKPK$#1sy-8@lQbhmuNc$ z7i&XWIYT?3gRQ=ypyP*|gnwpZ4dAym)U^lNDgc2N|1Olwzb@nP^Z!{Gc04j=Q!4|Y zlO6egjWHC^wKwD<_|s2K$3{)ZtUyl>pl1g#(o@s10_f=ehDrhrOpRRrCzPH^fu8ka zfj?gV1NxCQ2Dtq)7#a}# zbK3O(I0ApGbuuyhQ2PIp7k|U-fJXLCy0(Ttj6b6F|0VTkKm4ctQ?`Fkh4%kG%fI^m ztHl3>f9xB7n*Z6bJ`Vn~~pps8=A3CSuV&YOh{3I9}3RtCm9auih|ESyY~0i z+T5C;Ray(o56`UN$z$M&65tbL4iSm+72rR~%3v0J&2Ll1Ok6cwtX#hTbsh!ds4E+O zUsQGe=*eBS!g!mWVr-N-Ojx1Od9xX}pfZ7+<{u>+Ar5lKv?Y&?-qA4$kP{KJ(Y?9s z)}+*xjOg8(#!EL_dF8aWQw@=(^P2*d&OkBP2PhJr1`s29t`so~X^i z#nl~%I0Lzn&(t6|Yr=6^#oGQSMv0GgePYp_Vrtn zbH)(3T=@;Jmzz zL)wuqn78U%WK4fAY;QFqzCpYz^O5bHcjp~Y`jbAuE0EFJj)3O&Y9bG7W8+p}v>nrq z>wf(s0q=Y`T&@C{oG$g#2Qh?5NVtN|9-XG!>(p_+e@V~!uUf;=;HW5Rxe_82rMB(! zMByKQ$tJG%%%MOmk%C&o&(Z8(Rg`3Z38&!pStV(<$>ch9&_618ARvG({E6@FzmK2VzW&>}pMwqo^|ws?Z<_BqJ-xj(Y8AAn zJoNN2gHgEehxYFsV7{Xg4`X2~;bNda5uAc3Sb;JLEBBos_yQbl4;EP ztE~=R08JQgB2n7!ynR~6gO?o6$Ys*K(}idcw${e)G&H8-llfYvT06%)Vp}LA_7&qT zs9n}BN|w2-9X~2k)H(t6L6KiQS7~DPtFE@EmcJ+gMH_T9pZJ9djPFi}sewpG%2zJj zGFO_8XDvT?PmTQdrVKd4_j~SzgU7Yw_Huk^MW`cJvnuvNiC>dOHl!<9xQcO-e@?7d z?Vjj^aDDoEl_M2`2j~vu70gsto2oDzzWLlYQepYrY)ZvnM-t$2rv&YGgW~wTh4*)_ z$uA6;lp1U3KzoYo9?oVrTMj2VG1(?jn-$yUKD*7I?7s_+Woe>lmhG^b;J)vbR?=0B zwAdV75GxcM$<+SNgsryzlE(^qunBWZi1K2qpK&v-bS%0;BoklMGWz zP+){lg2_}TegIcim3Cxt*a_e^_@}L8v8q5;@0g+I&>?@*MX_8~txxKH&s&~zdsyf9 zBH0JOtcRzDmo7$YisyOH?f?@~kl1lvk(9!EO9kv+ZQ4Wa-rnywroX|fM4cWlD|*r& z>#4uPvTRT0^vBP?J6ybDj`WbRECD2UBg z2qVzmu2YYDQA4BAnCkj~(T0ej7E=QZ6E)@j_z-azj<)PZj5}4jNI}9np@93brvy%z9m{}_F)0;x(`Yp|P8n9X*F3=KG7 zXiDSTuc1@inVMq|r8BS8aZ*3Pr2YyjPN&Y!wazMCD)Vu7WOMq& zsd3U&wvGJK1SjwKGNToJkvOAJMO(z}8yu7AYO14nY+aLfdKvlHc# z!@u$)av@-y2j27ec{es5}C@4bq1%4BJ2JW z{cT#BBPL7ly8{iD0M;BgPsp2q!~3@~iPNq)m?q;3sTzwsK4l_~u2+nz)){nJZaamH zflkF`@`V--!AeWLwecv`xutj0NC#SOhs}d##yu{D8V;?x&YTUMXLVG+i@_8Hc(bafK?M zkJTo^rL0{%V#GZ4t`}S_m0L8B4>VGmRX zjq>eR?V5&>G`UO~zxSem>&)!$1@ka*GDkB{%FKQSXU@F5jHX>X=~hqUQmx)Y=U00$ zY6))Zg5Nt7vKkuD`;rV5>u!UX*Ll*b3`G8A8^=WA`@(<0+-^{m=9qp6`n1`Zjqjk% zR(3zpjnfzcOAT&Q*dyYIoho6{NU}54@AuM>6qSTPHjk^S@>c-hGbQf;&9_7AEu@g;?d-&$lE1kPsmTLjmC$dQw1j-kr;y1Cg zTi(t4n#;Cxll2@>zcu$bl+h$(E~gd^`?Ki)hN||SqAZ$+(P{Y-1&W)eq%15ucEiut z3HhE0TQ3)fVwtO8x-joCFj(iZt!jc|q$Jn1`q^G!zR%B&wigEEosXXQKcuBD9tS8@ zD+Mv_^E$6FdCJ@33FBY8Jv-Sg@aol_UKnsmuyt>pj0PeflVMRL-ER-?i438)oo)Tk z?^fcvNkV6w2PS}SEEr)B}#R$0eY~u2UGG%gQQM2 zgJqvl!Z2ba1P|GC;4Md=xzWzO&^F5-PY7m9VU4!bE7;o|iH$SZJp|6uNBvRg?nk27 z!$CnxM81nXy6s@rQO^qcl&&UomEfC$!5W;t@(>pBVj&91MBitH>_m~ga=Z#(&bDno z$g=uUrrBYFgW#iJUd>mMnaZ?1Z^=`=dj;5l;FS;=2ty$(7IKPtu>~n#Ywr#6Z@%cC zcc7%WKG^@fh&yx-NaOL(Lt7FB0k(QN_6_+EqkDO#WHYV@mI853cjLS#;c7`&Z5G%F)(RN(Ji zb!ckgri!sf`>m}#>9%IAY$SbflwnuQ1|XyHiNXn}^EuumvOhnib-X+tyW7YW2 zsxy#_jpZNp$6S%XF6XGpNuh6=F5LXVb?(0lJ}L6^LsqE8jpM$@GrPKL5y~&{H1VL6 z7A83aM9#3s8QKizXS~OH!jvLnVv04GDVi`?YA32+l@#1mCLJn8B-VL(w*2a-39&To zFJ38TP;9#?$T(zM#~!cLCO^@5CQQ`=MSshsCZXkZR27N4p0r%i(1KeUeJD{Ed2Ij* z0e2}9q%I8zL{uxlsiNhK1d;R1l$saHV}r+;c%r|Bv}BKmLz~#lu#!yiJUCPU_MJtQ zs8?`hX-~Ls89akqn$YVK9>#U~#>^B#I!Vz+v*)=YyEZ0tRg|9C*2@FSflP)t}oNXbF=mZ{w80O#lKJ==AorYM+V z8N(bRqTxD=$t>ZSb(zdFY6zHs=+mYdyKWRWKVm-$g9dp;N_(BlO=HQk{o!e4cHb(Y z#v-`}89x3pne#E);rhJq#;B8(mQLL7W?#7gEZJ|>w>zC63DBaZ0+7%&9cXeR4kWk0 z?w$VinjODF|G>ySYXw)VEob{!Q!Wa_VeJ-o;GEWQqS!S4n$<$A6HB_$c_}^CVON?qX@%|GD7x` zRbbV}f>$d8WgG|5g*KVZ1vRHJhPBktc)s&6QyM=2KZ-CI?2usfdF|$2GuLM4e;ZN2 zZiqxrs|97^IKw$}?=mHnjfqNOaKOwHj>^&T`TSAJ547Thqa?}P9Uk|p;AR8;bVxo=CzP>NACyISL@Zz1RlI@8G3 zbW4J5ArWr3*)GL$M)XdabP1@aBrH6O8X-*R_|hff14P=$0)Jm3H;`nBz_pY%3~A?d zEa05EZnmWWD^Mjt#Y1JmOU1Op^ZL? zN7tAmY8~gME@#gy3awf~MJNDJA;$1Q;Gc!4MnH!lu680dT6CUO;t;t*)gy;RrK1)} zXCWl@c%s&6mr;j0XcG}wYz1&GaPq}NL84^wh`qm>SYjc_l>{xkU(~3qlzEeJTE|&K z;rlle2qiLw?jgYzb^(9mOjWYwKE;Q980z7!AY>{Q2yvPVtFB%q;G84yKW%-eRtzRv z+S0fAh?M_#bsEehYH~o86zzFX*>dR1?s8}a0w07f8n|&IYUfwA(14&`0hI+9`X+OB z+1&U29s++6HYUN}5ELYVl^ldt0RbUpXsp4IjBpV6{?4_}pt8i-`OeSFc3Va&$<5YQ z9m#CR8)4c2=%j^9A@-Q6rM9h5aR~g_z9nuH!EPaO0r$eB_>QevJ?`AYU;4BN+EP99 zorF+HX=G=R_=t@#XrFcva8INWKV0g#4lp^@=4*eIw{11PhNREc;+AchN3>!8n8#@< z1qG^?;J1g(5bHut)O#rp5;f!-v<_}|f}S(~u;OIGTrV3qS-qdAF^M>NY;-l%AUso> zaW@PI<5+qYCA?FXYsC2eRFze@cvoOaDE!LbQFL`blIf&2d7iy%2zN>OWL#!+2&M|k z3;xX`F{F;wD(sow2tT(Ijk+`_w0k)=03Nlb6{w3KR~zu~vH}{T(I&Is62rIA?mWCJt?l*5*3j@D=L%QUt=Ml-N<6g z`4)1!kTjvy_F3;T!Yf1To;XA_{~3l7J!Vo0mN? zqh-RLj1oKKkEsh;6(z3ql|>L&=J-nMXnZO(p}GO^6j^tAn?6_{waAwb@E3tnr@#bH zLata-&yo$))!UCp&2?U5&>I-;y9w6256kR_PYw;fJdO%h{|NcX06l#}L(oO(qB6FG z7;xS~S34B73K?y+@EqY|NwyYx&U&f@>|Q)usE*X#ra1%__yorjdM zBw4R4;{i}@ugj82oY`vPM2`b!FG0DC6a=PA#C{&RyFC%6%KalpuU}CW0)f_u^J`6vrX*RHhhY zm{KcAYnPDt0!O-+YB<_c7k=9QRQ~W$b76&V{r$yRh?zpjcOk_x^_eQzcQ;cBhYfGefPClKDXb>`|!vFI5$ ziV$>qh##!J2$Yo03f>;g3V14J9{}E8ps(?f9;c+HT8oQJIuCr{`GRqSln^3<%HhfR zf+@vagWHM0gUk3J9(xRASBgTD6HP?~ap1Wq+QJ6xDnE9T=0{cin2Dwwm3Ol1UCphR zUtm2&dfGND>aP3TRur5gQHb~c@WaP{ZCD|zmwYN!G)T;0N$}gWM%OPoEyXg~ohsi6 z`~0c^VVnx^+5=qguxMy3Xg+cdH8hVdtmZe&HBP-?HTc`-ZRgSc|aE{{})U_ER$QV{q8wJOVF@;i_o$}7lx z!3R|W=3R(er>l>Oa0Pd1?z7KzD7Ah4v^M6JGK{;FogE~ ztKO8OQyu-{q%^?qi#vA<{%l3u*KW6nnHPj5P}fS`-<*N4wG_HX&@AFs^Hz8raPHw^ z=p>sjgH*$H7@*}3U)$W0A26g`+OY6~S2UV8s~I5N`J^YAtO*fAu-7yP*@bx?O1b#r z&Qa|@G~?Mw!_uTKZ6`O)r~!{BrX$JkY4S zE2vX9ycI*`-+Zr01J>hwDFbn7a4i$lr4xbeYO>BQwnM%m`*MQJm+qk*KZn_;&La?_ zy**qg+ruO6K<_FTXyr*S^qWjx;YQ7srejQ$jbe?AEab}1F|0h@Q829KJD)&{&v6!p z08!X3S7?|o7dH|)9|VGz%*{|0ipz63qO`5S30$rrex6CkK_+|;RiXn05kEh>8BuVH5RQ-D{RB0(`G!zKrxY~KU0F97{2$Wka7DT(fais0RF4CvYw^nO5 zTSnG*^c1ijTy^wVOCq&~c$ZhMBd@uPS<3UNr&C{d#$%*kr;P|u=`Kb^vP%`G<%<{8 zX-(?`hq`?zxPbwo&E}sB(n*}!q0n{?j}ih&PBC?yJt*Dc)^qEM62|Nr5%w4T&lFcS z#vv&wgy~_n}uZmbdF@krkOYQWwQe^?YCWs_$F7*<@ z1_F1Mk_QwnzO0m8tEnS-z*+4iYNT!Srm>?agoQYC)akXh=rbnu0Iaj zpWj;bD>sX_mky1ivnj?)4u;daXO>cy;t@;glOXH~F@ZGsQR3|=GY$t?mG_qfvSF%JU(5Nt1jtwEw{;(EuUTzSRz)8-3E4v_eKh^H#l(1?}eh z3;2DSksC`uGET!YU9FnARp(SPV#U);RV*3^u^L>_^3%LanHhNHZH07+Bj}+bi-)#1 z^%ZAYl9$w8dE0m%ilCYzu?lE9M_)}fggacN&XK-ltEXVrrsIw(i>FsuCx58lns*w1 zK>w34t@)6G3=)^|FJslIH;H9B-`UfSsgf@T^*{Bcw4B57FJZ+CrMt(z;@RB}eU;mS zx&$G^!ye+>u;pCMk;_vymjIWx+pP2(SsPq*u7G}hDys2(f=l1GOx5J@y-x5|_~yS8 z*JXY0X|racMpfj@jdFmlmblp#iQlD;k+&K`rWF06wRod!Odx|bd@5(()t7{j^Q?`tIB^J z8udoNi^CTJ?V;q9P2)2@$1nwPQh4v6Kd|I8r=~;OKuWLD2u!8;B;z#G@o(6yOx<)_ z-oX`2lmswPh9;{O66&$;lwEn3_!`()dj~k#``qTt&$osgx7a92+aNx~KK+aevK zXH|)IQs5$1?X3rFgjhx=xz&Jb@D?N)0`0j&NL{Y6fH<|%u}aDD?}j8F-@*gokV(xD zzexg^?6^x6D`V}X1HH7MOhMUPXi-JBUv|GR>9NWeW=d%D#K=ADs(p*W-z54(0mp?? zg-iszV>_8R)-4PzQ{depwpwM`e!u1`)EYLaYmr=dJwB);-d?T(?MMacn8i^L!JZ41 zEODVvA7Ffy!6T;+aXjTfRO_J77wQ7#oj+T3$$JNxb8mQ}l{|*C0*|dO0$Gc|SZ(AK zZgL+RTTWYaKSlv-D0^*pazkfyZPM?7W$tav+W6@Mimf)E5kme2e=olyarU=7=B%^+33>$}zmPn)PdB z0j2o@MdOQHypko9?Y6CuyE4rN>Qc13a#M|k_THw@cS)^dU;9UNo>h-u<5^O&M56fzuIc8wf7!gqfo&_Z5PcQQ+mTw&Iavp{mJd^rrpvowzEQ=R8{D3G4A( zzJ}1W8@NjmTXW_ZhZ^`2@%gIwjLSUg!@b|KVu|oIln@!OS`RKJQdW-;x7{SS*Q$tf zMy0QD#$?u;hgz=P*fuK)6#{NNPzU&O9>5D~%^#<2m!*dYH-2UMX$ZH5W(t@ranE z?693GwT5F?6&>;7(83FtqT{CqL@?eHzANQgaoxHxSAqZ~(#4+nK3_5EuF>+;Rhz@# zOM7)=-KNoR9z(NzY9gpmwZFl$TY9p7K9F;rH|_p?PD2QqiK4AP{1Nn_hiB7e^wMTg zUTpKkmv042^1@z};$4*_U#Iiyv4j(8wql{_6bjWuQ9f?QUMqT@EJNG7N21JXj{RyZ z+RpmMsIQsAc@uvx#Npa8%1=~j49a*h&Fpswih66DAeHEGm~pp^jAzWVdstI$!Yoa7 zXsYv-K3N})@ZWhj1;nCY$tXcfrNO8w<+xZiXAfjM@jDu<$m1Et=cP-s6T`4=O$|lo zLJ2s&K4JL3pd7=KY42^cXe(P6$qN-sb9%W?j(JNJ^c=>2f)pKU#%5>yxr>;s^nNtO zFN!+EzJ!HFLs~pL5tVWS25P3d;hZycs767=TuT^maV&kyG$NB#Q&%KE4?)xRg$9jg zz6!`#U$A67F&{eNH9R@?+Lrn8)GszZ>}A~kk$Ix4A*~x`nE2YhD9#^#VkmnmC&}Q1 z1ssoXG#b+*sw~BFa~EQylRcB15NkUCDUGqC<4u!P%0K+18p(-AJ140d=AcN^{iY!N;e^Y&P9T+6?8XG zWL+iFCBj_m}p2l(6F+M3%Xiwr~D^;!4)7Mz~vv zk#0sinFGSC*R`&_G;$m;KS3wwPk$77-=4fXf7=uen>?xmQ^iQRnfaV3_*{K7gsJ6b zL}t6`cdejy#XMNpDK?6BGD)F123-{~#VM8L?2I2-r%ktSLInz&Vf@5MdalPEg>Su~ z<`@v6Z!PLTGxdeeaY|zj^);GY{prFm2u;&EFHbHH)&ETO*Tp7Ss1i^zi~>WSrc3O` zLM^R-hLo;E;fGrLTIdE^*z-3WWa#N^ij`y(^P-sL_Fhd&ye~8f{>D0ZI4)O{hP$p{ zyPjkqWZlP%T{{jszn>+G>32LRSXTv$ba)jLee9I!;n9GRW+Hh%;)<6H7^$_ahxj@> z0@#-;Wt<$avm8ba_nwAf^hYHv0L*Du%pQl#gDN%`)X0Nb zb~7ZlzvZF^sseJsBwR)|ur7%AtCq8^?=JWC?=rbUq;IE+y)~q3myv>FDW*-=5K-4o zg-=lfMySfEBhNQd^0vL0v=hEGk8#=;ZkQZnKg~_NbT+jY= zF(ib3q+l?vaVV6D zJh}a9QDw0*>s~d((MI=YUWv(d$F*T>_s7p((OgXX?}q)NkjpS;U~r)wIWK zlZ2fqbw1E=*gC%n)1|k6#gop1Vns5#cb&uDE;ElBs;y_Rg4q*2?l|5F8FR`hZq8~2 zus_`b#*g_-wOOw#;udR-z&mHvWeCwgvtQB(OQyS43j+JY`BZn9pH zI#*j|8HI--G^B(ZW70ARu~>8|)v{O=v!qG0pJmj*1*;vmO+oB?0(uWe78_A8hLhKD zEO6h4XXK$;vZcAA98SHs zC_D6e-q7e8uBLXVfOHwzsjf~$=-!%N-6^x%U9HSBE;?}BdmQmOa>bE)pP}qkU`N@! z+l&v8^QNH8-~Iat=Wu08SQ zpIT32{N=@Dc_FO~YpzPuL!op|8E&mW)dEQq7I1 zlf-!B37bQlUoX5Ob)7eteOhj2o0juEweFw~nr1-uc@lUArlmYq=vd%m(ROWrbKdS1 zGM44l!>*u!!x*DBjCDBaiSNY7krzyTb5!Hs!*9fx?fVJa2%83c+*oKw^=a=jT{I~k z{OBu$UR~_S8xZOmZ)c6P$hOBNYAfk3;OJ(8##U*(+8&&3{+P;fo$|wZ)UJF zS5ZSt8?Ln{_KokFFE-F(6M<4JK5BGsqey^UkhS3$9fbFi`#DhtHr^Uqom*jx{<^vF zcBo@PM9uiw8;oSJaB(BX-sLU?l>|jHv`yQZd)0;BwkkC!l|iOZ3?GKJ>lrUwG*ffA z48!Ss;q3$L)S*{g6sg;X_V$2dnd-9zo3pm?YSI{jrkW9xjhZ3Y5HN5 zt@mGy;gu?u2}N864XwW^9w|8J*@1{OyEt!~x_7$Gp;n6Ljc~Jl)4IWuWlRf81?bP$ zR(52tVk+jTHJB-s&85TG0DM7zQ){+-vJFuvK(uN$q&{rJgc-@25xe7g%ZA~3MfQSs#;2uP2#@{WIW0>@I z3V~7>=SGfaYIb|lu@%RyE4d|U=gbo2sRmtUnefAXlC4u?{s@uSApI!(tXN^&v81z0 zstkt#p7$oD_SzmRmXVaTh^Ik3nC{uVD)9%HgY*f^j^!Va30+5m{tzw+5tKsOr%MxCKz*it=Ewq_%2R#eAqvpLiTl{u<((W(ZW71sG-81ifc%6n}Cs}5laD@{VmE!r%U0eM)wvkT&|2! zQ*|yv=`_ipoaKdAUGWuS-bA`)w{6qkyTRJqdm%}~!2l0^#9Pu|1^SoUH)XOBfH=qK z6YJi=K{RRo@sVwLW2hj{)NoJBtZ?^AA-_%I!&*lkyEK#$c&)JEQE;aYfUw%arzR+> zg~kx2sG=D%Libl#Ad*)7XEWY8^vkQO9?9$Dv^=5=1R$-GJ?+(<#Op}D&T~Ne3RALh z9l&_kbkr0w{6Uu#SK(KCK6Qfs!xq!2T0~gbbK!H@Vj#2W>%!%!GXwDT?vO1A^juM2 zXyORNW>)_w2Eupr8C1&tOv|~IXU4|7jKRhgmxlV}M}ygEvM1(>@5{y2l|Ys4C$m(k zmq6N7&K#%LU#`=!)TWs`x3+_XhYZ?L7HPz8vo@mc)lZbJiEo2i?XT|x$@Kacx3`8< zJpo-u6TQ8D5m;T@dl7VdV`=wAGYNm5{+ckPvLpn-V$>C`&*%|^FmptQzxjVbuTGJVw%2Ml{W4c?fK5S2(t9oBJCiC= z${*20o`kBN9O8=XrwJyrok5DL1%UL27FVO7i2%p3GBa?)EMcK*ZsRc~Vw>3#Z9KfZ za`5VA%Kw=fFOoVEoJC$I$0jN%CCK2sSvlrxDok-H3LD1~JiKiwbe=<99^F zZBdaL?hFz|tYI|7=+V|FXmK%$+Ht}TU0YR=@TTnByRn6x6zDsJt=J6b2iH6&RgqeV z6-l8?%QQJ8J<&LrFHbF9)`I+OR73?W*7sMuX}xhjQ`7w=kA0Hx(|*??*{NaHj)TH= zU@j(#m1+h|Z9m?OUCQ3)c1WIL!eij9F6y znZGz=CwH6@)y|z-?j9T>-j}{vcnym`QMC$5yDSnSz5;bfKK|pqX*xU; z7KVESZNUvaWu2OcTR1R633pRFKG_<^nbvt zQJ1qWUZKaxtg?*s7s-vCVVx?udE0>-pF10Zm6IP6u_9SpgKjAfIdM%B?GR-r@X2Q^{UhEI zLaU6YLV-9-Kau0%v@;TR6u@2cz@L6OCC&tg2lvNJ89nd7bjw3GmlF;2#TtlLm6`G5 z;roQzfWRXm`9(#+rD`MsZF?0uFU(l?d$zG!3O!3I>wJAQhsxMU=V#EY2*uw2smqY>ULiF&+AM&PrQQVWv4jpZd z_GZ}y^hl-hx63!@%j#hKLtBB&Lr@$^nKk5LlvaHHUu59y3*gSpt_q^u z$=~2V{9t5rGm6@o5-R$?xv^xN1xg64*k%a~et!@7K)`tsnq{c{ZTrJ~CV@Ss3}qTJ z${$~lk!$hUHSs71vHv~X6syOJ*N^;%3%khfInU?27$8(2hcAjZ%3x}0>eZz2Pp20W zNnD6R5twR$kbWJ9NJOM?ERhDyJTOSzWjG>;!y^rve)wjp??X%0k)xkH-BuhE5s7z zC{a58O#$}pk!OMpipwY3b=G%`he_*#!~a5HHzoE5y{YX(GG;-{K!K1TmLlkFzs;Ly zXu*;;eb_-{Wo1>YKtbH~ClYUhChqN=5W{FUaz*G06ti8Ogp(#rM5Lr~@$vp`ZOt*{Rd+-SeKC33amtoo^hy{%9J}Dp8h!s33V=JS6{PzJ72M4Ek z_UN6WLr&&_^>P~5T&_eRzp#)%6w$TgOHHElnCZu1lySI0{ zOK5MM;JWn2tG7IfNHjk`KYP~9#>we@K0d~`#|x|L*gTRV0V;0Tzgy>F{?7#f=7#pO zrx!C#60~2pcU07bSHI$FERo?U?d9Fw+kAW-)o8N@O?!L$o0aSvlUakBYUPJV;1_K? z_b0Y3)-4+Ese#O_2C7OdmYqZ?X#mFCtt_d+cD`V*1RP_pA}`R9av$HG^{8p+H&JYI zxR!f7?B!ACM$*fJHNq|Gcj`PsQc>AWPWSZCX^lV3?ib)?n=!mrFnqQ{@964j%07!+ zEOoPgACDPNa&!zaD7TiCcf`&Y#;fy8X6qV58OT;k>#MU)10xoex7K@gN)t^R<}s%e zUB_#8FNLdj9*xcNgBf4JCpd`ZDezwLF9>{K4OnZ1D;^x>CHbnF6UV;MF;knTr;+|) z@%{$su~4(`dE@z`m4nOiZtQ>x(|olI+JcYYxNfx8(21%^i1h@w0=oUf%N+*?^FfnR zm==TEP*2Dq^IP5wa3FkSO6WhX_1;5S?f3{BXRC%DgyWJ76@+j(Z#NiZzk>Onlrq}u^2QIau|yr&{2SWGTgVYKZ84cbYxRlJ91hUrp zr#QgO>MQx8;oGgRw1Iuewkd|tPWr_&2_&DUUaZLz%p{NHc#r!oNeh8Q3782M+ed3a zc6WSV@G0_axm~(15fc`pYV$T!P`9p5+-9X=}S z^yQHl44*K?{UVriD1P3R{wWTZ?fw8kcB)2TZKYp$74zbbR9NPilg{M*2PLK}p^#0) z;_LIp+z2CExR8C9d^>myX_9F%4EghiR7| zsU<8Si$-tW;aWaw812#aY0#oI8I055`b6~RXfZC6%Z<_Xl7tFl?N?M}oz)b@I1%UO z4(ay6Y#piJz7-LJa49ORCm`|zH|_LO1D0o)d?w}V_Q7f$DVKKE*yi$tn0q8}?O1#w zvjd~)ff7eu!bFjFo!|6Es2(yYnahAKFA;ZlIF6Ll6<(?@4;uTymQ7PFV&j1N;_`Ql z{-buR%q9^#!1p2>vD5|7}SX)*_6o7<~$Y> zRg}2C)S5kI*3xjv@7mGnZypPFTGbJj&qtgV5*ds)yoG0WUUcK)fmt*r6z(9eF})ZjGH=j(C{8(|7YuT zeKWWwgm;B&uTV~zY$C4Hf4+VVT&$-)&D`~T3d_7fU;19f$-`JEk3b|$QL7dfG|WY5 zv&j$_YbK0}2#7-yVrH{&tasH6ghMk8A!j3k6opW*I!j)uSCw0!9!|Do5COEehl|jl z70-HSPcJGHnHt~oiIfa_?ctT7Ze+i%; z#WHwoZf<1d=WdoTiE2cqKYVoDq@YRjJKRX?NrV$ZbgY1?lUV85T|f=uyFSV*OIDfR@V-&Lqr&D+n5o%MxZ1 zuGQ3cteRJG>!dh!L&kp_5dt`JkI!Ru7A35saG&0ijKY?gJR5=DL`6+j_1ipAJ;o1@ zLG$jwuAR(<9am=l25t$jlw_&gilcvRHP=pto-p+XF+h93GQFHroBQU{8c&eR!dSY^ zt98CVKKIH{8ea|4a0Pv4wZBgTUE zpFQc;+MkZ@Xm4ZC5Ot3fFR@lGE@LXnH)^gIrmGvqcA>D8FhJGbUdSOo*hiHeBg zPGpmYvu3|)XtWj#vU#3$tAbagwo;6MI>i2hvMYm@m{gVARTJoufBc zD35ygd`pQ+af$K4{1B55G8OOh?QMkKHOE~=PIXRX8~YJ}E6lRM_TJiRwrr3Ja0xw& ztSe`e8MX#@wrf}{ljSx{R@50lu3{oa+G=iPW2ao>81MvT%dGADq_=(t(x=H`MxBr8hpJNVTd zN5U|8A8MyqO$b&qQ!c`j15)y1M@9-OkFgBBcO)mdW)OQ?l-!a&PF`n}!N6i$coo$r zBVPcr{(~E(bKRpty7H3U!WBo6KQRhs!cW9!_@N+na!3xf z_G^2Cx1^eM6Q+34^>4;A$D+T^URk8g8hf5bJuL>zkZBQnsqMI-3eq=2YmgWRo$#ZA z{7E)B8QUUuOls)e**geJH7U`#EQ$9|v#)`J@$7k~3Ue@SzkiUxJ|a)$V<4D!;TNnd zQ>D%$bp8HauA01_s5yX$3yVA!t?8#MV{YU{pA-k9weP10y7;Cfy26YY)ktl)b26)8 z>!U7XTsYy8)>>dMaFWtLMEo4`ZGO5;6gkhxeau^ob%EQ7y^bZbC*)hK&s-k2!Hqf0 zMd-@t#oFk_A$y1vj+O}#C107)Rq*zL@oP%`5e*BkdI{n7+IOiiJfE@K+V7?QYQ)FXWREb66kg=$K+#yJmgY=GN;7H0;*)G9f+h)g8`avHLqIqyFlYg8J8b8!esLTZx z`6|So5t7o?nnV6BMfS{Gj51_}{$S)Hj8m!gOev5pcp!%j-r!vv39Y3!hqj3t6*`)Y zXTWtCxq>4lv2^w)FBXY@AydohK94AJqX(_EZI}JAiQAi%em$Rq9~lQu6I~@DUWz71 zSU$}5MZ}Ct$PeWAjiyHeqqr;5NlCY-8#rhhi;<%WBzJOKu;4ajt(%#0s`O%5{*-=X z=SU%NpZ@Y0JpNG!^_u%YY^2aMT+;=GH7?|!BF|*zk(xm4-tcm(tfWU+JlI|wty?S}J8p4bb-@i~hJK)Q+74_3;FQk*iF1kI!UV*~GGf7QL#ny0^2 zYU5Nlr|+dcV2rg}9Id~RcFy`K1SLaA@?=(%YSsChvCl}d7pBmtR$R<+dw*^}<3WZO z?JAa&&YLMIpbA;)WMTYeVnWVsh-u)qB79BHrA3~EHhxvKRFRh#!z|#7?cq;Vs^XU0 zUGsV@HfYT_1S&Poj5AO51BEWatPD|-Y%x|>R&u{6FKRGp_ar4^%k&omM8Xe-;?u$+ zmBtNuoLZvJShQ~VT0-~$WeSqpz0H#+qDj37rqh)(QT6F5O?zvfXxCy^o%`^zKljS$ zZ+dN;brarqjx}Ct$P-c7l~%7H^(LSl$Fg>Kzd&?WUrUF$s?!dQSp-7DD~-BR)pl+k z{3DKKzHr7|xfsOm_G4HwBN1GgkW+qdPhByS6%kMS&w*LS6dSsf)|q`qa|5KFL}`PU zz_wzjx!qeD2S_^PywznS=e$I$Afx-d{)IB8jF+#Ji5?Q9O_WsVt|U_K}y4N74mAv-6R=A87<;cs7u;z+-+N+Nc-wxL*T=n6cI+2dTC73VQ-Z=7kQKe$nh&1gjV<@so&q#1 z{x)AvnY+3fn#Ne8_Q|)h=D4y%-lxX0KrnE6xBKdo!CUNaZK5Mcc+|0OceM|0CNU?7 z5TvHVzQ06`f>wR<=lzI7hR8_Qe7@2dBF%4PMfnQE?JyCpzxv>x!r~c#e0*VoqofAK zK3rhOT$1?uzGj^{emp&^fUk(x{+Q(+4xouXgZ1uuWIAeC!UbO$s* z1G0sRL+S#|YORMITPuzPO=>`H2HX`&)MMbq37+Qn>~Y;dfQ@4g^a!eg*Ef@R96>2QQS=$%aUi8<`D7f5@jMDuHLW+T?qaWl z@6lTMHR<@!Hg!N?beM;(LJ+7${qQx&i}Tm^njoaJeY_t+_sv^208SZJ*RO%b&1pP0 z1ff{oPa61tadu9@y#)WZ&yLL<+qP}nPIheD$&Q`;Vp}`5ZQHhO-~7)xb?)P>y7M$s zHPb!wFkRj2yVj?1i|!+eGV$+8^(+Ou@;B3Nrx4drmjuA>BQ7EXl48e%Xq! z50RykS1G|4g%a;EWS+HDn$? zX#{T=8TtEg2l$nNODM^q47j12Pv-&?x4(TOt~uxMd!@s3DN&yOB+J=IVmRy^LLXQ6 z*Zt!xPc#JeERVCR=d2HFi`8&t+hVOYXDv67!vbG761TZ?707jkjBd2akV;=?tx3~I zxOws+$a6!P-a3jCm~ca>frxTV9t_-7l~ycSm!N{u zX~GOSHdt%K(HY_B0auOGYbs0Op4Ht1-)V|4mKmUL_OUb4W{sfjwfQ;jx1IS@@r zqIL#JoyRn{gCqWN$Xz;_As_}SpA4YUSy4iE*cJcm>ZJ7hP}TxPE71#eeK?&9n^}vd zNKub7Peuj#QOxlBa+ncuTnYF|@82DtuY_^vW==_v0SStz)}xs=m%m!xO^DO0WQPo0 zcH=HN60UCUkMQm5xogLPoBf%h($paTy0td zjOz{1ZG#qkV@FZXk&R)D=wR|Z3gMHdpX{n|ysR`Q1i?nGMO`rN2r zRs%ObbE}q!=t7IyOuB$dZe{iMY&+kUiBu?B^K149yCZy)6~LMRR(o>QVY227m(g0j z%=?>4+G1olzf11-nffS<#&q@}&o3Ih1Oprbj@wC7yh2V!ES8R&ip+7r^bGn%Ew$c< z*Ag0Du6W7DU+^=Z5E5|xRW{*mqP|_lqq5yHJrYzK3wt}#X+$bO`;kO(uL`vS8~O& z#y@iVaxc8VR!O4et%B+EVgp4vtFHsZ!te+Yt~nzMj*GXoT$1)C4_iWkL%PC!@v;+{ zt?B)i)O>Wf0N(KRS~MP))|344i3Acitd82KtX{aZdS4jEXLiQibLYFp%$`_%`C@-< ztfv&6x)h*Y$3OkSW2Rn590e%cT`cGKSXb)^HRoEewGh6=B7tctFo_(8jyqxPymi=gOIf zUiC)zO8-E|C_)K-20qM>)@1!UBUCc1t|fT!Zq z+OHLaibyJfcyF|drl=b&s7{<-bbNT@yLc&YFH?lgyAp0(%=IAKjo5k=CfgP z72Sp4zUi1PZ!M;VYJOdEc+>N9am?>m6+NrX^Y$DlRP5S<2zs$V=+_G*!>pp3F{V1=w2=e*y~@=)GS-mL-7+3I zRpst^8nkZo{-~JAR+VXyxk_r0W{gP$pK`!(2~IgV`K?-{f~|8!2;VKZ8S>f9Xz}gA zue+$tp2YpjQ{`ezm-AQT(zd?E6ZcH{uMgP>U|u{eiH^F+z}U@`8%vL!Ihf*66KjE2 z_U+s+^!rryYK&zO_2lMT|Ajw1xO8W+uK{pA!1Y2rEA`p+qT@J8Qh>L)j%%re<*GM21(MG!T9!y_evcsYivv8H3-X&jaw z4!QuK)l-2H%LXhc9l1SM?6A1I=&5{LXl?<;&fg ziV#9@pHr6_(LRSO$)Q-W99u(mA!|sHJikFfg$djr5^)x6<);TJs748N#m zXx_OxQK|kDd8Nuqec8l(y4Df2^5Y$fqpNt?*H1g;C=Ng*_`W&nYY(Ph)ABR_ z8V+usi3c&|(_!rE<4v1(H0!*@G~{ zeNmfs1b9BR70Nq$9+iff=Jpdz6n>}~xkD$1!Rj&mD4ya}bP;onc6?WU_qfARE*3gk zp#*VN{oA<IsC(Zid34YMxzFrpW~;3~yk><#XhuKb5vGq>oiA4Fygc63tEv{zLJnM6JmVkAhM@YD~8z z@DyrHS#ztcH15P{KejlGj1c+5<`>7th}u9gh1(n0jZ66&boYel_hDsd>UTYsZi)+% zyyBag#)>GPP>Vq9dKWQ*qZ81G7`@@AaGTkZ&nQhYpOwA1+VhCn?|IRUlV`fe@k`cd}z||cqf%+a?Pn0>2^Yz}^L&Nu&?Zki1yr?AM=(WCn?PQ3Xk zy_+BgAw2??(ev*~Vta?WUUkd9vLNcD#gxF}hS#Hy=J`tGpXo4g{gpp;zRZ#%fb4&? zITvZ2P`TM6VOknY)=&a0=H*%MooaEYwP??r|d*H{#4%-t7h_c#!D#+m)!Os zIWbmV-3p}TV&>HNwxM}aQ|7BPYJ#uESV2rencA(iH=L!^%ZY;%%s|@ZQV~t1^D5)d z9JSICvkRN|ucepit{8GG&)B@*pfy(doP_l5p|g6?@bI7Ar=jLDS5wO=*$96xiJv9= zcNn-pE1K@?t4)DQ0@H67c0*QeNNbjG7wYIJ+*>Zx=40WMH;l3g65kI~7QsRQ8NYJa zsxOp)awq2JIh~PSb=!|3O*wzIaPTfTU#e;Xmd!;S|L>0$t%k%gk*75p#2mivr?P^= zi*&r{L~8uW(a{mB;Q*wPl9JwuVx<}iHg@E!x%ZdTv{3F`2E(Z}4`jQnyEPFVVH^vV zcSLeYV)aBp>F*8MtCmw(cMKMijn=-#VaX9d@{W)RW%{%~>tqxuV@L}NE1%#O2J26< zLNYp*Sk#rAVJ1k-Xh65n{`$=YuV_v2)Q93r3iB^4o6@{exEFFL!`r^m9I>S3MikaW zd~?e!0em~`R@dtddzoa?<_LB!F&`Cpdj`TUJ~5TLD5**^MnuHa zba6{dDqmmUpGqW&Bv@TmV$1Nr06D<;CrBfTeS3#cY<$XNeu1V`3CyatS77uL1-X56 z7LE=qOw~{#LHG+IV;&^1q8uK^zK@@Z&ORDLBjCtv;7nrwJ|vqz3BM2mB$YxN9XlkW zB?Zk`3suS!c;hh5ffNTP38-1W{HdYtTwmuX$C9D~E`IQcfYcykyk;d--);zS^-QcRD0sx zCstc=(*3x_7l@;NX>ti=kGN%hA~Ght(Sy*EF&P;EN;OX}D3;2=cI#9$`RIsHG-C?` zX(VVqTgmRolMjSuvZRd6!1D5Q8Zsa*j*(pCj)X34Km~hRPqA$2U7<$Apo0Y%6+W9M zMu_RKcUd>mzE!}gN16WiV9CUmPf}Fvd{n&wCpfSnb$%js-$pAyHRqe}4-OUZ`~G%xj23zA>a&IaoVl>7wP{-rmgl zV@rGcw^dh5S?e$#r*I5Jmd(B_puGFa(? z`J-n8W`X;v#jvRx0Sr{5T&y05YdLBOO#n&J`(XIunZ&k1^=$t9se+mHp3_?83NDk7 zQh}S3u%l)zCzIQ~Nnz3zX3B*SK^_|Xgj&E>uJ~b{Q6sk?K!F;(?|M%Yh;8a_)d!+}J3 z$e@1Lehe}RoShxF&tNcneA2tylE8SZ%1JoG=r=X-IFqY(@x|)iy!q^T1E!TrnqwHO z;G+5FgSjej$>iV3BBA3am1|u(bO~g@MUNp$3+5waC|sz*ez9uN@-N9~I&IzF!vWLg z`wLu2dNxEL5*99yHuMQ}=-mO^QI6mr?8Z^CxT97rmyW;45Zx}0%hF+ufg4ABaFEz_ zh#aX={o35&7?n5#S~*Gpbo3TnrTx>wx?$4%nS3FSBnPo{d@%A6N-fSOaZvn>X^XsikX+j` zCoIvrl(Ze$W5K@vvH18I^+u+%LNmRPw_RFK*Uq}1JXYeuX2uDv;|gQ?KCe-K*6{OD z{AhCbLv=t{YxTg&VofEDO9ACr&j*mxb3W7zR1ZhTyawlNm%E+*Bu~(o6MA) z@I~uMBdN5+{n?zLN%#HKBqq4~jZHXktyT9f3nEygWYDPf6O|m?wcoMlkdT!0_@dbB z2K^ZZemHL$27f=z*uj^+O` zGyOE<|1b|vmH-tkR`9{xM>UI3sQt=xT`JA0a8TYQfi(~zgG)iNu)ihVrBXH4HYgg$k&UhL(> zj-&Q26MN2F2Ksy)|1%{j>B^AJiF)c*dlaMjI6`&|Ip4=OoB#K0ji+U(!QX*mLw@-d zUDrCemyL_r{C4LjV+c0m?tVg{JBOh8Wi#yuJ~|n_<#aqZcL-c{BRC$AS;-n*iGrOc z-Zx22AEPgJx8IwwQ2)(pfv3L_>Hx8+`Mpns6$JYAPhWik?g^hm-mX3==st86Uk~zJ zpC}mN5!_eAp#*8Wo22WT%#hP(hagx_zI&Ow<@Ar5N&@7UeohV5R*c7e#vV4!ZGWpU zPRCi~Av*}E)8~%f6lko-*x(|bOEm9$_53LU#bq?B9iz82mb7a{foz_4H~(K8bIBHm zzn>}6yWswT@59fIBN_CJ1Nl@kKzWM?dJTbl#MkN?^R_YO2 zSN(cmXN&9&w(fFvqn@URlVRZ5V$8=O(1G2}HVnmn15r9)U&C9B zW^0$PFqL7>?T=r4Q3gmixtTw10b7>)Fnm~Mj_SO7;H$$#zr{*a#KnjulV-}%9&pjU zp2sa%LjSDX2!W!0Ba8|=kB%)=X|aw^UmA&h`24+D((-V>z*q+8x~KdTiWcH*Um89} za3WlbGNusvd?RJT%D09jM^bO9zceRFwIrrt!V(Ul7w1WV&mx+G!h5AsEYU#(qKZb+ z*Ozy;MD3q};7L7&P6NNa$q~IZ?Ilna^6F+R!#QrBM@4??WQR7l=NKXxQON*qEBMQBMMPF>&1fEL#S9)$S{0t=`zh3LB8Y<~jEJ@{}- z{HTA!I$S9dw{4A-JMaUWha;;Qg`-+`Nft7#AM{~ZHDY?lFNY8-prxIE%arShz$-Rd zy+Qs;DX}orQ#v8~+*8e-5hc=}g&*#s#^`zlfy}&wDDXE}dxFqJM#bh8o~O4r@3PMU zE9_t43uOOL!`bDWK74U3zlm7Nw1A=F8pJ-lI~@=7KMo5rV^4g8YP&*^hZXDSSYdah15%s}vpL@uXGI9o=#dK1cvf^+{B&uSY>U|I3&w+vxTuW%*kaZ|YPC+p!Yy$=KMvgUFA;Q=F4=$;TB+94$H;{fV<9 zyE6&L$QXhb3SC#7iRCo*!rU{%yy74X#HWM<{;AMk=9KS3$JL$ll2xnTFLj~9R$b)W zHc)NTxr^+|`K0Q7bJ>A`qMV!yl}If^P1ieyR)E1YtvP@RC6GPu9*nJAcf zM7BBxwVx@e(Bk@I1$P5SuUZqIIUrLlMn*jI2Y{8(#Nnz{#4Yxg^K{Joi>dbX+NgnGwz(JEnlJ-42G zV7@m!9QONC!8((xbw1Hp+OW^N2Y<~Aph6*M^!cMJ2QO7inNuf7gH+ z-Ho*jf?FMxH9$^$b~nBP?tSveD9+X)n)|yyUC_ki_y{|*^$F|;_AoG~2dj51f4=st z;ob!kZnkw;(i@HORmyXzmD2Bf!O=`)i@1Ho`!t0oE6A(S*L_^jOy)>7hi+Aa{Vxm~ zr~72GRChgXzRo^Ihli^GotKT9V)-9W)w)|;U%$N-+uuPLGNrLgcxG-j1MRM+AkTLD zmd3rvHNuS#L$+(52i#jQ?-?@7TMEsTcxk?TlbV51`M3GYb7QII@+jwHw7pqb=ST3` zKfNkr8U70lY@OWculyULRA#Y`SLvcOs7?(GiPRZFK+)Rb%=cdB^`*&rLu zS!wJT;L#5GHC;D>(;b6R{ zje|n<%V+U5{K0}5mixDVAe^>Sdu&4?zypI58!V%=IKq8h?)eHzT&w)p)0fHdh}V_{ z!myO8Hc75)rZw*!aM_;9`!aLoTWg&#egVn5-mOvNhG*4ez_G^6eP8B;JhGS=`u-Yx?xD#M?13h{@vYZurI%jI zvqg>Ga_v~=)(7FGX{?El&z)0vMn;Dh)|@_dW^Sd8)XoKB&DmDAoKvjXE?b6M@@a?n zEmj?n=XO@x;TtyXyIdd1N%rJ9U=W~LrKoX+nPSHsurgLKU`?1<28JxN}XWpYyUV3*GWye0-f(>P zgyBhCBhJ#B!WzYXiyyXXXR}7DA+iat|ALb@(?5Q0c+6Ue*PTO)BejmeIX$tSu`;mF zllxVWh5)J#fAW-TWw$r1BLthEl1GO9e-C@!o5{at$>T7RLM|n7DwA!F3&aLn{G72N zu7;7Twf zJ-!6ZpkqOnc{6`Yvpky35RY?63|GHO3_ZlfEA2@%{yjJnHE{VY&82RjHp7BvgBQl= zh>a3Tv%ApGQgJn^BS+Wsu&B?}P{*$&DQ3R$D{S+b4>jFa>=3Mdr4R$s54YZQQcCA- z)vWK(F??WP;P~rD#Tp2NKp03Mmmkm{#=JFsMO3t1a5WfxdiYvW%#S;uri%U4)0uW} zYBG~VTDgMxq2BR)yFCVPgGSDT+*VipUUb~!* zbaGtQhwnFgUg93#QQ1DCyvOPw0ZB+hK3LNMSxU>-O&5d+wU^*ZD%#E{J&@jf2BqBj z+D8-glIJA3n^uyC(f(}f={;*DDvF>#Ych#KDAJL-twA2Ks7(f725`6TsP0ye5)WNL z`(1s)N7+%yT#1UrHuA%yAPN=YAb*ZQgbATkK@s9bjyC#;2psP2d5e(^Utm!}?~-}i zOpWj((G{!EkwjfChy5lT7>(72krx)6eU02a^)Tfn4N-?d_7KNK`=K|vI|~N1MQP+H za@^I{_JN3uFDeR!-RIjeCQvNwqQqmiORSPp5A;+O3?9$Q z=Tus$YMlt1MY!+&m~eFT&EZ4`CX_L;0IpIG^ielfZ3=~^Xs0toz`91an>ORjwI$)5 z_y{PSC09t{X|cX(^nY(qJ`qwy=Z>!W*lWTy{H95R5cjUsb%SH-3`YYg9R4hE8}{@W z^<`t)E|ctv#$nX4ONK#6i=5`u4zR0VMdF7nAYHi}hlvml+*-629a6Vddl3bN{Z5dA z2=_<+8~|isj=7r`-rQ1AZhdmmiTsg?@eYRV#4cCUExm@1_wU^3NIw|3KAhP7=3;6R++)l4JPB zvlZb)cgf0`d`ZKSE~TKSb3F|ouGUXu4cWt}vib7&L);1HmLjEsEhE9muOjuymQi1x zke-=@+NOMI#U9d0V@OuAC3o{ub(y$s+)0Mig;M{? zkIW6iB#gn7QmE<3)9=f6mPh8}`boHLJcmF&R8l2xqX~r#@6CHcj?iyy86gR^3?%=m z4!h$;55qq0MyiYo(^8fs5>X0E%`&qc$AB% zNG=9NPcrMPDpKX)`gnhvzwVE^Cv_A!@|j;YtDTtRtp~Y_>=gnY*|X!jXDror|7n9F z@+(lUA=^U_GM=Uj^EDZxjf}dXrV5kh;Wzrc92pE@Oc>u4xMJ?rxuKI%$om<*5XziR zMW+#pQ0ida(xFHhpBJ+bKhpTxc@USMx&xUoCcfXMntv>Y6M^7JIJT%RenKgqr*_pf z0A$#Lu_iOcoXMh_;X9%kq8tM1+tDrpyDWBKgG^MUEBicHxG;=<{X}#&{a(a7q?^8t zFitD7KU{vGLyJ`8S~Z^NYp5i@1zyo?squIXBDmy7*9qr#y9!H8Ow@UQo8V6wCq0_Z zq5qHQUWzOPpUDpp3zbSFG*&98)xWT0nX}WoA26@sRfLX~D((sFS z^;1%JkDZ1*9_X*PiwJJ&G+;7?VLiGbhdBeR;QZ#|2~7F)s^Z0#?z4W9_8DU_C~kzC zXCR!FF~GapIaj&yq3r&kf4gpcE;Fe;bU$0OFw!sAE!)Vu`0QcIBQ^JZJqPPRtnqW*|=n+~X0E#C^$<)(~`*MvdWbgNE9-nVOPx~Y=P$CSWW!+tg^5kC3R#{uHyOg%tU2pUpB-F!X0p>eXg_n# zoGePxKqfE2J>KxD&Ed5i^Usl<@6!{qXfH8OYufE4*VFzja7RgHR&t{i7Y>Sh z6-_Z=RlCIa)G#>Km7!sUl+6wfq=H22l7rTv5J<&V%EWmo~ubDpM{kO-5>7UsZPg9EE-th_ZL97AsSqac$F;EwEU1r{$LWDWtXl-w;&&?>C!Z7?4dRvr zM1Q{6@9Jwxg)+wp0mx2rtaZ+%Y`Eg{D8d(G9zUZk12lRsIC{KYWW-hn8rcl_;+;}_ zPNu2{r^~>;9O3<%!rdr1alqFXH4;f9mN9c|f&T}P+=Lo8mp*-k2x2JeaX2N5H3NPM zZ0-=6Pj*nlUJ$Q;o2XN)I*k1%lRQol1JQzbp5HnfHXbh_ zg7tgig!fY#wYc<^@jW(&WYPS1=&p+8LoUPirgVX1BaEER4s_SS^nr`jA>0A-L$3v| zZ1!9t+)E_WxZl$q818(!hjeay4$CEA05qIe9@zc6eY$no7q*|P(m*fVF_A_)i!tGN zuI1xC3#@k6`ok4jx_PVD0?cUv4!QC3MnE)ED|$XzCLf3-%=abipkZ9bW+Cpi3btO> z?(j$$Cb+-AUMa#%IgF<*hVxwA{;3YgjL2Y@4htM4{fMQy&|tq+T0wri%PO{Xp^Ll7 z#UJJh_ban?yJGhat_NwjkpnIZI#nP!XZ4oYKUlYl4w+fQ#1LmL|`j-=(lSAKI+XC10td#S=tJeXP^E0qB|jhN2Rq652GU z@G;lD)*ItF$br0#2P;}c$q*;b%j}s3AQeo@nk@0lqyDsGRyQRZoen~hPM!)Ob$E>X zn&BoZrXo!#Q!7bYp??2e24Cy^mE)JRA#9mHg#TcaXwlI8yoAsSFLI^ZONF%Xl60EM z#le*iW=^R@5Jh%lAr;7rbFNpt=EujlVpRs6efnnhV2qivw^*utwN)~u0D}Lb+nMKc>xC{jAlE@|gEab3_e&DNzLa|7d6~hV@n8ZU1!ZvP1 zWh@vQojpH4G%^nL4nzcda~ya~D% zz2Cz>P-H-TQm|ZT#POLtmk>c2i+Nqzqy-d|#>OWk1BQK(w&E$O&Rx&4xUi)mtmz2W zXDa|%asdnSMq$^nEv_*0HVp+ua@I?MK_5>Ap7-_q+1Pqrh$D*$AQl;F0q*(j{d;zk zaO-2j3pxPN*m}e(z1lMnDN8!kYcx3uM-wG!Gf6KQPY35ym;aV*cxls?rloo)QYQ64X5^Kh0eew3+<6IA0p7YsN(2_q}q%&eb) zTbD*#aAnfsMl8)}>F%N+&+hrM7vrNLWan^no(DEm^dpWkgtsJsvpLXM>?3ZK{~vFl z+W|mrO}Rj=a`7j3Jr^d)RseT5m|MT^*gAvxa59qzRW_`>uf1#PM5OX#OUQ2V@=z|- zpc^$yhVxe^z_TqQIhygnz6~GUxr|Iv483@B@j)Zza2+G40f6E#TV& z!dlutSZe8+L-6|*&hSvMy*^!8{Nqfbwzf_l1Q*VE(~~{G=rnVeFc^Fe!qp|9NR(>0 z=S^g;^)^d!ERC1Sh!2$Uh1Q)>XveL0jjBH@KAZ^=s8!5#lJYs^Eo;(p3a7b@0RV|i zY0y3h3R-fiV-W%4_f&Yp!3z5|h?iI0GXG{4aF0&xb@DDWh% z7+MtmJ>!3Hg#t1mD#*z7xQerU8q;XvOV#GGF+nt#Dyp6!N{W@8MA|X3oU@z(a zg@rB`9q+lH!celx+tzR~IHP5zx%#T^icS4ttAYp4OA7r)JpQc%BDhk?K`Btg?WiXSPJt{{x{Vrh-72y4SL%$BEvIH*xs&O&!vtr_ z8vHLSTxBhh3-reB#??NF3D?S0?V~-iZQkN2LeP?(+(3Y;_j_c>8ft?=6)|dd5To6v zEihG*a3I_B)Tbt|e3K#k-)w3S|{WoK3gL z6(%@}f&|HW6L!SEWjdSq!=v~dsg=R)t;a0tpF(A4WCku}HLHe_GLz1-2M1f{BB-S@ zulYq~nFw)#7IXh(J-?d&jjaY>-(0nYV(@^>^1SC;+H>fR{Mg$BX#=bq_gK(!9Wm`# zERa#P8>XnFkGED~zYcy|2Btx{;l-V0g`PEH&sjbw9Ys?JuN|I~982_#CCTd76IWr( zqrv9tmOr>#{(cYwWF0I;zb2N6h#KLX0Z&?NHsM~bH5RExyBBx!CT$|%a&oiYLnT+O zN4rhCr7qEL+MO?<-Yjv{7R!6>%vUknh&uBL_a1(F{83mTL#A(=_RO%qY#-!8EfSyvj+;Sc_9Q@#}bC;!#6F5PZL7x4)1od zt&1h@)f#M;V_a>tP`rIm?R*?Gr~uxSIGqy^QN}?a5hF$Zp1Qvd%jph zmVo%wN~zpSiQuZ_EZMBhRq1kTu_wGfT;5uD>;jGYA2=Hb3Lm9*SnpSzTv?kP4ndBk zP==}0P{O&Op?SZ-Rn3`D9#s|y1n0kOt@l;clng14_2zI||9E4Vx-`LGl?`+xxN!A) zSt;iYpmUsAnQeC3Gd->-&fvQAzF42Bo(xV$5ZE1V9 zUfKjoE^Qysz&(-8Ccrm6&Bj*2<_vdhYc9}jXKS$3`0X|tGnvHaLbh&0B4W}`vi~ON z8uG53FZC-9v~E6Jb*>nDgp^vDyBc$}6Q@$E1K6{n^Wh?I(6`_pB;)a6(V6t)Rh&94d(4bwRF!T0A;mr^E02ick#`EVM!o2 z1zXRfT(NeS0}bKn`2JV_>+Sa~SM)a+i>2frh3`;$L3em=s90i;O!Lt^)2Rmc{JHG7 zWSclU*$BcrMUq|f69ylo_chpJH(~DU7<2#gqga`jGw7s{=)+fSc;g8uc?NOvcw1q0 zvw>7w*mR!EW{~2!LLeTUTPXBEu6l0)R-QgKhigR|wGtR7Zx+f}Jmf%jyBPeDY=eCa zR3dYAt?~UvY0jOcOb_Ca)4~m95Mx^CrN&@0)v#u0`&S z=9tPc?HEhdI4yLy97K4Otn0{fe>nej07iybb81`7`6I}F)Z4TkA5GDB&B)b7Zw}s! zB1TgQU7Y3S+pjn6h4d9jzbnQnKYqEh^P8ugHUeGaSql(2eSD!u9H%hwyU?Y=!YA&o z)b8LGAz&o0D3gR{L|eSLD*o`;aBrL(liyh5&-?ub;vV&0#8LQgC56?2fz;c_fAeVf zBYBwXn9+(%=DjDjI|0?yqB{YBH#R6MzfomL~*gD3q1}N67RCc5e9aLaVLs2+)p)6wa8Bv7pOZbd8)nH@}?Aaur-L$AHmdd^3f@OU7PyEMhOpZSWmXZaq=*}}rFn?+E3Q!S+Z z@@A~66>m6ckyikQ5?(lQ4w7;fA-)V@3H?L&Pb%j6V)74fhZl=122UeHrI#5V7-LB||qW0NLYUTHWIWT!IM^@j*hPJl0&iwb`s`Z6`E7Mx~Hcq^rry+$^*UaB+ax zz=kt&@9(7Xxs=@?YarDasNMez{C&=yz}9Pf5$-2roCwimeT|8K3#tCXn@i%u_ZDYT z6w2tXWcDOy6(g^fG$kFlbogqy-%PW1B8(Ir5tIOv=5j#y%f=|~)^sLF(E5}!4GI6u zLV2~X@p{YPI055qeIl1iE>Z!Gze;;T%?2!pDtw%J>o{moP_z=-UN|ASCmsy{ChhzD zfRTff0K~eo<~uKrnpk(5eMKBtZe&d*T`rfU@JqKDSv1dD>bwPFGVdE z+W_wiY_%)CiBqo`uQjrx2dcDj=i(?*zF$sVRLAh~kCRVMCKvI~KA-dZpl%*ol4JDpq>s%5e$$bVu(6rSTFP<)xf;Oc>HWXpcwU{DpkO*jm zN4qMu_%dT9Ka$%;Pc7VZPL5TxIbP@i^$$6d?+x#duyW5;c~3E08f2h5kyX*TSf#E$ zO|r=iq+xV9(;A&){9+D|#ZM@)v^q;hki*AJjhH)|T!!SUO`mSU-}zqQKEI)gss7dN zMcT@Kg-6h<3j*rq7QrnV(f*r4VFNli87*Z`Epsn%M>Mh>G+a=pYWi864iU29!7Bc% z?fU*Eu6@70z23}pD%0t%n6}b%(okvs;eM{!?W1Qjlu)I@*x>jdEly-z-ug2&rsgCH z&}a!LE%ou<*b{06uXiT3BxhQOBX#H4%3sEq)DsoQ#AD zY8U9&KhC3ai~mS(9VbLT$y8_YHT(BE#X0T;WK%5onaj%Pk@XfzwGs!2&o$e=A<5VkjMiZ=jwE6JMPemJSTxm_wyM%lYTs8h#Mq8 zsG8#}dCBJ>$(0)Yc_?PN0)9)?xMBvw%MbP>>_X>B!XBpBR<5|a1FK%Yp>5<&t-(h1 z{=uT&c>zIh=;*dqQwnrfMMEtB1K3f|ehZ^Fg|m9aI-FggNU2(g8gvUC(5c7FSR*6V z!Y5WMq9G_Fmvz0C=@mhmoc*-?CTo&ZB;-r3WQ07TR|i`g+f?Ut?0^TxYC0MsndlJE z@KPco{iRZ+6GKB6pkg%(dJKb|)_jjhZbvrz=fu+YLh%FcI$R(HQMyC?*V!^f1k4Vg z8Qz8()X8(z&6>v(5UK~K(cnVX*x{c@VwkNpqFqKeSl1zWDHHDIi{D|FW3*mfdtj{+ z-$!BqO(niq$2lWa2s1bZ#fTeN5o&XH87h%-YTsrMw>08 zd%dhWEkhzUw5!!Yl@tM1NL{R{6z)qB->d~UcI4b!uEBc-K~`gXDD{-hA*qx+Rk6hq zz;t!`L=Ft&zVCPlt1Uke->Kx{*xE)wX=q=%mR+^z^s_hE?{JYb==nS+%MtB*y43=N+M{C-9DW!0X6r@^g*u8ZFlj|v7MQ2jGli0{U^uIk zyYn;&DmP4#Xn!D``yhoPdp;`lanXb9#|mEeOlI`GvbkJ1PF@)0QbWuLcYf37JENBd z^MHqSWVS2r=vG60HQF;lS5|-8RTz(aUcYpk<9P~=B4n@#)qD#=FZfFB-lcu=7CYrE zQEjwYj&@{Z!*HoNg+eV|X!nxXt=(?#{+3O~#4-)|YIg6;KX~|Y-1~yP}+I^ zepyekfqvtU@r7J(J_P$Q>DLZZxf~CvUM^Kg?;Nz6uOf_SF+f5>ZF95uM{iwIWhHHi zTvnek(`nHUv}o9h1?#xW=N<4<8lkNFab~iyp;f9ymXsX7S9DKgwD1P%aCYY%H92{! zf2)c{^72N^JesS*>qzPUdTGbO()jDjEmeDbw2`v5z{JG#Z5cJqHs3Wvka?tM>`NTV zFHdmKFZmM&h>wqV_wX=a>((_`nw^d3bUMnNKSk#IngvTsDako_Epyxc)L3CuvbhoS6id$)e*lI9TM-INJ zjM*Oi+raspZ3f)rS7cunZGPD-w)mSr_=4>loQU7HA)kFuHC}4(lt0Vl<|Gg^y!g@0 zaq=L}JEHZb@3E}H?pJ^Etv}Nt`W)W}a6@Iz%bK^BIKE%JXowrUO`$fSw%xC~U&E67 zPqq3h?mt^MCCW8TPwLY~OOZWy?lOGigk(OaHLFyk9y^(L{I zJl{XNwd1>E+{dQ-*Jo?C)tGQsYDMZ?|4?JWuL-tc;7`hDVgI11^4R(7b0FUm_~&X2 z^qY9!G9tndmge$2s7>)B$8b#Lh(4Zhvq>=gIhuS|V?unIJL>&kp2K#Jk!;MD+*oVz z3wbbKX1E}w=<7hi5;h58PCf0VGCx3Wp6!qL^U#m+Bx-zI>%iaqF4DbmNTwg&tHTnapR&dGyzZz=?t|FxBc7mxF!6~mCtk( zHO~*jbUj&ar%IHT^y_$shPV5&EcL&T`)*w(o$spVwojwtJpT_o1a4 zzCzWS;sKBiK+3Jl7!q(4tCk-cPDlAa4Vl-&nv33+xx;=d)(~9` z>2oX}^~X`pL%8|pyESyWc@1?wWx0Asz$XEY^CUZ%%Gp5dFyuS!6sDD$ti`gg(hfCnoYa7N4NU-)>~QloN7FLZ^Q&eF7Af1Zv@xaC_r zJL!J*Xp6SGH2XP?a_|A?g0&I1%9CODjG)qjue&xjU~&GfaKmh$;{jG622sk|dY`k+ zgQ;sQ1X=SBDDN`C*h2^T3g=` z(_~elnLR!o=hg~h~psj3vtT95uP;gZO>!0Io z20lmg_||5|K)teKsO(OFza+kOTrG0dmaDwA~=J$J+7OAPomC^%RuoV+?AugaVb z{2#ALdSY`Y_qmMZ{Km#jt}^NkVRT8|N5*Hu&9G%c!)?RN(+7IJ67Oxr&eiiXYkv8S z*lbx|OMD)V=4_jqu=#{ux2FR1bR7il? z3H2`m&UrTY*yHLhvh@b-?HFgd&Jh!6RlKSC>Y*nRY z`2sK2<=c}9XFQE_g#ltgp}|-b*_4B3(L@-10^2Lk<|kgle0sQG(UXnA%_?O4j(}|2 zP$Wxd#g}`(zogc3`FnG1D!e^qF88s$e-#a)D91!;yG~oCV=6E<{{e8iSMe#67|Yyh z!u{v6Yxr=|2&?IyIj+CE$T-X)Tk6M4PO+Y9OR7eIsT0CYuv!EcPm-7mpV?&YAFla=1j%eIV@p027V0^_@b(OaN<7_w=D#=!8f*=t&IGATZfJ7Ga#;ox>Z?cUV~ zv1h0;$|qVk@*Bej+UQ=hM>PK^&$NPQp__*=kA z1hH^QM2vyK-ZE8{$gU8P;Y#-ppcfhj1}jPkk5goC5<8IP7-Z<0h1^Gx*QV~XOf0fz zsi+xqQ_8Mjz2PLK-RUi@{Z`yFQZ-7%HL*!HrK3qw&M8%JQ(MTOX>YFYOVqZ2s)dhL zr53&Sp3Dq-7k*8DI?o{bL5$5sau?G{Id?UI?()$k5@b*zs;-{C!fuf_a*jvrc`1b| zbTZIF@mRssVi(OO5+X#C&$85Dy-(X9E zy3;ak@L{QWg#cw2PQ)jTYqzypite6Dr6}aM4pUWr4W+^vjRWOBh^rQPCin_eDLvac zUEdw8%mY0(p<~zs+IoMV$V#J!!4 zGB3$EjbCt+V--@vP) zY;cE~=9DVu9L{mqMEU0tZ859{_4taXteZ_RPSw>aS_3oPik`N~S1oGl{T#+|J;Y&(tFr;d3c$OaDnir*vGzZ9ag zn{Y&Q&{4Zr*CMOp==vNTvq!L1lq;jr`;faO8=;=iM5+C#p8i2t7fD0~djbn~ z-OT3R?g!Krd#B}{vD=0JZOBnxDd;Rvmw}@dcLygRkB83XB<>}HN{?sGLFUQm5xfv_uNLpTzQCMvqz z&m)*Z#Jw;>?1YX}l=CJ{;ohIJ-tA&4wYMmAseFjUCJm(rKsL!c?lW`Lh-g7kP{T?6-BJZYjRZ;s z|2UOnG65BR5g$Su!_coMj4Qe&s0Me+S9E7|S@JJa*%FjF76Ej(ZEx2QtuuuY8MuEU zyFjV>_%1RyThrYrkK;1b3X~)r z9*QiAwvgo(F-eItZ{KM~+{->m_^H5}`IIH$i|^}^I8sPY+Rc|h7%YJ@o{5Ih`=}Pl zZrDZ%elSih1g;tKC(KH;N`QUV=5asG!Eh<+4qvxmH8860U20F<5IAKC6|>L8bDo3V zHW8(&?V0I#pEB7OiV_Eu+)CL#4h++gSG`*W3fDovgCODkbg}4~;TAz{$uR4_MMpFM zHcMlbXU=-KV0B4N{OA2ig@+r^G;*FGKhgHY4Cw!rBg&SGZs@03-^z2%lJ8nh?JMVv zae54uctI_;+VcyDyhNIEgRw=03-44~xoCQdn|GOD6HLOmI68)Gm$^ z)7of=a4e=%0PhDNb4}FzcyUjZF4qPlh8I-i(ykiD0Pu?y_5pbkW7{u7v5!l!cUG14 z>voR-y6|iK-S0;*LPe0ioUmQJK2vc5xOqZ6DO5}nO!c&tVdBh6xgs^GQuWsqUIR^U zi?8XZVE_nfIYhcL3Wx6=IF*fK{A_(|t$OWj`(A-Zw=<@|YGU`qwre&{S-!bV$_lrp z8?x*&hsRW)mpL4Cm%7D5VvCS(pz7~~Y_Mz_fhvdI#VdeZGy|D5*iPpz4+g!b6Yt=+ z4q%FW9Y>5P5XlUo@*fznzYlI36fRgTadDZgpUxiBL$Gv|cy?q5!HG)WY7E5B1h~?h z8?FLEnT5xD+WD{b!pILj>vjY%L)ip3UR@a6pnn!grrLw!DiF3~aA{oNo~JRsRS6*DE37HiGq`smKG!+JqqhU9%u z_V=qwi8lB;nk&5Kg5`J8A*Z)B;hVeNscC5q>v|C6_72IS5Q5#AYw$BQ9}7sDt2<6x znz7j?8E}M9K9kZM-V_uwJ0v|2(k3{$D|()mIFtAVbCpPT&A&2>Sapyj7Nh<+`gM5< zYx`GsJWcqLHc>-M=&hrxVdxuoVhskT$hD9P>h9Ju`=@oA+H#jc*H&Xf&{cTkn?I*` z6nBx`;|`_M2x&nj4T#0kq4?W#&;P(Dv*OgL%bX}Z_|u&@rw4--UQJ(mN?UsIY!cm0 z={Do~h0lUOnN=H+;~<}2cNNX-9GRMJvY@G}oZ8geXDJ`|7HTiTvI#G6SlA$D=uG=_ z!sUzxib|1y)rt!x3hbvFL^B5tEwODTY(Bzlu(j{`xzR|YOD{2<5gj#($Yr<686ts= zxpnDnk)5p7L-vO){B;rZ0B^LAI$Q(BcQRva@Js{TDe4FD%uW-dmTt+v<@h&<%cCeN z#fTY2p<+xfW+|Ej^U)drlx#EU`~z1g%1AeOCPwGe+T7Rid)88PJ)dCBM?(AI=D)h} z<22M6i^%&4EHR4mS-QQ`a&#hrd3dNoy?0hCZ#=st=0zvg$fZ8N=uB^eU5JEsobBv zXHq#8E3O$zXt2J)pjc|Kj(m8ZP;dH)y28z=Unos>q(N&+71KfCT7MN9<3g|$dx1C1R3_qqt4vS; zL~M4dQDYyx7X!ExGwCV3roKFVLm4kuCJEUrQUp8dNFRSCweY@YdE`I40L6=jI;^xcvit#W$=$gYWEO#`E7@ zV_s7;mahs_Pisko`0nT}QnRtPbb2dV#PbxWm=a_R6N7bzp0(8(wLaGz{!SR7QYJ$` zP>r5E)@83Z{D#!B!b!1BCiof4gVvD0M9^>TvHX^j*3ExOWOl-%ipMwAmeQ5ZtSY&@ zhylp2<&_d;W{4I|DM7HquGxyf1%fx&Ii;qIRs%@1w>bQ#y7k4hLEDa1i=zfepVJCtH(5EZ>Q2}@UfGQs=(-X5~w zta0NSCt~M*X~KfVl!aEhxCH&0oNvKohhFs_c*R2^eab+2DN630)l~G5M^vfK8?$Y9 zRD5|sC_rqc&#Gm|BXlztW4BP{75tW5z)^c`K`lkVeeoND3$RzJr0?0UGEeWv>39Ih zsR@ngFVmK{M5pZA#MQ94nKX7hlr7Z#(2jRaXYhnQl&o;U&C*+LpL0lIyK?bByr&QQ zJ9pg!WNO|AQA}XQfTmD)_2)nz3=KBMdm&l6?@Bx%mGmpyQ>NW7YWSNWIll27O-w@m z@R)xiIpvB%zxrGFc>JT)Vpo<$EC%L=`vcg9>39>amI49>NcHSg;S)iNG$blDPCdp= z==HQcfv)@F!-J!kC@3|B_{L@9iiyoYfZmX?#Cx!8maRhPPQ}*a`~C6X+1k)IBxqfF zGTwuhVJ_{=<335R!FKF>+jJSRV1@k8B=$}7neUtqvshFsMr1v(K5g`aO+mCh=c2Lf zGL$h~cyd!7_AKd??3UbFT&*=Y%XaZ1ArHT3Mj;p=v}o-bvGje!n(REp zScX_L>_@Zk5M)6LpDzy^U|C|E)>{&j7YVo}`|cpBU096dFY$v)H;oWa>{tpd4MJr! z{+{S@BURQF4ip4MQ{ON@eSBoK?O=zCmm}v)`7ib3xfLUaz4NXDIZ5N;Lt2$v_~IGy z7q}16#1}(855Yx#w2!-$TD6f2QhIZv8joj~kE#PWTPARe?N23|%b)tt$8TpLC-<8& zp783@p+v}3wM4uXRmOu0Q;jjM`BKO92Q5K3QDSokSys_sm&Ap?2~s(@f;TqjXQGac z%0Qtcq}dAU>%6FH+5vlc$>B0A`ne<+SC$N(cAMhEu+taCIav`SXK_KDo;Oq8>fDgf z+&mksJaW-Kw}LEMw4I-ykVJ@LyzW2$__aZTtKgkE#wCWyRO^t*t#VKs@ z-U8@KD%XxnQtuZtNrgHZdt=R!AF(JFbQ@ng+1R+nnB1Qm9;BIu(-}WGY-PO=VT&v` zTHTJsefbQVwCoMw^ys{#B-W=D${H9??k_6OmqIsN=4sNN*3(|pY$qNHN7HpK6{YqT zp*q9Zsb!gGC8s+!Q%r-_cAV_VD%jT)8k`>43BH_cC9Y#Fn`O194*kzqCt(mrj&;V6 zdMXk2{TeLCw%;>qy1Qhr;4g1~)T22a^-Ql?jXC`tVL$}T?N$7-IcB2WvM z7GYWgjh`;LS{Lh0>$tVLLNce*pEwe=Df1mIO8uOQ<8>3{X@FvX-{Sdht1Gn$v5!l_ z^457CIpHCieM;Fn$KEBu9o3AtF}H%#=1zORLvY`{I?LN`%sh3AN@!jzM2}lHEyyIS?yQB!ObRSsAW>8H6FQ`-FJNcI?K|L5e%(Yc4iDc% zOKGt)D&k|h7-Ha4D2_qRo}n*LabGCninkP*Ge)ZLNnM%zX44D+s5}QH)@^xBtU;>^ zWMDS>>-;;{srB*ET$Ptzvf-7}{#TJL`=shuTfMR#Uv5wfXh>%K(gB`>#o@xaJs)0;nU zm>|WZU7FQd6t3_VJP}_kEZoSiD;&wTtEJjguN#_EEEY4MS3F2dl6_fg41eSMlyS|U zJkVCSLOmeng$sPKCPs4792U9-f7He*B1ul`KHRPkm$KTIPydyg#?*A;ajTMT>-h6+ z5T{XpSeOL6icaZ|*)iQSjVZqm_rp<1;nMBUQYxwzhNJ0ZP?VJ`IQzY^!MZK3tlBxn zu026uIs0x{16MM=E9Ioc0Oe*GS1SbA6ny^a#QswBHB+Y)-x}PQYKgIP)@bUTtL zF@cCmtvb97SRc}< zhrP*HLnO7sekdDF%q*l*<<9iL;o3PizF!+BMns1}kNS3#e;#N<+I%fJFO;RoB{4w8 zdHdK516!T3YT+;H-x8B~iIP>%!IiS$Rd;~h8CZ!*|kG|GB^pbGC!H zm}fv47MTsa12nleKwOnrN+Yh_%p*Ss-}P*2x`UJ}_>0d59W=6g^Xy<| zl~J!%pTK+oUzkFBaouEhKA%aAPm*heNG0;S>U-Hpkced8$J~e=#Q71V^;~e`i(nm7 zhxyT7ciFNV+-Vypkd#7X6{o*#hDs;ImajlPdlH!5WQJVzz3IgEgwf>8D1acd59|(dQs5L+RJZyg_2!rS)#&?_MUw{jH(N z(XXL8ydUXriz3L_6Q-s?(XNcB2bSy!ZE0MyBxY2dJfs^rUANLMgIlXtRhJm(0fW|r z@FUxnNH|x{`O;B=)?>Ev0id5hAiV77UqbKa5-D7~77ZO99fB7k4X#3MU$}crqM5Nk z7`Udk1-0K8%r%UG^iePeDER2rckX`bc7wK@;L-Qk=W#xW!wuw@Y7I($<3|uD)L9Sk zdUs74Tm?njK3DPq-`*L=kUDp(h#2NMqh1Sg*RjB}5oKp`63JW8<$@rMjIfazgk^Bw4UNB z6AZpzcyz@0C!Xmo6gVGJ1*>`u9Eg4|%R&Hh+=ln8f9uB*Gn=s=O`k`49qA5rTl-`? z#tyNWp$mP?tIfJHIJ!v@FdNtg5%mf|R7 zf^1VSP-O+_$C*D+S@`2j_H2*N%jwOOi9nHJpw-o}!Rq;iAjvk2xT1c7&K-;g;uSi%O^{8?O!+5VQHl z5iNLpkb~?Wdgo7nU57)p_#T^fezWEo(c&0sPqQ{QItPvRSO^Un&osEF#bUKRph^E& zv{9FaerC|45VI4sxE4?F{yZIL4kaxp*spWApUyjgEE2Upcl{w5yGofk2^XP$)KopG zRL0&@X&HuNNAzTNmYgg7ILObE_fT;TD_@hduUn5Lc`lp}8qhh%rNf#=&o5ANM_Q_n zZk;QZQ0Y3jeEA56U0cL^=+KDu3}SbY?5{CAKY|$?#sB+hdR?FR^#~206jLCdjM553 z$PC0xjRy~G8ei1NVaom*7K$fAqIYT?2O|b~Cc*xg-VIsh$I)bn8F>(|q{w!weCuom zk4ODZ9_ZX}hmSFx#Ngm0KR(B|j|2@mk~sP=Igw0({mh&|&N(kus#m56bcoKb97Re0 z86aB^)-wjj_sZ2jB0Wp3HCG=*Qd*(e%_a?lUX>S2dctLDOJ3+OGtHV^T)BK)XDCNU zTzdN?NK~e4 zeQnQ|@)1*sMxyW|z^zio*YQS`SGKvib86~F5X0B*l5ma$o3{42X;?%`Dev7LzJ(hv z<=V5`KD14w6AY=(kBK4H-3?6Z_ysk`B_>&|>&~gU-P~BB-QgN%%woRbq{O&F)|Cbu zG4NjeX0kK7NW&w?^bNc79)nbRXm~SwU{jji!?ZEa5w^(u_d`UYM8u&(Hj)_w1Fp^7 zy$npx&|#^u!U|$~2P0q2g((zqb?&iZA{I_bCFu;QlDYvPV#V;VCIAM?^;tjE}=K0AhxMLF}EKji<6XPn_F>;|K{m z8JsI^HT|JR^=jRw^*_6P*hsQ8F?PnqZC3G~euXB1elb2TDc#=#f}__*gB|U@Zg>H8 zREyK9X4`IhJI^guJEQMOn7=po9^gns#}B-Sc<3#6NB!6FI9-joLOxMUg}(4p547Ij z`*CB@GX7R#+ijR9B_sfF{ykvJ@1ged2N7~IXNN)66{YXWHxX_V^(2?t_Yv@t0Dg(y z`++-AW4O|pte&hwPP;aGMA_@d@{CVsxiPw}h_2CQzlLJ9Obn9)rhLiWa)Z0)2(b?p z`x}y?IgiD1GklD9ckpH@NE7}b6xf((aKtA7R1~OEpc~h|LV^gWBVAt-iC!JQX0X)A zz}8`n+_fQf{j^rxzoYX$PrvsCz0+lIebC%>lVx&V!4JFUl9*2@i8YSg;!_jfyE)LT z2H_cKV6q>G`vSle-0vO}3m>SzsA^h$G|fMvX0Iv?2|BQWZkt%~V$ryG1Sm-tJbqiS z$S5owx*yNhO#jC@u`}Xp8a+s;7?h&K`P>%x`F{n3n!5^J9swixArcO)M3(=JmGv~Q^4 zT)5EL%ajav|0`_5T;8%$=B!$DbC3Y-HQ6Ie30!gDn%CqhQIc6Vp7F;45DK`PVgLs0 zj5|US`%5Zg3AVB%r=J>ATcJW|4Ni8CQt)CpxAa=MPbSP(*TXtnePjCwGoqI!8-e=m zt`%WnNxbyf+)7t^`ujsZ8!f;bdgIN>_ha@_B)jzMsfzPv6z&qyx}WmY^XGPnDStMQDSSf$LkZ_WHd#|q>{b8$mR zeIQ$4(WmIKrs5O0nbO80XaebAniWpN+GHw!$BYyZRLn5ZXeORk@R!cyMwhX zUmIxWtH~>z6xcbj5P$P=g%? z&Xn9v{d0$f(omCfl*c?-qOib@VT-w@y`?q@& z0OORbuC6Z-5I+9Ou;lo-ThoU-@G=*7j^lZM(>BXwFuCn;m`X?s8W|*V`Ot0~LOZ}r z`-!Ln(`5js;o;JQMP8PVo)m(b)EbdLjTAKetP-9Mo}5WIiP1TxmnwRlKTOwP8b;X` zO__*LJXY$$WHbNJ>jD z>$4UYBdfHNeV5k2lgh{$Ip39<`+xuu86-7iCBLD(-2U@SL;@`LdVHZv5Yt%4MUD0x1Lt zd)HgvJh_OZVaoCBe7!sFDdS_2LPNL{Uwt)srca`iN&>*`tZN2YG8H%g`cW*4;8RA{ zWEgX>rYf30U(FnfIDR1Bz$1sR8ux9DBG^5%%8BvzgPxku^g(weg92i*ym z`utB8zw^KN=ThR-r&3G(%}JsC{JA^0c;b?^T0$eTx&iNZTUs29Ef^@;xBB{K6Bs)~ z5mXQP=tSZ0F(KSpZ$hC~t^MOo?=WiY@U-V?iW@5tHI#L3AwY$uXgsxU#KW41@)%&2|1kSLHtWv2Bs|V*FJhv3< zFH}sa$DFRldo0CqG$jhPZcMK?kEC6QYXaJJL#-XlELvZX0wNhPG@4eBLaoG{hLb3d zq`5>b@Um*8?Ts73YzL8AgC|PWvP?$-U{*P|Kz0uCc~K+Yzi8 zI$ZkRa3r(pfvV_ZCFQ@XH~}CY4;I`L4Sn4yi`h`iyh)tI1f^iHdHY!Vc3(eE5|Sh+4T1RoBxAy8Fzx>zZXtw@_}|EljhTsH zApchtb4EPakN+yb%8(fW4gA;F=x7;o<8OlhR2MNZa+G@i|Ho>*72KwYFQLSjtB5W< zIph;%7|InYt*y9P=tCZeXztl2ra9^yAX;?BXPd>IT`c-^E;F_1501$b}qk&8vDU810ONZ(iB9=^i z)MJ$%S}b18+Z^y68S8|b|DO7MEz*KTQR{ut4m{fLCIhR3&Q|k*zgo5t)4hWYsydiG z#|!yK59#@z0NK?}^7`%sDZr{RZVbSTi1Np<2Fy@YZ+x24((G)kB>~OCs~Z*Qxe$Ic z*d{|uSUo$q#?yO%(A6;DT9?S3I_N1H8L)I~xurglMD-xMI;^Txuc;a>J%IZ$zpU=1 z{ER2GgYZC8JmMb@TNI2(Ee(lCE*-AXhM!VS&DJF+g~`r-$D(`n8(g@4Q!G5dxR3>r znOU&?R+~&|2?FTPd3>}O8aUb zON%L!v4=J{9J)7n!e)Xt3!+*l(1(tOG-0chCCIPim9hBotC9W#izQC9_-kpn)=PqW zEF>A&x4TAycbM5FCg_IW1HnI(qW64Sw8f4H4uQczLi%C>F@@_iX+~FDgliYExhN;Z z4E3KKq9R@`M`36rl*O&12d@B3dp`dJ8r53EK^5riY{5sYqi#c(5Z1_y#;(fEf~M(^GL6zG*l#M#b{fAoItJo%gT%$Zo{lj_r=bY9!q2shhBGG8nnX0+vP2>I? zwy1s6stC^$5Srecr)Ya;1eoZS#c_I_!6GDrNVBr=jZ3%WG)JfR1ftQ1?K@n+-2KcR zBT4dy=r~#JrrXYz0r>k6lH5N7YPDdgwX$hPH`c#Ua2`~Nh>q~r)2_%%=iL_WnCqEV zB~lYFUph6Y96_d^V2uD^1mFZ&LN@15!dD?W8k#0Z{5qF%UWM@7HV&^7>LSmb(1h$= z?aO9Ye{)}KynPanzD5LdV>k3xqbfn##2Y%N`7A$fz9(#&?HC*7>u=gN)+j^jfk;Dd zxw5UagCpW13fM238gKe$k0S-nagy2o?hGF7!p}{C&vRe&ux_SQsNgqe01DA}sH;I7 z80GfXSICFT6@b)CBypWA~PL3koU9LWAE>aLPeF-1qfZar!*Po({#qA6RifPaS(B$8sL*}Tvv|7D(+3N69phi=Pa&gH@ zcbGG9dieVe$cQANRm#(%h}MKcpcF$Lo_5ew5}-I%_zYJMB1&mNpbe*ZNUsceO7_Y3 z^-DyEs66Uk%$N=9A%j=_u@q8m#Rh5l>o1onoJWaPJa=H(ntBR5Q6x(16420$jrn+S zVdlzh`Ih|nvuYLdRrWZXj(+!647x{h6pJS$Q>&!6+3!HOex^dAlPvdN70h;43@{LB z(2D5x2$I@+92%2T&#~j89a)JCZ0wKNA>?Orv)u_0-7_2j&r$o2zD3`K*C!5|@-C{t zk%u0lNf0TzW-NB$Wb8(0i8(C9qHFX>*mbYODmrZ1qCZ8ulo~U`{CjhN<2Nc~xwej5 zqY6-Cc5x>ehJYi4C-B8V3k5QUO}DSUq)0?pG5P(UF0=1`ZvsGD_q)Dy2>d1$UkQ5_ zgD{x|OvfYOrQC(HQW*vI`I*IGrsX2}0!kICHr*XJDLVOa(^Z#jPMkVv)L$@nM%w}9DFAR2aWi;WYP`B1QJW;DkzS&c+ zr<#)CRpw8x@Khu0_ubWh%yFFoiuAgEb}{{OJz+T@{szns7Z4M3IX-SnUrH7r(8sMs z=u2NGvt9c;&5S&8rPZDrpAY}KBLjHB#UNA`nfF>V8+?9m@{3vx9yRu;3*GsZ&l{5s z&s4c?hz}Y+)_gV3dAJ(h42D6R+5EzRuDnXM7D9IsHoS)B880f#AGn*#i1 zwaDibOAP;yY>X7FrpNd1mZ<0~f1=TpxOdNO#{0wVk*m^h$NdDO0@Ktv&k?&PwUktw zGl@y=PYWl6j`4LA7_Ow2MJ@TRXW@I&0w901z93nn!52(_32fUv8PrpL3m7!+GhZUw zm99%f_vLn?_JNh+8b9kUoVtw!*tEK0J21yWYiJZy{)g3sPbjw9;xy4L|OwOiUUaZ@C#!(VSkv?Rve0)I*e4-O#wS8sjr-lJ@^8uJIoS^N z%KBo$Q64m9)0UQ@!3yoeM20j=dFpHoGpC9xrY3*uZ5~uEiyX>;|0~6OCc>$zvmzPB zgB{)C`$wlAJeoW4{i%Fx#5+&|m?JuN*_?IC=k1A%ii%44N3oKmwKc6K@P%pm>&rKD z)%xhcZdg)A0$dB?!iIUAytUPcX#aYzs$JwuYh;qmdQQwCL^A)_!zZUn0N#__2#MZ7*^ z%3at91a6H|?u}loaG~P&9~mCWb=8DLLt=P{r1=qQGaYoxMSzNy97&>LbNd zwz6wz_a>w<3Jh!(3V{yb`%N(mg-Ms!Be9!BF@xvIq2C2E%+8&;#A5K{bZfphAQf`n&uN*PQvw67_F}>U zSm|HPTt=NW68{=A70z(&pq#{W=AboIAZTdo^^^o#6u zbR)upTx@tJG$8?nF`eo3@5vMzwK+ctXcfz!Qb4C2a@r*W3ct^HTHQ`eYn>YyXAiQE z`&;qzmoupnp>r{Tr8G9}h1i-H_GY;kv(Zj2>Q#=N^RK5mNwFj4!yqWgr>Ccj?UrYP z>E&eP{-6bW!}-tK%5UL(A1L?7mB#De+=k*PUwoneJ!cH7ce>vWR|o#H8ooSTxSxq_ z(%I^82ferDKZgb+@GF8&nmvhuZ#42)|I^}gvA;aO^-`I^c}BbY0p8T`#yZQd8T|fd z7|0`O82wL||G!b@i&Z4dZMJ(#n4%E1Up}DabBBnjj4OnIQSM^Fh^-xMN{#lusFCu1 zzDP)EW1&839+m9*sZ|-H?@>tTg7Gylcr?dij{)8JoOUsFztVAtjf;tfOEdXgoB`E? zo&?%JN&YXne&p2~=TFAZ;9sLuR2!Wi4_z>jrVSayZJ<;tP1r`wWC7NWDq=_5qU9NN za5)mPQhy&H{%G=(!HS`vRU8<}UPlgK^10doqtU-4piB9f0YTkf)Wt;t6$(AiK+u&? zVZHsWE;S6>7WlDW7Zf;F#uvJS7&h8ilo-|4Tku}4P_as$G|SBb4fwQ1P?AAX^QS*G`a`bEc;{`|pI_HTYg}>Cn;`>1GUlGX+bZ zj5iKAmd>IUeMJw!mS7P~1o1L?-6pqcje;hfQxk_Zm0%2#^rz#IZip{MOh0tf6g%P% z7qF-h%kWOCN@_t)Dxrs?KKiR#GEDjDt)O73LTTu0beL%6{;N!S_F@V$M`Noh8IUV% zQU~cA8ds7)i;Dbv%94>%kYq=WdHXlZOk*IppLoQZB4}qepu7!bP$yXey>}mCGzP5A7L|J=2RCNJW`A*u34Ck%~747l-h4voCDV67hD%u7f{4LjX?C zmtZh-Ra)c<$~YFMA+F?_lQCyc@|Z6hDJk~XgK$lwT48r zD~K{1Zvl1sG8B>E^cFpkwF}JIG`vY5o`yua^yR~yIE|RLlt*V}X*t({4_!`MVsF_? zOiJbPNWlpMRY?C>fBIx>>%#I>@DY`_M|TcIX(%dW@semXJf?-D!V8?4V`QL4ElI+; zvCxU_C;3179v~0Q3W=*+2)XW?RT)B^(0>i8)vQM(S|vgS6%3Z#jE$SkT1py#2pSNq zS<&0O1x~BKe-hNAgQ$B&Z?57GB3afqq#G0z1nwmcr&&c;?l)?IkntQ>3%S77ykhy& zjx&PLpkg+!x$a}f#S4czrV3f!Yf>BuF?cX=bt~XhCkWG4YFV(>p|LogI6-q5SrQeR zR2h4IIc)yf7Wz3i{V(x~xr$Rq0E}!4g~OaN(YNnevEnQb0@%~A_M_7QRmFItZ8Rx= zrT7}}WQtFLVx^l-P=LD3Rs*2T)(=$E2}Jsq;0>p)^f$YmP_uo~m(nul9s7~1*Ci3>GWhKat51}25*XbJtrPftv~$7JILCtBFlpSK(U(o}^V zBGh~4v7I-&rre>ytwQ}1eSFx*78N~8;45Ki9r*SdGWEAJ2gz9-M=s|cWthLx-6!2 z8`PCjGNoMYqi5x`aCRz%3RFraB(FD~V|hK|RWb^?^`?Poa{qcgnG&u0P6-5G6UX^G z+E_S~k-OY<-a>@4NxfOS7pX+rF*haOWWY8#nWVxWOT6D=dftxVmPjslke@b~3`lYv zU#1JCS$0nM<);&pJkZg4&j?CLs7Mzq)fsI-TWWL*j>DmT9FN9~zWjfDeN%L1U9@Fv z+qP}nX2o{JwkuA>wr$%^#kP$v=FNZmp+~>;!+AVoti!$6ToYDlpC4pX*cIw39Y$oh z;8=b4a*83+5w+bY-?{`L?2ZSm_=r@#OrcGs5>$yX8~AKoAHrAaFcGEH<~4lDrzgb& z+aq!X($Em7a}a?KMsnK!8M&}Xty0mGZEcQEn55RN{x+E#+WDh8kSwXl?P-S13Asoa z_2WK}IWPD?QHUJaXUk#4R&=}T1Qyn3eFz^`#D#B_0Fn72PF1EmIc=k;eDnyi&^yT2 zJoPSO$b#+Y1KpIOfDz1wU<#EIycM#D0d7-M63$f819w~ zJ|S7H;#eBKIhNf05$og9ffMKDObo?JQEvCJ50m)mWi{w4ZksbXL^Lv%bVY?YoYoFN zLnIPTvl^qXy@Vz3bsqDxiieB+ILcwv;IAvFq_C(x#_g>XmcD%6a$nLcliTcrFW>YG z8!+=R0*j8d3F<>p(7oE_ibRYlZ zl0@fukL(Zl(cxr7Aw0)GL9z?@wXD+4*MY0ikRy~isN4_iCQ1|zEoh79RfkT$69PgF zG>#u8#FJ$pqTN~!8&r3zRr69p!G0EII20MVeHchiy#mwlK{|X*DAu!Mb=$!7IR5mf zPnzpzf~bEN^-z#a9C=824eo>eGs|y}kUve_FiE~r!2I%GI?qj{QAOlexchY&mC%s4 zJNlY*KFg#P%tmbjThsYZYAG1#?wNqXC|c3dDN=fJYZ$JRp;!k{OZE6PxmI<=wG_#yT8V-9l)gJC)N7nJMzDIs zTou=dgid7?OJHz3K^);?*dQA>Ybkan|0~cM16QKB?jXrH6Ry+}qSWg24Fy79VDbMt z_WU~Kd&>=XJfEy=j$|hk>}tw!s(2(SyXK@C1Lz*z!J0}FE0r!Pw|N-^efa{n-;yLL z@O!25rAXY?CJ?$?pL46^DCp^b5F)acHdH<~mgNZALv;bT$Vh;Ic9Rt3>`qX2=W?br zGtGr>*C}&U1cezQF!M(2D24FgMATRY1+tM6Vrnv5JG;MRXNgKmA#v11WyxeCMNThs zxJBg6AeZVI#iHOTA!;q5#YN%LC{)0#yLlm|_>i;Eb*d$;5<-`WXb72Pb(%#6oH*P* zAK2lD{yN#6_!jDh1BjE?&IyTi$|E)(+vu4cQkHe+JSdJILKha@v z=Wviy?pf9ivf4wMN1w~*X~bK5)N~U848#-2=rlB^XRnA(UC#(4$S;^NiH9f~yMYL` zgp{NV*!g?ipBLC)TJ$>(kzBEbxE{S5>qq9SRHS0(h|5R2l&+Mw>B7P7h(wt5!tPR z4CmWLMbr*|mQl-Zi}wFzAKqYvD_n(94~MAUy*=pbr;RA8GSS*PJi-obDTgvl6Tw2V ze9H)w1>~_pe_SRf(e5W*^Ztwgj(0>Guob<@_evBk!T_2`B8E5Dp(wB=oLN*z=CCa_ z+m<2FiTdHf`9q|#417pXjo8H82PO4}EE)A_(^R&bw=?Gm7^o775lv{UFqr-g9oiPb z=BQz8!L~u##|Hl)134vHmiso7e*^mo8?=6&m4AFA_4jr%XVmx$WM?D@001~qc{>9; zp!Kt+JBvz9czg(2`!n|=rx%aV$}) z$y@WPPUGoH56Q|2p^*$A@B0}gocNjt(*362?eLqlp5|{OulqgG^KGldtDU**Izzi; zlz?iQvJmJS=@iap>_jSM{lR-n+xJi8mC(>l_?ma0)cwx*aola?z-sxh!$YgT!T%Nm z!k5MMslz2~P&I0rvIK7SHJnCAm5kBU;y=86vUBiLmvuEM!y2qgxtDfO4xu#_?$m22 zaMg}WfbewZZcN1Kg=QNLHe^7yKZDHigEu*$-XXh!LEJ!<1JRFL_(xM-L;c|N9DX=v zIQje!dJ01#OWe@824v{z6Jyd^z;qxKYfKL101^^An#z!PxEpXZC#|6ST&(q5(3aKb z_A#}`r0*0~O}{PFvHD&+jw!i#HO|W^)n0KH#Y}5~noF-uI^ysn{elb%I@NZVDq)&g zbb0}**CD<0jyeFO_41V(?G%Bk-qB@vW|}xS!1TC39d%QdBj0I8w7o!}_CffgTUFO1 z9s-6JL_{V*G?Vxr()0~wEsBNm{@-pga1gtGiI~DhR)k;VC5M(dLuq#i_dmJNRy8BI zb(6mW5`?d@S(uSMkHA(;rpoxc#>{V`_01%gg)|QVR4lnP7`&RcPD%YUqY_WMG=Q5C zIw^FRkp01!Ho_I{M6$p&AsLoi*hv#d_oc#tfrU^3ZqY~u2Hdg z9h^K;fsw$PN=_!CA^2o4C|R$sFz-to_M~!JM&qet1*atbqh74p)BfVS6qWYZNwS`d z`oG~;zvEG6*yTaZr#>TRWnV}No|tNG@CIr||C;AcJvJFqRR0>leA+0(VhL9W_bXml zXkV=D#>y2IrSkg*>fMewESdR>e6h^TR0sM9bC8{udHiCz5TJi0>QX8&`;tsNWRe z45m2fJxa~RLEUzT)q&`)fxU|dv>w#cssMe%7vqs9rCLhtQbOb_id49F}ucO zZw=Rl+8nf0a_<*QQfAKFrH%7n2KwGXcV)EEOsfEIpB*op)*8N06q*z_`-%HeQtq$! z)EA(rU(zo0OTi?(zY?Z5kefwB%IAn&r1>J9j6NdmP zjE2z1L?UU&Jqw`13*hzdi+QZ-PR#9jUkC*S`u;LGW9cQsUHMi>txryCsh_8no`|*< z$)7gL^38~jA|w8R^A4#GG{um39&I}ufRI=M;q_Af+3v}xtgH1a8||KVSXH^$%Wly8 zJdMx7<_cPEhk;}YT5o`lXu;&7D4B*w$Ox7~1M{acE5%Tt94JF`)6itQE-lZSZS?D2X%eEIRD_2db5nFQJKS$f6Nl zqxX4QLscBb%o7+HD=|UuNb+l(Y-@Fie8t`h7D-2rbAiAWm-zR%Cy$S@vsAg&LC7H> z0s9Da-&cr;3K3HP^Ib#cCpE!t-wo$Yyqu>ke8fkGBOfbg7BMw}-0W}XQ7vdjNOlMz zI~!4-0eE9F(r1mP(sf1-4N-cT{Tgv3d-qtt$d^y2Iovd^Lf%%1eVR%e7I&1U$@AtVC$Ilx2o}>Hj zE=sanHet$}vxyH{=^pQR@rxBFj?F}wtMGfzGk30GQW7m@BNEOi1Y@7>Ji%x$?|0+3 z*@@wVViTZkAkw z<~bzP*hO^ORxBPk-LPKWI{Qt|as&-%uAhN$71(68NPa=5E`S%^Sw z&))%~OCQB;NJdhsyybIbBe zeseC8Qib>_MWVLP!I4|^)4@bi#!3< zcrNe}suZVLg(IIBU@z)mzW|jH!zYrDL2sqY6L|9$Qdckm#vx}HdqP;$)#${8FHuXe z(uQDy;)WrAc=7=9UFRPlJUkF(7`x zUI(L|O>?}LfhY}C`$=3!B5Q8$x00gFs))#;CkAKj%=A-Z8o(@BaCXokRUQ_j0Q$0T zH^ZL}YTUdbDMAnlTce)8MuRt1f}m2UZm^m5Tl3pHHkoya_-=@ z)9H++P*P8v(iWO319$chI$j4El?qdLBF6*$uuEo6)dw8gFUhWtNM*0xRu=<}_(0JV z6$@X=AlMV)%p;O7bsRvt>&Vp2j;h_MYgiSd^l$Jqd5UP64Ni?tmD;aEErDe2$(i~? zfH5NvGqWx7PSu8dwFIpLy++ce+~L@sq|1c)mgyfTlXrG{aPK1`dRqd)Z58J4KBjf; z(08^gV2Rnd5mSsZpeO-!qs(v>VH8cfV5@(Jtn-L%MGZwdsD4gYql~Jb9v@oa{z3{g z5QiZZ=u$oVin*jGQW^812{ox)&bI_fKfJz|3WTKWQlqt0Vh`T6kG(5o3Vw5O3=tX2 z^bR{rO!;c6a*$|czF1k$TEvp*DZyD^4xe7=((}Z$$0ZA{%Dkc1|t=JILrAEYaOA&$;L1 zh_g_FBO+|8$IzjN$(-#$I2TJc!!#}`JM{ED?hmH*CP?GH5p7^mKP?fE&IX%t&WQ2N ze%Mx2ZAipWX?jCq}&Al=>n5Z$_ogykz zj~T5FzEaw~XNt4&Bg@msJJDUpCn|*_H#< z98E-&7p8K3oX0&9)Wm3=H2#{FKU1)~nwdi4U%2;TXoD0>;q@#9k0>b(`Sfwo8v;{z zFf?H_T9SI_4HmzeYoW(|ZpW!xfii%L$eU=icxO}(UP^MGmix(lyBG9k;p)zb2_r!#&Jqe3 z_EXf{zi(Vw4z{Pv&Lq8TIMN%x_gt(Ka@!7Iu^T>-t4~rSNN4WN3XQO$IEqCRL8L|o z={(|tNAPX-D(^~7Qe|ASn8Vim_{Xo%#~;dVkjODr$du$?f+@)|!7zMD=E|ALEF84$ z>a!HY#>Q4+@$o<-~p|IFBlmL zY9R0rHFsjrpeYf7QL!u7uNFM?OBaGAV@MsY3=gKay&?d~REHH^oU|Lw49>HbT4mCU zvV4+b(5(mAzoTP^fZ9}EAeO4Wl27S-r!0A9w$$#q$iYz;^Va>o z#)6?j&-<6>(-AjY=^yw6NUplb7HDVEdr65@?;&>ig7&jaflo(_8#dm%I~X-})Y!j1 z``p$O^;ZM#rz|3#&br@w!XTDHUX1pf+{b41fIgV{^^fQ10FZKUmQJ3W#R1V5=ZC8h z?>i6Hlg$*UHXh^F7|Wb5O#t^?qg-mG8mTqA`?{Dpds9H;0&587`7^*;PIplF6f}bDYao%VoD4Hhm=m&52feJzTiDEVShg+vb_q_ok@`cc-^-by673FTWonKR{YqLgsz({x= z^OEC5sxNPWx)^eXn`zp%FP4~2>**;jI}9BK?Je6LEB+1`?D_K7;>;zPPOC3nBODo@ zx2CfB1@CL3rSxc2RW5LuY(t;(J?FkKl*v8=OrgczgVO0ox+QiXirmP`xyl^t# zx@c1m9UcaIs=ZC>?6Jsljv%P8(Ckcw|B{re5@SD2b1lpzox=duT>xu&{P8wN$DaY# z!eIKyD05`aPJL`2E<^lpbo2ODANq=x`>YMW8g%$V6rhUXRx>TK;dS|14hvixnn572 z+apsTzMENH)0ffz_PUjK4uV=BV7W48_WNjo zuL*cvMvVSA;$TnV7`Rhhm>l!*61&0`4-Z4-RySfw<#ZvRywEu>$(*ue&q<2iVd+W1 zjgQo*lsGv49{IrY^{w-N3i-n|M#Zi(B@rz_8e(sB8-3Sw=QTC4?1lx0qOT57=kNL~ z=Sgps8jc;ds9Cf1*#oSZ_Bvv6H8gZ&%fpA#_*%=rIaFV)+LBVeL-k z=Jm02(VpjqA^ma^(8u}XgCv`yO#9mM=b5AM<1 zUwia%KV`U6G*|ANfKyRHZFjw5E_b(4eU_6gnZ|jO;n~USTCH$*_;I~a2%L3wPC~P1 zkJ+ydXsX_1SceHsBA}2ql<}J&^{`_n3Q99Y_2|wj9?edZ2^P>PXWv6ZmF?EP87(nX zrvdYuJ;QC?3uR9{No)6d$LJB4RK|Ld{|2Bv;K8EH`Ac-v=}KyP@E7Tk~w7_a;RD|ra)uq8rk8l|sWQf>)t?D&j(!ax?TAnsQUu_9>)tKE~YZUy?nQ15w(;iq9r$jh19UN4wxiB=*i+=gi2rA)Qh*(x8do<<{S|l9SvM!;aa{z!`Ft zH6{}-Oqm!9t5K0!3Wbz0{VKkMm5t^R^4aqbheJF_zn7f3&z?Th?4e4UMT>!q>LlH7 zSP1IR%{Yte2DN`+h2u$4^upq_O4O->WTWvF^ip$3>^71v=0|`x8GX0O~d%7^DqJmIs(u38WthgeFT=B*d>ws6Fe-!eZwz<9_ zDQ3Yamy`*9vzGAf*VKPYv1w0)CrmCuOgZXuc|>Z}8mm!%FzNsr$sEr9Nf+qCs#dRV zz^MzKU}HYzND$)5l;hnPB4{25*Ll4D%HXI7j%r-UmHZl;62KS@^6o$CBM zQF51^?p4pg%h~iUYLm!vlN-cZqq@@;eh(f@rPM~%)6-L?cEd5NC@)XW!h*uc$T)S} zN~q-S;&S+Y(@RNDPrp}~tywSjJKy(eBzg<=?%sGponpmaX5me5_4W4XsAzK1YGaqx z{43>&vR$IFOBA0+aZ_=^yZljd|K2Bq{c`BO^6sqnF*SX@jib6G>!WPx&EKf4zbeJm zisKr}-!JIdy@ai5Fn)BFbYSqbHZ{v}<@ zHD+P_&h43TE?&1d@gLql4~g^Us0qtHc`ZLEMf?ec_;J<`^Eb~E4UO_A@*{X6tTnm; z?X?BthWtw(<=WgglWN;93D_RW=Gdfu1!bg7QcY%R`q&?p7%Vn6woI+!zi}cpP6p&)xAUengcw>XNuhFROR+1u z=FBGd$YUvxV^*&x>PkG0>EGSM)oquLCyxAJ30CtdtT!|@mI7s73Or8WGgkTHWo+-9 zy9G?w)9%Scn#ZU-aR)zrXKR;?2$N}nXlwv^zT*P5&Y^Qls6|co-9DcHZ1o_Vw8ncf!E2N<7rARIP-flu%N(}9uSz_pU zw$}m^S(=YJuG0J<_D;MToSia+dvWNN35}}7DhEvKcOvp5zHLX<6=U=moAOv*#^UkMFKbC$kBbiuiade+TQg@o{(g;h#pjUra&DkO@`- zK5+O>9}@2@@Yp<*K|dJSKlXReH+Zc6au49U&a-U~y7vY))1NA%u@?|`@OM-Sx8lTL zaPJpwWv~e~yCR#-JuV_WD!|_q{^te`KVj#?8KS243C1LNFdF>vVRvl{(tTEiJ6(D z>2y1elWkJo1^*!Ro*O^8W-|%sGyX!KrI*k{5lQ2WZ177SUahmtkJDqsc{#)oMJWEU zDVK`yq9Yi!m^#Wi%^Z|GJoi(BGQto{nx&}l7f}3Q>Pd&9Qj@LfFj9y!=c3>_c0|iJ zAn;0Gtdm@HmPmR(*Zlh=GmSD-@f0}Ft;Fa!^YQVkOKYJ#q>i3lc?g==t$BvJA@x%w zOO8o|T6fGFLoV$hCF|RNS(eR6eHQ z;sj~e1s%E6MA@SBu0CXW8e{x(juOAO`(0Rq$hV>4)ehNyYS;@!~Y!YP|APO~S{gixo5Cu8^6K zKytm=PMVOAu>Df)|21pN5vAQ|9`RqklmDVgtV&8lh)4A9#2GK&Q_tuirEn881X^f$ z27BP?r2C&HF=P|Xj2^Rv&$12AS0hQ1len*e$8Zd$aOYX7y#krs*NP?U8iubR-?DPS zbIo5TG6rPGtuu}SGvNM?*^d__OgcjOaze#{&PJ4fn$*ZP0FP(~^gjwE5A_PseoPy> z8MMlTxB&doHXzF-!;9V6+{DK!r3~E?d1LKt# z6-f`oNUWTS_WPH1KkLVu7QTXh%7c8O8os#^2|YKmLwJ+ggE_3Z?;Azv-MMxRZdVzK zf0nC_qA_xw(r^JXbrzRfjFvw*PBjMR$%%gb6j5My6s5qdVkB0-LZPt5gsr`PnjFN@ktlb`jqav4tQLmBAiN3fV5&Nyz8QI^B^!jFBy+ef<6O0aS$F zZzsuAAf|meb!$90oF*kw03vBos>vgDa2djJB`^zQUkqZzY{HgUb4x^bb`pkezuNql ztWQKjv0jGKB1?`!r5VPxPMxj7X{fMEP_S)QZ-m zCYNg6P3mDy597pHP2LWk$W-n23`8 zEpO}|S7&O`KC8Su+E`; z90mY47+0OL>q>hjj`m3gA?(7&Qp*gD97E9fz=FZQegtBm#J%()<+IJo$q15*6lb?_6PBLWpcE?+mb^238UTH#xy+dMsPRFX4Et;d!Mzq9&C`xaiLgTa>=9h1r+ zXOt9?Y4DD-p%pLfnrO%;@lNm8ZM73qXyA)HeMQfgv zVI|s7_IHj~q2@oQ4Nt$Sn*@TVL!HRbOHyWdho6_`my-5H&3G!N=H%~d{+7^_u#4Z< zh7&nl=grU~+Lgy=@73*7{(t^hjDxKZ4DPuabRCP|$&&#l`(zfi_eb4zQWiSrWd*?` zdn#osQ`nVwza)Bjdh#0j*R}{W-={s!8kOAaIZ%H3YdKZ^4OGNyJiEuoL5=SQbo$4Fvyy`FmO2%1p(L|TALf4Np*?JG z2fEd;ON7~nFGiR&p@;SQ@?<>B>3uL}22hZQPl$UPQF|WVMYYMY31Uu%zF-OunE>={ zN(m+xS2iv+BV%5~6qoZE=E^hht@3^_wW`r1QD)P$LXe)OYh7@_h*30;wK`97R_Cmto!+LD)N9O=bKI}mq5Fd}`Jt36G3LaG%(#7}6KG#zydi_E!Bsm< z2d6se+`Ue3V`Xxb+E$MBWn>FVk0i_Hr}$EEP?}NZhA)q6ZQOfPSyq_EiqW@Bo+gBh zXaB;`5Hh;cf&!)v^L#IOOq)J@KfDKg&H~{|V27b$?fwI?O68hei6#cDnTdQrRVjm< z+>Kr?WACxl=(JCyF#wlG(~s=?@-t@Mu_-;JL*7ZBBs1?7(KQ`%Rd z`F$T;+0Gt(qchkH^FE+su}nD_huvDK@wdsk%eh!@`h|y{<~mAG1i`|Js@d5b<^XVj z{G5dC7IQQ&uGj6A5h>E_vg6>3V;?6kryw8<;#8Tkq229J!$B-QF6ysTsv^Onu{?|P)_R&s z7-r|^(ubRKu|dV6(DXXV<&ANq(3o<|*xhS+qdyQKSbQg^tT%?K?+Jq~f_uUFBEF9v zRhDou%zp`Bd&k~qY$sSc@93U()Z!#%gD7s(zb8YV$f4oki(OtFwSL8#U4+a_VM#4r z%;CymBWV0$I)6NkNw2QV3z^k*q~#PA zf`aoa2iV}Zu!YlrC6f`vm~waydqMgdUr3myYRDmC|Um&|pRT>ljw+_p}p-$N7}_Afp6JmsgERfi``hTb z1_qwxn_A!v1N3FVdq;g8E6c#yyQ28$URABNE#YyPw{)m;Dz$3IAagPz<_2c> zT%V$>y0yE;)*Um4~-nc*Nq^Y%^uiKSljmMzn*D?F zi(}l0ga=xW_IGXfdu(EX02b5N)V2OvrNaX#@=zEQ2?iRv?P{knib)K8{jeon1i5ly z1V2s;`7~Bx1P*(~3I>|&&~Lg`+HL}OJWV%ycZ+SoYcU6={db7#zLWRYK1eqU_i*0d z&*|wqALdAtaBBIqn)Bu=N)-7!cyPSy3^pBAm`?)LP(cYV2KbjJ$D zBHu-cNa+zHfmFOB7<;l_X+GeM-7EB0Qy0x}~3#=|2&Q?!-vePf7Y%8E~u}0|?*D z9@qRyw@qR3{kZQI|R*zOlOaO+ey1dx``)l&! zS7!_4a727@TqOP1b1|Ol4B*mlZ#t`G>Hg^^mDOd{A*em~_WI*!bBiYm(V`Dxu%#r- zeBCL2)?CY}Kv_VMSSnry0t{Jctbt2;NaOuR*m~WRz^k`!(fg;8c z0!W_qmt{F)!9fTf2ocSp$>h;JzKQQZY(3jrDwktiBeh&x*oMN+F{}nhKZLh`CNsL~ z%R=EKcic&gzr*b4(IvAH95lwJ$aiVbqqbH2|TfXnP z4$pJ!x*g9oAJ+2?Cslcj|afoIkMJVUEfu^w|q0@`4L(fEFuNoN3 z^h5^AAohC0&-R~bKHr_(rg7nx6D~eY&+B20jGceEM^Qs>952yz?rLpT z3Zvt#Ua_nEhi*I{8the3fetP8+XBK$il1E2SQa^#>bY=Hjxw~BR)ktimN*37z`XQ5 z1gltsvN?6#mL;vMvN55Q7nuilH9e&k{eUCXfAYa~&Rs@`#FedoB=ZY$+9wfm3sQ&r`rn9J3b71Ix49n)9F9 z{_Q6AQES%^J9mpch=9XMd{z2d!N@I6J^OOtWKph9!ta9e_xM>i=oNx7{Mk4P{vt** za?1O~qCxG81>t{37c9nOVPM{|C8?+h=YpqALYC~Y@qjfLJ+gm}usoP?Zmu3UP@m7E4 zh~Ywolk|6m{2j_?=Ybi@J416Y!MBa8ET*?c&Y)$^?3d z+hsz<-LhPMg_a7ZaXu;|ov>`g_M}FIo!|^KB=hvo#jPx_@hcxK!8o8Yh3EZU*4q6# zeh#uLVZ3r#XozUTUTD&ud6PGI!fD|_$;Z|PItSH-jm!|c}`-<)5= zY∋yV-!cSGHoHFZ|}Zt(I}>FCS*mo{d*ia&rjRa^*So&U-Y!XHeO7945Xt=$@a< z*;cB8ruu+;$rsa-?un@KeBGDQaF5gcCj%r_^ zV60iq>$v&HeO>;g$CIFT7YQUJc{SQAQ$f?JjQxt(;697?l6;%Vd2yzM5sCZ53P+kKud%=!KTl9hT_pOa}?Ig*SP|n`QU+ zivAf2gifo1=d>RJyH&QHt30yCcK$K2o~fGslR%*H{X~Q zOf6EkHf$xy`F1Dm?A=;itDJvL;NJ@h?w`aJhj+u3 zeeW#jcTdtZr+4-S1?R$Z8FX}ocMdLve+ME(-alPQqr^`xr(m0x@dd@iof9H`?_+HN zoELhA^-KESmI%Fu6=p*@3$NWdtW@st5IH=f)c=7oZWds{;^bk#vS?bYY0NCplKzi=ASJFJDU}{ zn`ph@F!r!ycEstM%xqA%;DA4@X4J2lZ~NOo0Cv2y)2B^dj)AWdVK4)j=#=K2Wk+IY zkLE@V3SYY+J?T}a5FlfU+$Rgn2DqSD>88}`hmi|kc4I6&exIY|_*uc=;&%{UoZwhS zfb^W^DQIm6Ppn+;2UL$T|K8*piP^}R+t3rgV_pG_0^Cbbq!8AkaC1G9-|hJ_V>*`r z{XYv>2!5;i&}ri9)#Phs7Rvm zodcYr=Yy^`wP&!?_sPNsz7OgNXJ@GT+b{MR*Mil(??)tt1&RbDMl9SBa)l@u=H2T| zjoJOPH5`mR{Ff0>ifNwe8$(3Gi@3T6_oVXxdi~?pxt-g>E4Wjibo{>Y2Slob*2?!z z2H~YYn{EoYyLETJS9f&ejL*)OV;^^iKQw>osy3&LU_ybnYR8ee4553)(zPVQX{Jf7z>pS}%!5c*o#3|gKh zI%n=;;_3KW)~#)rNO3Sxv-$a9M8d?H-E4N-^|5z*<-4gD{)hWIqnX-3+1w}B!PoeQ z>zlLMr4zVlil?qv4UpO3lOdKQAh=V)VP>e38XRMkV;z*rlt?RA)Gc?kM9?$7zf{5e z0Bnl72~u)(S!TRUwC%h^Z!BC$860$hsnCeouA9SfR`kha=zg2;K4vOsL1a3hC&{Ht zqhdBJ`n-|2@V8HRr@QAL%u;hK-l_JP;u_*0U7=cnWIUd>5Whu-hsv0&dtF=?*_K}7 zL(wsiVrZ!r!4Tcmp7#bMku<}@05&5W7%0$^c=C(mc)?%GOH1@`zXAx`g%58vS{kMa>w&N z!`%+QM(ZzL9J82=7Fi}GjB>=p1;Y?aQ#_@mv$xOKyAqu916Y{%_H-wgW(nXi3taN-Z zL)pRO*FK7iLU-JZS)JewOQ-&rH?D!McDRdC$J==&N?zL>y~rw>l%CIgqsX2ki73}P z&ERVc3~iJ+c`c@@#$L?`gW|p{d4oftz!7XmX(G@ceOw407PtqnMdNEu>WMa9y1x2A zR2$3$5CynazRY~UDe~9<@gwzeyaMK5D*EE# z_YarBQ0Nnbj@Mq2@ab!~xCq0396?rZ&a_%j@!;}nOPf>Rju&V}9zL9l(l=l&5IQ{t} zusi&vhRBr~8mqyNyty52wktPq-~8+E+05JphVvGryqHmt2yszp{Bk@w;bpt7lqzsR zsQkw@At0^p6{sNG!r>q2G?~QXVL$2H{CBZcbX$9@MC96An`@en2VqX97mxdNp={TJ zjDb4li@i?&s>!T{?d20#raV{Tw1B(KmBP-!39s*6BfQ{kINbLGqfN{~mGh|YUPJOA z;(h^b&r5sHWpm2uk13*FGd5*)UqJ$oG#FU%hhZg3NiTo+MkzSbvh$~Nw}*!<{6_EM zL{U1jfeVHGBC?}syJeDeZ<_NKwe5haa*iZ>Q1Wt9&V=zJOF+L~TUgt6>@qfmq zWF1zCKe>!cX%sRW;;CSy{`s+pzFR3E+kvNa6ws0d#YRAprY+$qC&{SjVfeb4@JP27 z1f-M<&}8!(yxFrLkyXDIAgP%7ICqnj^l-)r_BOYDsuJY23te9k;Pp7OL#8qwjx&*n zC;S$Mf+v1pG&6J!BG>e^&mHalybN6iVJ$JYT+PSrtWG_&pFIxzGhaQiT2awwP;vqX zR^0*zCT-Jm{AbSlaX(%kxVMWJbXc0|{AGwS$fAVpeh$Hx%YH@W+Pfi8r$p0fB-ZzZ zYEEoUVvF0(l$t#hFL@m3eBHy1BdcB9JvK*u_o>`f_uiaaaLs}qClS^oPz7PVG2v3j zRrf=AuMz3525YteVh~xiE;3nynt9{q*8qqgC#~*NHe+?_(deGaCo)x>$m>-J44 zV1sG;ulJ+5k2C4Xr>nq<;L22!3rYs-ro*?-Z!4PP_-R_IsC!-ii_y#fY41Fv;q1CT zE=u(1gd~hHdI>{_UNRF#&4?ByqIV)nBBM?SMzkSB2r>pyCIm4Aafj$NN<@zyy^K+Y z@J{Y;_xs^p@7L#9_x0^s=d5d8XP>>!`R)HHo8Wz=wS9m7NN%Y&ELdjY%xnO8^>dHs z$0dGp|JFj6g-^Ke1<5X4m8oZ%Q)M7b}Noj45m{Vhj^rY z5;nTir5d2Twp6JuQ<`>%VL<)nv+1q%y2@MrloIGo|DS>vaYcU{jaAI#!y-^3?|d+c z@|^_9d)$oD6P0NV*d1R0<}1(?<{^^0mwNGzSKV*80`#n%plq9Cx>lsAw)_P=z-n#V z)RO0pRonSJX7W##W1O|jL)g2~2EGZHI9Vof&b{bd$NbUTTJ%1w(6Wu*%T(G!d|t&t zJ+BT3%$k!n6bed8@?j)}nUEFr<$*k18=EA+LnWjI6PtL{J)RXjQ?*#pNOr^jk@oou2$AEG+z{Nn+?6#!5}Ctp)t>NOWA5 z6%>XmFIBSi2wE|T1Hn*otRR@_izomL?MSv6n$roOhsKiIf(Er+rbC0o+qF_aFgfx^ z|E>DpVgcz?<6@Xd+Mho4%%r2tJsXoB8I=Z&j!O!`(4U@*(OET^u(b(C{c(y3sDs|- zM5~8y*ONH1PlSnB($NXgitD4XE|ADS6*5}?b&&rI3zS!B#bM%{TliBg9(OsT#ZW4U z8z7u>i8)ax-Wk0r??(73l%@wlniH$gX9+E`juZP?*{s zLfN{UAGuT{fMC}2rX?em5xpp>bUlz&jr%vt@JBH8$T2vJ3Cw*LTQXfv%$j3O; z=@9tHY-xe$0*!o(mg z9{xiBiPU6n@T{l;x0&!)tgOZIjSihO@y}D3s-$owLVN6NyBoYbxo?ia#R1fB$}7*BAxxNMyaR2)xZ=Fw`KG zj~g8K+9#&SFg)=Hj^Yil*l5+r?i*@CJieXC2Ng-X*X31Q_%c0x=evzxYM-m6d&nP_ z5u|W`<`pdAu%7~|QMv5!@>j-ULxjsRg_${Bzz!*F(+^Q_DQoOP-n8~lg2k|>rH zbQPpgRH=0#5)R-hGTAL5T`W zI_%n75OgVjlbEEGqj8wQ$%Cp&t&}a}Jbv>ishJIjwraVe41yibPQko{+`({#0CUwKqW|KVC;hf=uCZ(S;G*-veg3p80 z!1cLm^rf{wa)k~i)1vB+d%ZjF=6Ei@q!nxO%h34{Z=)wPRDrR=il7F@=26Z&o)v1bO zc>RQs8gJ-fld!A$A|E)W^PVxxzQMFyZ|Jos1I%K~bQ=6pl11~CpWUfwQEyHM@}9u% zm}I|m%UjKbg0@kn4Y)oK-Z3kqoXZh$DAiU%oqkYMTNINW(Rf|=_l~QE73ZDwJs$)V zDu_MV7kYYl$ymja(sG6brkR2eo$bB!k^-mpuuD61A?Mj@)0gI(ZicUEm@jadyQFgmg-YF~;Z_`KAvvsmDnfeR#rtm=q08R zaiwDR5%)>%p$LcX)102q>M8ZrE9fp&4gVP71UI0J#8RVuU9Om+^^UhuC8#>x04e#x?6WTNI$jTE!+Qzq#|?EfjXl37e)9{W^&h9 zQ#(!UM!QK~$>LW+#o`26aNXKYa=`~|6)79OCw*YCkBYqv@^FEPh~Jy~OIIL*`uBm8 zR*-mKy-r6EmXhI^TffYccaVqwct@REW+JP*n^HcnE{dZfG_9!Wf>~fiq%+c121GYi zWaH4q*+wKBIa{Dl^NGLAvx;$Z!xf==UK+5&s9V3dmfY>kdOv4Qw`;3kl*QIwfjyXt zyf>x1ufzX@MAa@}dK;Q|wh?^Vm80YUTAD^weM@cdpN{Tol=YFAc0G$h%&fJFv*fg% zW#hj!x=3q=pV4fQ7NIjo9gL^DeV=nq7V~aC9j5pZ<+XO-shAMa@mu#k%)e@#8~LX{ z;pv8Va`d%DbY)&>;3pNy>&Klg`C{e}%w;6$BDY57+w)QUUII)1{Kj2l*V9hg@v_?V z5XP!49V-VmI3^A~PZ?j!R3C~yFnCJC3XRrA2D;o>ihF1@qA(=o4uqLK-T z6lzsDJF8Z8FD-Z88g8EZ)N#eVka}4P4_TVU2Xw_!)E2b9giC4}rFn;q_3XAoV(`6xLqHeQW zPcy&1`K~SZQX`tk(6!Qau-W%>fybl6mRpS(1-OT%n5YY z_lPD_{YZ+jdqS*>lS4YU9jSw?nqNd0GcnRITwBS!4Ikn6g6jp`&2aYTT1BhPImWfb zq1X7jTP*gDnU33tYGLPZumoiW2faHVxnoa{)PgT_fC4g{S7)8EG&&v(l z)QXZJX{w^eQES%S$P`(zw|+`TM_J7TE4zsH?W!A11S4mCl=x(*?2UjmcYcMagzGcU zvLaO9B%G7jN&=NkwRx_r&6vmdDCmZb2jlI;j*rMI0xEfd+rFSyN+{Pyv!$7(y|ko- zM%pXCzLA*RavyUER3N1Ar>pcLX9PGuVxFN^qDQ{$Ea7_MRVZ6L#`ODrylPBHgn-RxfuW#4IJ)<4@0BE?*^X3r9lY?g|@cm@~gVPI@ z2ACBg*tk?`cM9SL28uYLg7t<;YYry?U3sql$H$t^**Mc^B7y!;Jy|uPQ8nzM#SXz9 z|8OpT<-_JLd-yH&1c?qp8SQ}ESa@Qi1>JGz(?G62%wwpHd>6#V3>Pk7(ahBJeoP@S z;3*8!_Lz-gvU8Khc&i6xr8r}FV(myumkiCnW%RIt*cbVhhras>_=b9NEIW6@mII>s zU9IHeBTwg5tRJ-ncCMIozi-l?99X-eRyH&i*(>%&WZzk_#6wk!Nb1Gc*`1;WR$gCSnbvMHVpIH_b}<)$?4Zse3$cRp%D&5&Dd2kV zS=94A88hvV3F87|=LGI?_ zTM(IS!NYn4mCghhSN7oA*qsXyhg@$jjd0yqvEEc4y93Gd@mb)6wT&hM!m9O(oQPph znsY_%QvUkWBk7-k%m3C&(@&tzS62`e|Zf!uIanVFsfdvXu7S5Y7p= fu`y72<9lkq%=U#Y?AEySr=SkGcQ*-T3y!zJ0r! z5glD!m6cXmdFq`0oltpMF+{j8a3CNch!Wz$iXb3hFrOby7^u%4$=0r{&o5XzaScZh z5P0;zA5f6gbQ};6NPG)rbtiQhX)Ysx4ZVRez|e%=&BpGN8w7-h-_6dz$jZct*wDnx z!j_lxvaO4h*ut2XRPDPAql}%9iMfTihl7cdhpe)Zhm{ehF)2SEF^?P9rvMuhCj(+P z8*5ufE;nA%f63+gZ2#?MASM16i<1>Eso-CQ#OgBg#6kcE6XNgmY;;CUtlx>*Iq8|$ zSXenZX^EK`nK&32IT)B&=$P2JSQ)vPnTh{Rq@UUxj7_-|g+>3Z>+=^cskxJr9Tx+G ztE(%$D+@iq!Hj{4larHyk(q&+neLN=&e7f0$-s@y){*SLBnX>08aY_lIavT~iT_G8 zFa$U|@sfU8`i~1XcK;D;>-g_5eFlud&A^U7J z*qGQlIezjo{fF1i9N+|SGza{Di2l#;|DfPAv@$aP(eXdE#m448Djc0eTt40ScR>E9 z+>Xlbb|wspCXN7S2O|>^mrpav{(57_CFEdY-~@0`1^}%8YoX--%Vc69p}z~mN&HRC z!qynz>PYq9=9mZ@IGOO0{vD@dXWAN#-g^huk34@)j87c99BFQBLum(7M zD*m*N<-hk!2noqM08A~cKL;EY#eNV=hzPMUak8<|G1D{s%Ul^5E(u#lCj(m}6A58n z($DzNTUZ!#8FCsJ8kn%L(it-vvC)~Zva-@~u&}Yv8L~2QFc~qkntnI=$KB8Q!T=-Z zzgh5K^Ns%x=gT=*eC|R6>;G#xfA{9!^x+b>aQs|Y_kZsmB@_F9x2!FQ|CKRZ21b8( z0xzl2-xM%0CjED}#s75#{t@eHZt^Mge~}meusH%uom>qZOa#q7qxHX&dJLcTGyL7Q z|G2{N|Mv1^9@t=}sV*6R=96k$Lwcmji2&nv%gs`BpTl!gs zbF#|(qTi;YW2>3|QQQR%7sT-emN1F}gotu~qO!nONCb&y0q}4Yd?r&j;tS`7io4>Qny^@FOxh8hK-5!vgBF z{|g@8X*`2oXO|WQ;=d@eD|{zpYDxQyVxjUDzcBsTwt_5_qrKJ))CIb{Er*bjZ%wPyc6rk-a&Dk`e} zfq}PehmUKx0G(g)YP-V`k?(CHPh$G^eW7Da>VT||Hj!x{avoR_fFjOomzLPKiQ_}k z_Umf1<2gdeE&~v+-72HrpRjkwv(QDePi6M;adGBr`LN;G4DWsW zU*5%caJ8z8xEt|70Fb&z8i)?_FMU6FhcV%mJuTq)f4?Srpuc;D?;N`|*8Wh!$MnorhnSIcz_1`t;grg0Q ztQMwQ4N-3vEFh2Sc67#m8u6bMXy8I0>>v`RY<7NKdfE3PM&(Dpvmp4Tmeb0)qciUJ zic86KNdMS&(n7<9K083C48Vsh9LC?)LNY~jvSLxuQi1lKxbj?c=-!awpDrxcr`BQ7 zT3Y7d9-(|tJS}0)4j=X)H2S54=Q>rN7-jVAkx#TNknx3F0SxZrz(XD4#HTu)s#4+Z z{f1iq^^f~2VR`q$8}w3#b)K`*jLzI`rfh^{{|KLB9^)Yr1}17q-tS8#oK;-yLGj>WDbUJBZ_ZpS~G)mFD&f2Aerw3#nmqN_%jgZ3YWbe-_9 zT7Qp2ybUsotb)Du(SL=`^JiJ!@v%Q)JLj4+ot_f(d&}9MTumGgUx%u*8e%_NX$TMW zblsM0i6h$()4G`Iv;xfdrrxxjxNBtVHcdWNt8k02q>=Fu9P!$cDx9wvan_z;--bB~ z9bz9apSEZUh%Pu{PniwMvD&Pltj3ls&y4eD3I-!hlBCca-)Dq-$Y^bGvAnp>i+~1r zjVF7(uZRGVrk>9s=d2f_eiQ6E{(Qvu4vB7chFokJ8U?H_D=*NiBlo|y1n@z1Qt;|_ z`oCscxJ*A8ueg@?q#r(mr$i?VmaD-a+<^DxVNY!KH9D4*XLNx!KNTH#MoV==cO(gn z%CfBon2B~pdmKoCtaYE+B)OG|;JKVXe@4q?`ufj+HO@Rz^ZhW7*@fgm3sS{$g9Tfg z%lXdgXE4{V5oN19Fr&TCHivEsq$Ffy_EXHVyv>^j40CjXqm)auQ{?!c_T;E;*`wFO z+00k((dYKxIGH{$RjYLWoXnST)){;s><^wAIe5tCV6CCjI!n|K)+u23e zwX+gww1b{ATt}#Uh*s8RvaB)hUtzsqsbLM9L(}`ezk8h{$aqzP0@l;U40FJo( zHN^DyV+6YJ(r+Tqj5&nmKnKF-oem#0op<_jfk{U2hbg-aj~5zo&Nw;%JKJ93ZH;k&%l0#1VdDR$o>%406YWkxZ5m3|@zAYhN z%UJ|iVSL6I)UJUADWzWHz#Cg+NHV)W$tc(DNL_q*7jBY()zzVF`fGK}zq}Ezu`5xKs>Bh2aHWX96 zdYj;hiF3cgDvG%=5(7!;ho*6jC~&Um?)PH)q*F8tqum)gqURMlpq#8T%Ri|qidJoR zCdo(Dn3cNgv@Oz|m`uk5 zzQpZJMwdYnk<1yGP$sw4+Io(CYdy^xR@bv%bMeY|y4-_9vpvM1RITcrXj=!e2wGiS z{qZWHsn!HKV4*uMFx2@r_3QWBALl3T8Zc0Hv?pVAn*}N4PR}Of=oiR0M~v=C>ufuF zU*es`+>fW>OHVOZo%)^oKbjQM8L)x{OKk4+(YNzu?5S6C&y%}8c+b~emVN6(%rIpQ z=-;HTey!d~AO=l6gWzENng+L$-&wZTxQ0H2R9YrETX#!_uCQ9(TcFD4QW0+l+$RH7 z4WdLJc26oZUbQM%!$-rZv#R@DH%0IFxT-pMo)pUrdOF32Ya+9apc)k*OG+((&pm2D* zvD4)mQrRF;09Fmkxl*AX#z4}ggG&QVQM&dCC; zDqTQQ#l!kqFp8q}pz~0<0@|$ZDoSjN8aT)c4tzI!De0c@E;84A#`xtWrOd{Ui2o=h^H-2i9xy^tB!A+&F+?ZwJ;P%5?M zHeBdTxi8TRv(GFJC~$!)Zn+n<_bMIsqP8!xc*M<57+gj&rdhiu*h9f;l_ zzQb&VloiLvcME}2g>a4QV=1R6V_fgN+-fn;Mh+~32KfR-hTPoTBgGbK*fvT&#mre* zx6;$Exw)l^WtJGL6iz!E*y&1J#{-n1VIFax$>UV4l=7S4(&U$OmhaEv;%DXXuw1Ei z$^1*)+bL$JZs%ahCgPmMJLHrr6|lzm==UA;tv8dy(9)Z)pZVCnQO}I_2#%G#P~3o@ zJ|En0$bgDDpFmzEHf=S!Nb6PxzlA$HBCyT}58Nrh@*6sRNxP+{uIy?|fBdkZqZ5%DsJ8-epqC^xR5SDfJE5VJm z$<;dLw-)In9;?-fg(`P1_qVhQe~jfAEnV$<*1LI9ke!H-xITbX^G}HEn^789h=Efp zlkE4$4bdO^Mpk7pY*wnvo>g#&MiTawRUsAW`-6=q^S#N@kn!>oG_4{U4MoYMu-T;Y zAbFmVwuJFg9%3VT7^mMi3EwQ9kh^wT(36s4@^Mgre>oCHdo&qvH#G_SO|?VjVAviK zGR}>{z>VEWCE;o-p{N+A>}gxkzFu1xvYW5%6uNiv;D6>*6c!SKuO<@4`&1Zl93z!G zd6r-_JzaZrD&las`paRAPO)L2=*BWI4$a##Ls(2~tl4H74P!;vCCZkXluZIVwiZwx zD^5^*ajuI-;H}chOF)N;`7GWMr(!Ic)`~{ZA%-L@CRGVVG%BVe8QRPs6&HemUoQ`b z8(XmpE$MV;qT%*UvscnNVUV0=Bz*#roa?#zEFvng`b*VFy8pcJ8dJ1&5jl3bB841u z&4s6uurP%lS_z)244O~+H&Rm7q~RJo*ROJQ(Z=e1VV~-Rn0FXPA;YO#P0{mhtDEp& z9&AFR_!t1b*mUkUBEv0J&mkehGDYGel}g6KyNaJPWD@Zs6KfIM#-3XK2n**w2C@3L z--vYCwcvQm&j9pL%R=hie2Z8|(5Z@=yuMC<2Ip9~{^uM%ef$a^329P4IcY;sWn5F6 za{R4X)7bWrxdy9mWq*ZMW}XilD%FZjNrbh$tS~)KEx~Aetwtelyqs|PjLm|3Ng8*R z_$zyKgl{ysODttr*H`Q=4^d&^M9R?L6Z6vaKAem+6J|qainS+7wI(Ad7QDs*$`zU_ za0$iVRw-REV#o2_FJ#cD=8wH4RycT0HF8xFm@g}1wUA>!L4@Ow+#`z8vt;uj9isHiFSe*7lOu zhAkpd(lH3AIqUc(7m?|}3zZfu0y;yf#9xO5iiJNsm)|XXL!+V+D_M}lS5I07++7+u zMDnj<7)(as3xxZrk_brU>IoR~R#bl<9d$6f>ec@)Tb10waz#Onr7%L4$b!P$>+KuTj$UM0tk>=qp=}hgjKIgNnk$sqW z=mz|LJd%jWUSmjzFyacmP^mJSJprnUaFDO3t|ev#@id;Ol#^5a9Db)F-&v}hc8S=& zmv-r#$FY@#N_)Pr7(>!tvbnpBPDFjwFwKNi=DS7)@sDFdW)6_ppXa$@!&2c45^o_Z zxrG&p;kL2Ve<((+A|)m6juFua2ftO3O zKa)BzQ8#At`8P%^MvDC?2`Gu&2>aw>!rW3F>5hl_n_MZW+;1Nl+3{m4Qc|l~VaYuU zO0%NJiLhOa*oQ2_xFA#mw2p1wzp+I;oRBg;j=d4iuHx|hLP<)xxrw2{XcqA`eVJ53 zLgHrd#=Jx=KeL&B91S%VyQ_;#KT)kzRQxXG{;!?0z7bemxripa&4oLPv;PVJ?sH_l zSMO{PEPI|vKLwF(RIKHImE>Jm)7Q^s_|o1a5!5hFZaG8Wk{>2-RbLOIxcAy<@4&*P zsVt@$)ylO-$|O;uSg~r&+2U1?-xW{m%@35PXRx4by37xuqkGD+xqH4qusF)nLwl6_ zygv#VUM({+(GPtkt))C&uA>1+1Z&6U>OM=#HVc2dZFP#88Y@_z-Cy`+j;a2z$<-8fyQh7|IPYmyc`UPy>|Mzri`j4BDK1a$3AJJ7pyt{8{P z!NZ}kzU*-=Mx{(uV!f#|wy;1*q|%FSQTVG`6SB$WDj{Uf{VVrOjw)^}9!*_=ib(#* z+1N~hDQawT!*VYdLnj^G7-abE&Y~e^tcOtI2zNrS@Z7D2eW|a5awZ%Sddsu(LY>d* z*-W()iG9Y)k2sP1(b=rAp@v?OJyX^682}(jHnxX!1g|#JSu>uLfCdv~F#+?lLUzK- zjy6L*iG1Ze)#zN%8%?yg5$-1;%?!=fPpaDAZEO(!Dl053YZ`WR+D_%Dbr|m%ZyFYY zal)ds5cTcz5^`>)7mG9xA2Pg9-k$aLT8luRASFyMQAI#%;vF91{P70Le?S?&M}ta^ zo2EBHacE{H0+$pP7m*+*6%=wbDwBAb=}E1He@}8>7b4z655FI{;4Hj19i}+o+BjPD z)+^jkYC}m7`#??;GTbRP*fsQdM!Yecrxf0MZ}!OjzBS9U>KJ0nHs2C+7q9 z>9VIvt1>kjy@P3CI(96a&7kB#A}Sgg={{aN&DirC8mbD{I0prh>Ld+mCKIoDuu`cq zHNAsZX?}>fU2w^bNjxd(j)LXqO4&Uw*E(ufl-GW?-R4ef?cKal?IpL9x)Ku@58XNpj)x)!NJiAB!gGBUKgQ%1@P#Y6NJC6~WqRi(FbO z_WTqQBUh=0n=b~9hi#Ri<(dtmx*uK%Kd~z4*$-SlnB`hsw;Hv4F=r#ET~ExQofG+(rQq$qxsmrulIhCLR$)xrwL^jE(69_E z1bRvGUx`6}zq~BZ-$EH7ApLMSoLm_w)1K=8lh&h-wiAPfvgM%kjRR*mA)(TxQ~w4E zT1dXL+)M=?s`f(?1b4(90&7%55AW(v(~CRx0aTu-9QgHF&Crmx@p|c{IV+GBm@tGC za?)Q=x^_F&v`X@IT(qL~S4$Hm4ovcmNF2r~Q^qEjJyew&4zDfQ&PpJd^$J1o=DzY4 zscZwx6Ai3xj(e>!SM4EM0{S^{!8TQ9L6qD;!;Qt~*%mQ!rLUSjb?UvKpq=i%Si6PX zCi61nM-9F+D~N6oh@w&D7E|xx2r4u&%S7Y|0m2beT1R!^3D4o6uL+Iw^$qx5SV#Af zf*y&rFm%73q~ZE~mfQOv=|ebPw)^x}jd>TWX? zb9t+eok-s=s=z+phHw zKyieatTNf={BoplXYU~zsRMd}c;rXNzqYlKpuC|b$LQdOLDnh~vzEiTf8vz$m@T@c zLx9e>bKly2GfukG%39#{NA}Jw2R6Cv)i7=I^gZg=_O1`Z)j^$i%8bj`QY!4QV!tTI zCgR;C6AEjX!4?1ph#Dq`+cDZPlm8x=auRqG3}KR9v3`K!Ivz@$8IC&_D4y!A>WCDA z?Hg@HF0w*1X!@V_i6ty@(B@i8Yy#3-!3((Mz0+kr_PSsd;^R4zJ4o(bJZg+@_#i;z zfoVLM@ukc`xy=Sc(K?6~IsSnvn+!T#dz{Oq+X%uY1g5ixh*L)kYYyL#?W9M6SX=zg zWa(HIdknWysmA)Jn`DLGy~FDj(dLxpn$O=QV`E$Oovp9NxzgSxqs+?t#Za64Dw zbg7cP%w6_WU=+obmwAgTYs#RGJop9#ho*S^3Y3^!Xr6`hf70G7v)gPs{i(ue%PllF z*UIBoz6fo;T8?@c)PZ~gJ2mfN+~NyaLRC_4v6@+YqJsN=!U)3UdM?>z_EKlp^UB{) zzPT4DKMJGR`33Kw3L1^*%i-F+Q`wM9WHY!1YLq^o&IlUZ`}g+01CMysL_k$k>^OW5I!;~k7Cj490!j1L@zZ%6QvVu0lQR*^?J0E&iaflg zbVjSnLELSQ!xj*u4aGyHWK4EmyF#Z9h;{%yu_r@JQ1paStUV4m~g{>PrHo)O)oGHrLKx=$gdVWlL4=OZsg(@ZfvmMyJH4S!NMnv(p-HKC+`|_GtA<2Mw9_X1Hw+ zM22>;Ikt(rNH$|{u0)B0J~LlE^hP=*2`uqEnzqT)Hl%zbF|W;VsoIlrAXipM+#Mv- zS}%@8jlRZZjN(RjNiZSb$r&LHJS8}2O7~7Ftpk6JW;OyY3jAyqx2sZNIr{vKycd~W8 zxR(yy!H_J%6HtLu!^Y_v77asZx!$s;lv#DcN&@t>?gzOuB#9&ClqsKI`8qRhZ zJOg-rc=1IBS-}Tp%Gt8hl3q=N{gusS>4;pt@pRyBC(E|l68s~BI$~EFu9@vR&s$K+ zMFej`2N*;QQ%0@)MX%-FpvwMV;UPjY1Vn(}D_mWnAiS8;MjI?0Z@f%Zx!Gyl!olrT zfEG_pAm6yqxiUTx4L90oC3jijT{o=!IPuORWhahX zH<&brDpG0{VeP_W}vnb46M{W4iXDSJIw=KO8O0R)RZgt|E++6BTo6T8v-9+bCh zqkom5QU7IucO2+~jo!vL)F{J$vvRmfT+g<}3A5h*_(PH3W@Ngd&-`J6!bgG=#Ljf( z`1eq>O&eCN%_`f1^=e`PzMmN(Ci}9n6F7&8({s92cyto(e8E+*61p#@YFUB{0k?dE zr3r;xtM6~7QyAl}U?Tt5j#mo!0HUeeKS*8*u4sVt6y$mI*aaC1m;_ z(AcEjq{2a2ogq~g>n}?=Pkha+%9B2^hBhXXVVoda&rs-SR=(k%n2RN9PLT0Q_>ht& z@Zt5olcV3?N_c>13Afk<*`1_nO$0ge&T`F2!%k-MHRZ_iH#tuq>D=8?-ieGk8ARcg zjXBf5Col+F)6FDP%vr4Xns#OEHGXh_hD6i8gvQ9KxYqw@P!FzYz)8nIh~%pMta z?cjB3)#CGI;9)E_fjK6@AT8X;`V0Oh>1l76Rb5j^7b};oDlGO)+3d5F_yx|_HW-y% zTRHAL5tL5)-*h8Nc+rL*on)cQSwYua@OLy8=Gx_^as#mQx>8|(^0Q8M{>r|5jpl@` z|Mmf9qI=TocxvQN422O0dP`|9{A;1$MZwlw?YS~^J5yvgsrUp^hq6O9+%>cJ=zEN! zfuLU|j{%A*MSutq_AkRc$9(kebBCN+cw|{;x!>@+d2ljJk%U4$OEBM7LkqFgJ7$6f z#w?#PIUsW475uh5FgYG)oq33aAL)Xv9$|3b#bD?+jxR{ogU6}pp)VT{dw87iDo*Z= zFIW=X9>%=gJib#BRkaB1uZ2IouIdOpNX_2Rtg1igP+GRz`&Y013T0Zh)8+{~_D63? zvJD(ny$dpv0L$ FHP#hBZHGNjo^OVbpGeq)<`?Cl3pIH)H3$;E$KKtHFub9sr$0 zZG~Q~7N|y%=VA!opg~YrzT5#BmhQ=8;)Tlcb`EK}e-d=Ac3CuSRoO&{7{)4Ejd%n4 z+=Fr3dc($g6Vd326vbR9l3Zi`R0ZBc2uQ^L@JR6L*Is+*)}TV(Jm>zgcvF(?+0MD^ zE7+J9k>!(0=JixtP;ay8f0&6koX**G`5vEjn-k2Z+v=FfRD zU2?!U-4&AXmDjpf2K`-k8yOz+K{ZiX@FFy`9hhenKDqN41s|bq6u?%LsY*)=W%9ae zzsbO(NH@a0@auttoDrn9Eqm!{XAzg57Umi~HnK-^85n&Lja7Bq+KEw-BY(_=plr+b z+RA0ga-m7o0XqmUw3EqLwCmOceY^kGR{L6OW=}^O7=&HxT1cu6Qj*rdfdeRR1g>V- z;4Az@+n9AkGqqS0}Uf;wj|Pi9#FPuLVo7XH>;HkY&( zBZLxYbO~!TVduLsOw|C}&i%0&5Ooe-pf1BJ3Wt}R4);y-_~mxn2rlzC7ivN(~a)7su>G;s||iT0~ee0YDnT`bIC+L>Qb>+IKM-}Gz@G> zw20c)EE{KWW4VsFjEU*Q00Yjwj#M&S)t2vAhOV{)YM@D_eJ4(!^n;Pb{bGl=)sEVS zZM-ntQM&tcX5kXx4_;k_F9qR#W@A!noiGFN2V|Hmo{QxJKKGW5)vu5@H;%uU%aFA% ztZTs{F0^s7pokn#iq0V*iJ<3&$6$u%Yms?dBS6Cs=j0KpT~3;oY%@hbd&zp63CLpH zKXUVn!rYCDbrV=lJGY+TNV2QMP59M!HvG}I z`+Ljjd2#2fSPK<-t5*FTK5vJNHy*BTHW%K}A#C?c=U(L0+>=O3HeKe*RSbeca9)|I!6VrW( z;_TzdiZ5#oSd#z_(j*z>{v=4q7LCRFqbNu2_Re!C^!>TBVf!hvrkF)V_Nd)8=#1<~{{-hvG<-7HwfSam)z z`?lBk*Pp7yy^$o<-5P(tu4vdgUt;9cS1)M~X@CFa)c$hlk1Y_4Ky0|JORK@Xai6;M zDvfAY0b*qO7+sGmL^y%z!*mczo6x+I3WDDyX}95DvaQ0~5q$DEi@MTeQ_Rw?kDDpo zTf|gKRn7yYbnnpq`T%U!cI~PhNTh07+LTEbDGfnurkK27L6Lgtxh3 zrg>px#3*-<(J=c;`kUiD2smkJrIDK=*H0h{+ZCe}P?OK75h7FIRo;X`&o7ZvDUmqV zj9q%D)E(8SVu%GjnBc|rHsF05Sp&_bh=MJrQVx8v;*~LR20w^AgHiZ<&WHqWUpWdXn>^RoQOtzrR_vrZI3QZqE6k6_Y0K4FJ^e^k@rrHo z*r(*%<+gNk2NfD7bucL{$JxZ%q!il|w~{CBUW6a8^PRzIB+n$P;-7qdq5~zXaz@PU zd8UeRcSitJRKgZAFSAI5ivf`Qv`W-(dPftq+}NrhZ=6RJbaf%WxSWjcm<=&*_453t z4C1XvOv4IXJ7{F3^2WMEd+gG866irvNKS-S>h#L6UPODr`2=mF+?iq!Pc26DP`)JN zZjvUGus11oD0w>hv)F@m&_K z^)Z2>ca3eGSYSM*x++}xcTEk*^N~5QMhvnJow4N(D^J0B=gvtZW$p3k%7=a z{i}z`2ObcdhaX~@ABDJlC$jR0IL=q|SEdNkSz-+kidE)jffmX5VtOX1Qh<6 zNW)4Wj{2q0bF`jxzMOsTjp}w>YSL&28OX0SxVbacaIzxAJvs&cvbBYctG6KcJ6{tp zmNGW*0lYfQ#&(6EXNF2JF9l_on?LTWWmOWee02kYla|#)E&*P+T zB##vkjuWl0JncWR7``7EU-29EPc7znoou7RfIZnfZChwInpsur1)5qOB)3Kc73-74uN z)Ma{A(kYor&5yEOi$xINNDqaY=LS4#t{C8a?_p2ic}H38>6UVQhzBs%-Ozu+3`3IP zzyv$Hd{)bd7|-h#fMOoo%KGNtvjph1u}M znPdP!d;mb7_#1K;=~}ixbr-USfJR!uY;pi8jZcydK`ZFTf&&&NmSO3*^A1o}a!OC1ZRvPs6?XA(% zjY+-jdXPjs#oP92V#41Cioll_Xe2@&AUkEJ{ZN?Y^%|6!Jn`~SFkh8-_yrJQG{}v~ z^M)mPw8IaCsVUxmbq3~U8XYGysa_f$RM%t56BGp<&|}ge^s@@dQQe2RTop{3OSvP( zDI8HR13hr@ZK6FME^!X;TQ1s`6~#AN>_@CuVQ%BKPS~A6Ip~}xvKCieRgmy`|7n}P zy~C`8!4vtOME|BP;uw$5SWn`5-!SLdc$>a!OiP+it%Bs^UhcSFa9%q&NH;NbzQOXnQS2 z>KIC9kcda@OrSAzW5g%&W~U-B#A`bncxClI zz_3w42xGaKb0zuB8}?1oesirV>oBr6lI{|cuY|eK@R~W>l9nN6C$ zg9#0RaQa%kWO92y+`TRA%wK{)Obd6q`D_lnO$G1X~)FL3~zHw zfp&K0%#9|o4X(3@pBBv3b`8uv7y9M^QPiFIgS99IA5SVKDZcwkTwZ!9eQS7}n0UCq zqot=ZfQ$vvR}U~{LZp>>eVU^5dXEyvfc%KRtn80ahM1N0M?p0>Y$73ad5B$VVYLJa z;rRNeXpqStZxAY^sRBwgl%0=ZEm9?B<%r6!UV%SA2b3<8IqX(pA62ekX#_l4(fI*t z3qYB16y`X?tC^OO1j+!6;8>7>u!*zD>V|6$z0x6I-mHW;9kMzs<2Q)IKYf#!?|<#Z zmWp}uXM?caY=$gFC&=VmOarrrH&!nP9y>m40|pTDi&n%ZrG=a|>wZ0*V*I!f^_!p( z<4RMKuQ&z*J^7t7?O=^fHLuu9kH$GoA|$G}N81qvZ1s2#s$aCqRg<>HrH3{bLkzDd z{_J$a<56V!LHA033rcr*)4f=05wf#mgzDS%p4FnoI&FMbrd?Jy~;>)`~ z#+MJae*o*dA0!<#&|9x}N_X!G@3so8?>YZ~+6O;`QhB!Fh4fzA2Bv_}x2wLz+W!FD zclo3L*I4#1|3?t{z}#=m+VsjQew^>l3pQ{qH04`>MpAK7w<yxSy#1 zQfikr9j!Y;bOr_nC$5YI-M?x+NPOZ0vS*LqZ{huW^oi-{BIo9my}Z3YZ0+B#)oHOl z&HwrpB5Ca2H9YT{NKgS|&GymPqjGu*SaiGe*Ie}qRckh_h0PBU43Qqg8Wc3NAL{B$ zn{*TWnRji-gLSJu)FNpRBR|lh zD~OMrKHu(QmdAjsTYk;*w!jp5nv|~hg``h9)icv@Xwm*u_xk$!{+;>b%VVYF2ZMSC zh6u?gUMO!mq^j!Dw=nuMC2U>~=%9RkecL-aKI-6$b*rF(lM9!VgXb>0=jSqZc2`|H zrM4mpwXaeE0RitUZ{?-bwoPf>-Q8VUzxg9{s}>u}KBa)Zno^21twye%zfVe+BMYgh zIB}gr9PQdomfUVM1B)ExbWxw=B6p!r@AL%fzL=Z8zL}S85$$;t#-A=$flcT|rXBp$ zQZusCivKutc*AY>OI|H89$W{hht>Mbh20Ny-xVe?R7Sk+Rfe|E*}?!iUILM|D`W>4 zCCGLR%*$^5Ge2@p%#4dBx&Z2{{wU!g+u!TKawv$Kr z4{TI$CwE)=J{^{$_6we97HwtJ_PecfqPwXpgfj4^^*AHiVlYwV*MI=KyqLuFC|P^| zo5kbmQW#SLAOr*$=a6O4eCTTCllrc@Fbo`H;6&PQWg57L;Dci-Y%eG313!IQ`YQ#N zo;@kaR78=6_Z&79f#@xwqoKTKIls9*X^f29Smt+KWfhnQ)oz*?r*OO`vN!&HoYI_Y zy#qM~6lKhSw|irpSKv(=5vQXuSwOg#?gqlidUE!Tv&0`KKbBjDj4NN*I#Am((+7qZ ze@S=dVYL<#*+qa=6dBmBPCY5ZjrQ_aV<=u95y2}YusaVg>B3D0pq@BRHp@#k`kPS^ z6Q0x8CFk;&cMx{ji-Alhbde%?fozWfG+}3}zyWSBF$d;R@Kp|7C~|@auuwrhYMS7z=k4qjua-GIdCQicKx>U(VHAG=dZgJ(uU}IF! zpl=3$yJi_!PiHmdNc7=LgyGw`Ym56W2W(B#lFRo@$~HOu%ez9L;us6FdVOEM;~;chlAN9 zwZjvn13g>RveIF!yMdKzI}27a#|8Y1Z22x5<8%D|-Pv-uF0W_p!7b`qS~K!meXag8 zoT3dS?$a@o$HQ5ls}dC0wT631_izgTblu^sw0k4+*Yin=+2Lc#qvbm6tcP>hMW0bD z7dW@)^Mt#T<@kbIUCQpvkRw7p`x_=aj!aX-sjCtE>+7{TMZ)vCrlVluL2MSNKuJLoAo2_<7&vJ5F zd!02=;3`k}MQ=3c=bDM;`A08kAB6jKFnz=Jv9~_Ps1A)!u|WRifWB~;kX58=<# zT;JX~vfFsxF&1}eUl{7=t!(%Hi~*w`L3L67&ZU(w(?*s#0eyEy6z*^q1K1_X*m}&+ zreQNUZAPbG1%Z@OzPop!+(my*jZz7lqq%CjnQHpMP6)QeQ~_2esE9hp6SqSF{-L3{ z8C2xD=(d%Z1@kci2$8Mi&QR>+jq=kWE^va=(l{zt{7(-I++;LQ@VOyxt51E~N|WjICovE7{r+-+~KH}L5(-=Hfp-RaoakE^T^VC~ypj!LDV@BREnZ z4koh_0kN&LtIUTBMmd!Q(8GV42IT6S@NtT2zr|2F_@$qKwk#tKZ;-c@jgZ*YXJ$bXK41C~M`Vx|HrDOm`bFvj z=7pf&>id<2ZZ@=;78zCg^SX1ngG>eE(S5W#bm};v^nSxZQSk)Uhb|)_@kh8{B8Cv_ zu0ncgQ0>Wfz%GbqIWs#3OuO007#LI4;%o^wfGXO#6sx!%q|felJzAcZ{3uhT`(YaK z0_1t%-ehX_rf==yB#_di4*>h6!mok*v5;1LtYwaBt-l0xg)Lu8-%YXIIN?oEMV!&7 z)&^_!gH{JSCwsrTh?)>raMVY%T$kN%<2yB$yd|(`M z>?tl@fYXJ%cZZ#Sf36M{!`G1(q-KA2dC>xTKG2EP=R#!RkBtmEr(mmMCPDZDQ?}sO zflQC6nw@Ng4jB}A0>5!h#->Pq8@)9FKRx7|=eX8 z)q2v^&1}|8sV>~+}M;e5fMlCsDbboMfb_> zv`b*Kn?!IA9Zn@o{q?wstuZknOB4j~T znCy6aB)`TariKzy%JjYBa=T(o)^qgV!iy;amsRv{4BiVlOe5XF)1i-2CbO_9B8TL^ zhK+FV0DVSLq}2?Ym&$42hq?xT)pn%t-$MInb6{b!y&^DLx=~s>2-P?kn5hO zgoAvrsbhdcb;Mj0nN1~$g=9Wq#YjYJnnEFX!hheB5PrLV_8T(!q2knE#0|o(S~kiX z{#(HxA)XyD!Ts~;#WjWJ@jESQq}>VuLW<|lsXs(F8*xnO;>Dv@Z)WjM?(~>WR|i(! z-{wq-*)pQucOMkCPIx4p%}0JlBMA#q*B0J0PRI#kbwi%&m$S>ezRakYxao8l7*X+wP!5bj$&h? ze?Y3GW=ChROC_}u;N5$4X``)v#|-+ufv}!DetWJt+hvWAC7m^qLM>!I`)YyTCbn}o zUFS1|>oS2q#7z*cber&qQ^y!&L*~h3D$Z9ZoiVE9J$UoH%5Q&v3YzS_^_a@d|Dw+g z>5YVPniOoMR;8HlL`(zV6xTjoHeGTQEU38`3wt!rNGP;!fN5_hg>4#|tykb|q(}(p z4@?JdpY#%&^&r1uQOi{*J28e*KC~RC`@FUYycY(Ofou-I{B{Cqk3wwQ~A0xPfq zLK#LA0Z|s&ydLb9QwRy?43&*<=X1*wpgFmJvQTkXSxHH+hW=N;%zfFMjb>y+5*#X# zCsyCP&7DmayqBfh&3zD$2=%tZt35vmHr&!I6%j0?qsq?QU|uuo!iQTd0n5;hZc#4= z!3{k;dt0;p1q}2XP4!J#mHirD#D>16D`a_9X;%zQCfuQa8aL1r6#}6l5_$<#iPx)qU&MUNy>*XUe z21Hx?c!7tAug<^QBquA3xv{Hsw{`~LwcFj8PP3}skkAN6))1jvS{zaNpm^2Jxv*$; z-)yC4}tg6e9vB}$E!muCfWq4?L7WX z2YLqwrQ37Ed3gqhX5UWndbowScL?Ug4=FAV_N>m6Uj&Urz1h+n`E-(Rd%yPEgNaQ0 z5Q+-zX7v(z;K@KW!{ztu5vv{Z=wFGX%SMRuHvK=Wol}!0T@q-Iz2VZD=&c0wXj}-~V!pjNWLv9HT&_tR+RzY>a zlQx*%$WOWizFGeyernqtPUoT=2I3ZA!B+sEJ*_>}-%kL2uu7KEDu@q&pt0$ZziNBY zm=hWdr=Dqz639)hhUw_h7h5%jmZw+hvUbhteYy;f+Q*|jscQ^cWZTX3Yc(h*Bb1;^#qJ0>HN zau)=A4ri~c(($adjhur3vX~EnE%nkr@p3i}RF8BhcN563HW(23RtVN@`+!{jTrqhP zCX{CHAaOxn{5{<<%Qc~Vn&AP%cR5!0u^&f5H8_!ol=mz%>XyF!4s2KQd z8e~`JLsmDqp=nj0oh1)sb@9E)EbN1>dqfb98Z><4{p%fzkY@A7#(`5pYo%1MFslo7H;E};LjA?H~q ztG`SK`N7MS-k7>)*q}q;?ZFM|F(_2buYhI0ex0gR@c!4PyX)4v76V^0J~*siIa;e{d|_l8~GU#wrh00C zn|rc>`2OkvjMJme5FAv5A8l+tK=uM{0%OAZHzzE|MMz|5n4@PR)-$Tq)()=ms#e@` zn&^oC<%`n`3j1%>B8}y#1@om02xm*fTWXM{gAs>=#*V(__`!p#A+yg@A*<$hO*oK~ zO`EZIVWVtzE3S^{t?EeJZk>!ZB2xt^UzxdpzypK;E?5M;rYtdAWyx-@Oy}A3utT6U z>K#jFy&HI8bi2QN6vE0;emk|RcHvSM?b%4m+|M?HrJfavM3qE;+Bu4CBBxlZbwSlc zv6MB(a_2REbTr?zAI*|;BM$P0K|W!+B((qX$yzGM{G?E-cGY} zWpJ_>4Tna}ddQfAXfMyM45Mn8KUPc^JljG9?8@he(2wxs(Zj01V6pAx)Qi_tt!iKw zNv1q8)$(8;P=4(=fD*D-Ur_A=cmrzV^qG@t#m#@K)!5M7QKRJ!V!6Z?x3!H;T_brTUP%%Hn6P1f zYXFfv$%USgtb#85TTe+e)M7np2$95doHu;e4C3R0@GEEV5_@;s^c9k8?X@j)U<;*Q-vptgh!H$Qw1&iO#QKzIFNr+tT z>14Q0o26~*0BkuXH~(-@mR1h3B4cghSZ{#MCTZQbFl~UU9;uaA(3+9lqh{~Uj z^i-a7IBrF2JEAY_!*Os&+0wYv=Gy%gXRp1bJv$iwJtL#if`uw(lu|aNjU3oII1q9I z5*ioddapaqxh}-KqIAh7A&(EShoc$X!&PNQif#R2mMU{aI}+V#yy?3Wb^fepUIG`& z-mo^yI?Q{&cl#D!v@DyxV7!jc?tmR=f1tYgrfsE1Yy185!)DZo;WYOdLya*#tQy~ZS99$6YmS|T^^irLz$%))Iq7EBv zLxbxUx03d;2eR$_kmO^95uqOu{Oj*mS^yAOnJPE0Qt0$MIg8u2Vn2?zM8tq-$vE)o zzqAif$qf$(GJ5zPc^3X*!VL7O$+D)*`iLGg|8wacQbJt~t*1ytx^Wve?#ifn`8Yg&0L>8QEyz#o!a|wmpS)@`c`$Evq+RLwwj zC47A6N)sO2tN(sDnNYB62kWAy^Z=#jz_w`&QPpp41e}Tj6Yh_-#Rw;X!6gfKHA%2I$uiE*DS&Q<+|6do z_&K_LQGdFujBY5DJMx6{2|@tjEhG(8zx3ZW4c=E~53UR}DDhUhH9g|{jCkALJh=f~ zCWlZgKaKCoe8ndKsOZ@lwguvjtjQPqaSC<~Ysyh?c?~UgRm&IbdXO#>ww%iMvr+9oSKe z0QgF`4$!LOsZzz_h|c*!qWxbs0eKE-e&!;%MuROC|CIk>dt<8@oMvI6m0faWXskjB zcyT1XUH{1!E|&6QDFXNO;TGIPJigO(l2ie*M?Kh=M8!ObWMK@u^|WCwc62pqp^0*R zbgknOB<*+<6qOeR3SQH%Vt?%gG)&+;(=Dlj z;_4L?n@f1|(ghREOW5I{=HjY{l=w8l-2DU4Vuc;)n4&BX%T^TGK3ZK~O7IwUbh`Nj zRpo9jleo)~V>*ov3JOjehIqLeno4DI>4|oay;?N=JhUDt~l2Vcw84&ZPcyP%3@9{r!zvCk_V0 zdj0Ud>TWmhc_9x&&EXDMJBJiRD@WK9ICs%z?v_XML>fCogjRz0tiBR7b2 ziq5pb+7xTkyxfd0u)DE0@JGQ2nQIbNfw`TGD+14-c@iytMAo(sBG>?sl}&CCI;u+V z9yaNSn*C_1hStYjFSrN{mq4is4`8^=Cu*OLl0@X(en<4NeLi3EfgI0R#AY?ZzN;P=JnrMo}8+(9{yZjmkv>7T@szI`|@V za1;W$&sr|>r%nAoVZ1?}fKGR*_z_(pz*>ij&%97b{cCj6~BM2Obpl_SR$XJt0Y0o>r*okMAS z&Cqx}F5(yDPBu4<-+_2`-`_&ACoAQw9W9(?Yuy~Gp#iA_!^;EZjKuCBP3_*|@;R&O ziF4`#b?9sm(I(yr$jUr7@AQ~=EJE!}2{DPO`z;eBp1|1wx<<$)T}rXl+1v>xkHh21 zQyevmdZKrn<*r#GdI!oEl2leXbJ=U4{DU^Z!*Yj5tJCeM1Z;lb^EpTJ$=7#2Bcw+v z&BitV#@MBp)h@0=}G@|vQtBC4Hkx}i^9V*+V(IxuDNKpng|E( z)D4%V5wS{;bhMoO^RgG~xu`%I$Bw5n9e?}(4b-X1*?EVe0LM`o9I2uF6&cNO9*oR- z4g1#hK%ZYhjhw4*WRxTza{TER%_vWYh`hgrnr~0W$AaB0c$u@G{@ll8v4A(ea=gsa zWubi`&LZ})_hR%{QzrQDe*K!z_jIeZ%1?KWXROtJU$L{Z6C@N4OW4EXjfCXv(c>r8 zc5{0RxOJQ+-Z53RO9O31^UgltSw>c1!p`@aMIvn^HLv5ixqTcOKM0;(kDX6dl4x_r zE|e|S+Lf4y7pv2t-H@!yZy-fYp@Ew9+*c)H;=tdzyZs2 zPNGu+sZitmB@F@Hk_dJGL(UO8K?6^$Nrz=(N2$&RUljV9L4pI$Ps=*RB)N;j%oL4l zLA}niQ&thGS&mOg2>5B|x?XMgiV=KNNXp2Nl8^+>%*b!paBzd;mJ3@MK>Q28ZLR!A z84*AbN5h*oswk&dhlS(`;UYGj-D=eDrPBEkXjeeNM1-!(e1kY09flt%GAhw6mJ?=& zo5ri#ZxU?O!f-sT({CP5w((o;w7wWH0~wzlFXoprSHmPQJXoeVO{$D~arH`}On){N#d$Od5*6s9^f} zoM15jkUzY2Y>R-nltvVA_v-Z@IuVvf$U^FvfJRIi9<_9AwBjP5DKKR|g!Kh&o{1u3 zM1YVdBDWX}nm2$1DAedNX9_YA`b}PmI&;m^1gwrnZGzjRn%b(4Y}P;I)c=^VVFF*Q4gE1`ccUDRVq5VEXs(9l?cew2}^tnFGGMNy;LQOZ&AED2OeVVxf#5Q|J9< zkta-0>ESr7+0n#?ik9eZt zu`)ZxU&gBhgJo)r{FI@az&03^t|K|A$g@~=YuYDTE)!eiXxS9Dsq4;a`E&l85r7fc zP^Fnj)S;8$O_Sd>txTEMrS|Q8r?sZpm}3dI$S@$TniK0rKm!Ax%v!`NRXM!yFlk*~ zwQaqZjfFd}Kr`pPR_rDKeb;t-F23u^RE^kj7X21?o2~__pIYCpV8pl~UxfEMuP!5pwOC*2hL7 zwpibla-aG5nQYHJy=f{oAo2utiJ-&=l2ZnA3{+FCk z9}5Dl3q_BU?Dtk`)uaCt23jn!A4^3Io(*utqrWn~mQ9~Az$Y=Uz>S`*J@xoHAzL@~ zQ|PC%cxBOz_F|sm})utrCHQlU9SuI@W{YzY>DUEYtgcyH2>=XkmYR z9hh(sXktR8^ZCo?-wi#d)ywCzpJQ^b78}1s>xTz>{5=iT6_UOeI91WeDrCQ1t{%sI zz5la?R3OK1HyS@zzy!#a4wy8=$Hn>0pAMcnCFJDf?5ofFf{Q8Cu38~(jxUae>(o%t z(ZT}xP5;1wIbV9LkIg=@^4j|4EfywATaEs$4&oFiNJM1_BXS?zkk}~k#6h@;@;Ns zlP}=)vPYF7TlV?e`LYux_AiDG3|fV@t97Pvn5S=6``UuMeKpG1zQ*|Nm1n|KFTO|JN|i|6|z?V;EtR zl9{quQHzB#p=fNjGK~guHjAYq@o4OYYK1^!k)N2-F|dx+6K~PSO=*%l3H%v9M{x6E z1?uxalx|eVOKT!xyE8e_7o*6qwbAR$k>DCZ3K2Z!+pYL7L< zRnGfBX)mA71}{mMv_AP%aSxH^HXwK&)5k9bu0Q}} zepg-UYgco~@D85_UT9Ubx3N^#DxK_c>5;Fa2gC$mxOXEQ%baVVqJ1Flp8D{`>mDf5 zqp%)&2#A(zv9Vcj-?EKuVd9&;P|KAEDbwCt0h;4lm6MHIRD%|om-&1CE59vmaYvJ* z9f7Q6I)C6A@1ZG<4$w0Kj4Prd;Q1aN@#qZDe+q>VlNO649*Y)E5s&ii5UVwf9er#0O5o-JQKfn6lo4d&=q2$WiOz7ddNTxLI6l6FoA2 z$eb4lgXZ)iN}hXf0p)M?r+c@N=P*Fr8AI;T0aJc+!u>+_`ENr5@HySM{oCu-ucbbE zh$IzO>JLd%*nPe5U%5`nSGq4T1BvOsZzs@JTuDP*jtE|Ly;$1)nrmu^w*R%H@$adO z^7s)jJ2!fs;+bS={2pjYad>Kudl^9NG~=5*S=K}?s+neZ{0W{okGSj5JD%31qdYQ^)}Ph4P3nC*ckZAhoS*$h=LI~K5ITOL(YlRub-ulP~6$^g1!u$pdt--4L}{uxgr;8|I*e&H_*>_A*Qm!^395N&~p&cIekg|<-^H3 z1-XE1D0t)zYf#eGVY9@01s{@G@4$`YNO!aN?V^wzQ52lV{fKl`-7zlhZbwAiuuv%# zD+!0uSn|QW8NrQo)u*>d2~+9AWww!IaXE$a`h+LBll##8@migTVn!uEOX-W_I7mW> zn<_wcE_f0p&mK1qn4yxfl_5mHfG})Kki>~&{1{`toZx)DxtlE2z-rzP+x_r7>35}i z1P_0}?#oK&C8dT2Ccifby3QV*zg*G6c-D2QY zCz@zNZ|;^y{vv#CsY&jkJ_Z6crJW6bzO+TB9NJuhyCiqBEg+1&EG_PCoIzQm+8mh0 z^WENwHdHk?V#Pk5PI=Y!tPZ5#{AA&I2E|;i^HYmT9l#W?18_}5n6Xdy(Rp@LruAxls+7>q-M$mA!1{hU9VwEd zexKeybrLK?)V$Dw8K?<1g9^2I7#(uPaaf)aFyNozw1?^M2)eTU+3q=@E}&wFUxI+K zMIi!-2pohDHx&Cp`BFi`?qa@syLuIgn8+c9x!gjYX_REd0O{X{Wz&3H>lxwO{jO>C zU*N*j0-%B_J97s$STj{fBWH4i#1~w+M7w!u@@Q8v6w{)}$9{$a_~O^yB7t-9n6S!% zkU?PXh0idf)TZ0%JiPfG!s-AEUYYQvm&>1zT7RHAu!^(3W4W7-Yb@rMk4JS`zgk0& z(POxwR?i(M_#}qL$D_KJ(s;zV!3?Bu_k2+5I*Z>IY{1qEBF@9 z8`-TVMj>o7vd8#fMNMk)*8R28_oPTv^hew=|F%Q~itIlOjGKwqT`&7R&a|<4%U!0k zDO*wXDlbw3iKD7OCRY5`Y--mK`8E+AcI$eF(dGzXUPn;-8JD+4Rbk0s)z^|(9yzbmz3 z?3v2Mpsu6v;I|IBOhXaHs}BzDR>9CmNlB-MNBbWC-QHQ^Iva->>q$&@oS(b(s%EvgovS*{C?B(u;4*v{NH@%qM>9GI7lrxJb{XoIv-7d$x9PSQX zR}VP#v|&6?jD_y%%H^>^ZQ49`GhJYW;lN9;f`8g@xY@#Cx#i~yG3r4nYR?NgGucWI z0{i8jVam@JWIV~TfU}YnmCUrD#UJrEG@bRdsnut>7)}l9O>bSGFf3K6Yn+jq%Oz84@B(3HdyYvi}kFYw|Gx0Bqwt_ z=pL@EVh^hyow}PcqC;nH-Q)TLbv#gK>+;)y5+%8#Ld*zIoOC6>elS5?M=>Yxbz3Rmj}JXQ~7;M-cg% zec=qq3Bv0{ycc^*UW}R?}yt{bA@43#Twd%GIll+n!{a3t?ib@G;gR}Y$3=bxtz~a;F!!wJ^ zD|7iEG#Jn1c{e|$(;)vQ`t%*L2;-{j&I9#u6AnED2h2hAG`W8p?Qg4_u^aPN-xV2& zYSN@mWTWBV`>4t=kc?($3O4j!DKZQkJ91V|-1h?IBAY&jtG2L3j)%`DD<6#EM+T%? zosu3U{%kCnie*PQmD{e-Y4@5M)zXAswA8H0{2OJt>xYwOsVElprBHwW z=tXQWt{{8t>N;8(l21&WKudgdr8~Z30WNmX8Wz@hn@vr2n^0sOc+lWj{y=>jG`O)s z9{t9UFr5(;9wrhHdJ#`gb|1;k@`Ws;tQVoN%Rid8akBL40Pzb?_^Hl;(~! zOzTriQLM-;b=vr`EadKMT;wqE&0TEpXR1PFYRPN=;ag0LsOZ5tX?&-9A*s2&sU$kG zQpM_>SRpfU!VfC2%M>@!;D|9?TY&lZ=ilx+wFofL(Q0FFQBk8Bl_J4QV29H{;h&R7 zcIHpeZz2)9DE(ROa5CH=uadO#^ambTN32-z_Pf5IA~sCDXaI7gI8WDR^-YBX*?t_k zR3blwVZ3ko{s))W7Y|vK5UX&o2ZN04ZrKxt(T&p6+LnbJzk?EJ1LK7rvn(ZxUP@~&m|t~qiv4$%dW5}W%gp7n=eS*J!y@H+Um-!SK0 zsJ(^(gZ#MW@WYMkJ}F7M9Vc_}jOt{w$-KyX>X+-F(nPdE2+H(M;i&TyOcL+pp;m|{hij&u2}a-9DWcb)H?=w zeIzP*2q?&lZjw*iNc@6I#)-^9Mvmtr-b-$Yt~@13OMVW7OY`|VybOgLF9Se}uf^by z2&K3SS8oXq8y(Ch1`m&0-)>F?B}P%MO{K+F7ZRoAx6o=HqxPpd*|+nte6-x*lh7|F_@s9}SjLqhlaI^J{ud3qF0!$r#I?{(@>d?SPA zSBqGYd^FZvmqgG8*F#-cm`pddB5h|{ku~nm%^*Cfz}zmI7DgHoCb6hcT8t2O*;#s- z0sof@XFd6cASdK0hK)8s=3rkv7!Ec0V`U+%_bmH)ntbdFCp@|{XnEWfpiYT@53`LX z6nk7>-U+b{UbYflQsgEH^LHoM?}#8HuU`G4Qh5=J|GWl-4b<&bfJt2x;3HZ$#5>ZD z9y2)oLZ0quXOSg!6{O)}DG3M*JHT(2&Y_W)C;f~I3-f9v5)bf(9Zk2t93&=YfYYWr zPC=L&v%OKX`R6Cej1Zd)O1!tvBk{&YOKYIPKunyS+Eye29mq-VOZN-;-?nkg#g&Te zflXw3hYwj-#9M?BE-G?-j4p+QPuxOw4dB_FSV(`;Xr9NJ;BP7<*Xb{Sl75`kXKfd+ zRZRCt#kN+m+SqTY%KHpu^RIZ?YZYZ$VuP!PXqgJlzoLp_qCq;aMaDo0InA0PqWnlc3f?q_O;uir8zCM8>@n%(ts&@pQUj&4s@lX(ss&9gccBmx$6(vlsU8;JOki9c+ zd5u^@YZ{R5B}OPyJSz4@C3V&!wCM0H(DZ-9D>4}z5$rB_gyY99S7a?a0bsor_IFR>X9@QYoU&%ja{UfuQG*KGwF^nQvQ#sFt zhX7`HPbTZ|WWu?+f8_1XR=_39Mj#zMTfLsnS4e9n)Ie?iQ-%;XuQ9y6k~T$HC#uX0 z@SZ+!CuK%{W6>QACp;LxE^4iSEh$=p3h;n2@xbG!Y4ylIqfBW zB2CDNX~2E~5jDunP{;k1!CvbE1i*6MK!T}AX6)v4O268nh~XXWz~+~9clw9j(}n== zg_-JMZ4+jndlVeogmn zEo@CD4)89JKcc}>H1A1~F-S?LW~g`#-A>N8#7G8`VmG9kT5f@^5-Q}pr5>Lr3WuHd zI{jZX+0a^@DEwPeHVB{LE{5~!KfOJ67&h1KezUOnAN_S8as5dxG(RtwMlVGA>((e_ z#!M$Tye$xsT~lB;IvAS}IKAy>NGQ9_{&6efP5l1+wr!T0e{nU-7(fdkIiFr!EIrfk zF@dXV(=bLQ8{~`mARJuedVkpx0oUx146)&F#qD{v91(1~IixGrebWMIG1{I$TU>7> z=(Qyjab~W-07}2b@;j|{YBaN*IzM!1KcpI%4Q`~+Rj}t~u@6ugTp53Yk|^Q5shKu7 zI2}$bLpzsTQeY$uh9_G=_2gwB%1p@4#k;}Ww!S4eGpAS0tv4TLB#_>a7HP+VLB^@7 zS71oJhN3tIqhM^@zlnb6t#yx##!|}0Bi(2@2%CS3 zk#mg!%vOq^szXZyF4m~#Sii7Sse^5su7FOg0?yDU?sKzER4YnX_^ROBJn5!pO@Is` z&Ybf%7JF8HSl3DETpA`QMP)c|>{)2&3uvW08yBD0<*Z0n0v_OO2T#f-8@BTcCKGgEp`9R+N-hpQgLVX!TF}-`HAQa?5Xa` z(gu056I{5^eC3lH*y}Tq-SkzHk}ueT?TI4d_FU$b?UN6Ri{zBYj;@Y|N6HID3lS4H zHMYUbq>ZbYUff#eOj-<-nk>2SCPT_7k zW>~Igb*gcMutk^D8*P>*{d12G`8tNKn1kQ`)1q+A{e9vD6K<}$!yX442|uF&4RyO8 z%E^)ZSSMk&Re6_i?YC|%Hhb>4BvnJQdIYvi$9Moj=sNqMB|#N6> zIjbummki>=+gh4Qp(Pjf7kMsr?{Ym2tpgRer8kMdZ)}^N#xsfqCSn?KLJrx6UqF7SUv4qSV z5TrLBSZ`gsB#KSGE7dQ!S)|a6Q4n+oD;C(q@a`+^ZmOJfHGC*ZwAk-92MZ0Op?S@o zI~T2Ay2-|&?RZ?^#h47<9wd_3cl-w4VHN3b8Xw%G7nA&Hg_If}?t+zg-$P%4c1Wra zeG0Qm<(9Al;j(EuUQHMzaTC}bzOnP4%fmQ<3+mm;?{Qc` z7Q+$3WL@@6+h9_s1py(kCwL^kZH2JbRXQEEw<8#Ve}*Ar=fQZ2#0elC++^g+B=R+Eqz z8{GHblP&>wg23qpCerFo>f`dnm21uj)8v2zViH~}J|84M%m>S(d{!mpnEceYI?uV_ zY7RYdEOjIMwy*AC_GjSF8O&=PUzpD(sx(kRX&F%z&;svoC>q6q`p2)Z5z!qms~#Rz zSqEWK*#GDT*>GG_Y!wDyShdB_Jii4?FYe0{993mm3#}#Kow(5zVTVMS?jF7~`rfTh z#cszvH-p9dgBJ>M?_g*+$qctULc5iPlHl^!{Za$AYu{1TVs^hOi3M92UDN7rjh^!> z*jT@svA+e`P_$9HE;iojf<=1ZmJs+gUG?GOrIe_E4(=&+$3Xjv4}-HKWruDvtdq~G zieI7}U}_~01~A$=X>y`Q4n@hKICtNa$a^N70u2v8PwTLS4Hjm(sdFXGbW9x1?H7;| zaziWE9Kr$Bp(pv116A}?!LaY*24S67!=c}|g`~Kb>OjZ~l>pD*%5p`Z-3Z#;=q3z; z{$L^?>TDX^wn^>Y6j0Wfy|M9~YB)1^ap%AD8z-@UtT+#p!mc?aU?0gZ0vm=LL% zrvh8UpPQ6H@1O3mf&{iOFE4k)_f>W;%D@V@OeeSRy|Ht_{cbaWX&5J8eG($i(EBqS z?Rbv?E(VXIt{bY9C^WcU7SQ&3_cJtHGWNu02av-QL<)^O)7(R}Hr9w;1_Ai!5XX&T z(^W@9dy}GrH~@}3biu%Q2lVQ#S4@2t)^qF#cC^RUpMZ2fzEAc(aCoCMFS`zv&Q3VD zf8uAy&-sANK>O9l6KABIOEJ4z!~=$m!jJbd(HD_&0Dax6jvd z5e~ZiEt+J+Gm)ZQ99NLT#D4RK!i#||eUtUBI1XL6oF0vr6ZwAwM;A?&3<1TrZXbos znE1h)R6i~(!COkLW}v_9G`}<1t<6@;;qMVJSDt63cara6-}$K*@A~{}-*7iw;ygz% zo=pO-W;m29_M&MB8TQ(JajE9375mDLjr>bjS}wtI)L>#(`kGy_oXdgG@gH%Ux}hk}v-0#gu{7e*)nMOhp~xLJ%M{WD>f zc0K#~s>^liIu;i8+<^BC^yTB|(*ujg@n|Bwm1UdD@hA&<@*n@3bhXYXfDb_r){)(& zN3bpk-YJ(kxp`7^uHG4EBVwW7BH3-0V-sDvJ$^?%@ks2#Y`uiddcB#f!iVN4>K*q! z@RQe9i6ZpLBYKAlU8XD{onWbr4R&Ha-;Vxs)ne=Q=(*9EB2$l5m_QZajYjvZ@>fbV zVDHrxZmkC3-RQz*ct93Pblti9nJ9-Bvz!0-(?xHRc?c5CyQdN%CR03#!; ze_%gx{-AkCTaaeQT^$+rk_)#iyhmKftLw~>Rv|X?bsI+OwdP{Cfs}(XJfvT!D0<8Q zQc=EhOT%wGN~9+L-UzWc;EJILRb~(rl?dT>T@vcn6SMhpvY$&Uwi{oP$!d&Q0EM-C zS|Is4s1kvVN?S?!^P7(M<#nC+o?io_?~!F3it->*<#IH!oUQklmdfpn!$vW?D?%0^ zd&~Wh1cH?|$nehRLaP%R#>vzvyWZ_7b0E)uoapjcK!tuN_g=~ZX+luO3S~HHg?B!Y zg>H~+DBy#Z`;P<*@+T(@x`G#17n|YQm9bVs3ltV>RPHtORMmS@Jm?sRjr(1K|4S0> zoIxTmO|l=yFrxlP=%@SkBPb4hN?JCLq>P>}=*f+R1DC*1Jmvf;`T@x0t5CzEAUo)UBi8y8ICCny- z^i+XSoa?bH-29m`&bYkp?QGCt;j*M$OgTt-R~>=9rYN?N)JI0AlvYokCrj=_{3Uu9YPOCdV?0~GU3?=r z5DiZOM$8OTCBoM}T8TvT)W4*U8kEWlAW4%eran~GPc$u9%(28IBBTUSkS8)`GoCds z2ul|=!JY{wa@JL=tup!_Tq|ynFhbySq*OM4rlR4DvO#aqdk>7}5D7MId^`#^mHU6_ z5lp1iq>_9Twk7>Do(vtwNW7sgjr50Ar5zjI`6A*lSV$N`bp4vcc9Y&cR7`{H8CAt)_L zVP`dyBF3|%v~G*{D>(+SW%!QK1rb}Dg4tLiET+!_K+aDV`Z5AQBZQnLuhRG!fABh2 z(P`SPv0^kSr;(*bXMLNq1FW@bf6qMc ze@&cpV|n*VOsHhseqD8l@~!#L&J8a8tuV1Xs`*TZF@RnDi=L>uF_Peb+f>c%LCE&U z;Os)g>EQ)Incj=*miC&JeII`Z-01Cq4?MQ zv-nPKV~oL~z_D9Q$jL|@)O>^9=gp;4)*gZa7bTdJdyR@=U=uFhJ6T~jrce!z3zB?7 zVLElS7gOqLAhw}evA}EvO5LES{*aWF7q&fdhOoNX%hkF}?p!2?_A%-)a<3eV2}?&c zMvM(xn44Wx*lz_i2=W+nnUU41RaP^`%N|%r?X7#Q+vPGG4x5i|@xr=_AEONy*Q+PG z(m!P*Q`5pl3wt{|H=$qOZMcLq+~IGFusfP<$Z|By3CvY!Xy&YDny?SSRv0zPB!`={ zN#<)w1rU%K&NhHE5^97i9luuJglMHV#iGPZlTThOi9b^X3AyRa(Q7~uYic)xbY(P- z82CF2b^^jE_1Z=2~|FK84o9}>rY zBQl#`c&%$&`xd05Ga9D^s+hSE+HroOfq2%iMJRLm9KW&=0g~y;bc9NsLOca~Q40*E zC1!Sfy$FdwmR7{@78re9!rt5}_q)xubW8Laej}es53hP)$F96ZVo0qj7RjbK7*?Hs zJ})eb7Rx7>t~qwo+@c6lq6F2v(N+buoT%vnyl?0TK+Gs@5WC(v3|IdF`E1>xBXGzu zTG}8+G}d=Te!Hw|TafDXZ`2}WcCSa!A2C*RV+C1eKLeNTL6hOQ>c1YH|FB-pg>8^WH+A7m+60|JGu==^_uG-Y#O13xVXCrd?VA6pqq_b z9CxwXdtpc#jVj#Kv{lS+r6|s1BVrd5L1%y!`hx>hZRW==$Z$<)y9c7hAzXc1di$ZVPwv zc@sz2`p0_dJ7IFSi^kn+7mY7txujkfJisy~sDRC0B83zCh3kzsas!Zy*;Me zO?&F_JOL&5&*hu(DiYR6U6rP}E^z|DQq9j0K0&em7X5a?YQ+y|1gO8A-Q?5V)n}DI zbODD#orgXO#{1sqFJ$w&r9(#ioDG(;)f$9dfiW~i1jj|+1(_+Qy%8Or7s2i7({*nZ z6V|HUABj9;Gf6mb>Z5n-3g8-Meq7%jxwF1U)(iQpqAcnK`W%tEj7K0)@?MlgiNdvD zg;ZFvh^Tzy#0XZ4m9X)4@yd4}UqL{N^1oW?%O{R&w=d~b`OsA}sS5kt-+c9`3A+T-E-9a!>|*^&a4Vh-@);BF}lqjl%_MY&pXg%Cq_ z4pfo_LSob82xt}C7&Gw&4I~l~#o9mpnW>?hncg@Awv|-HOgfq)B-cGgmJx6T%TW-) zKUPxghnsXkthPX{hG=@>k|i2}{hVN`BrAAx-e+-+*Mw{t%Mj63bb$zFn?0;r38 zh&%?I?Y?aPQm5ui4N(sD@BMcJk94 z+QaQKi+#QGIAg06%)UFcD_cu9ra`p(SRv0?>vq<>2(uht4 z{mUZNnY`A7WvlW+M0|*xHlroFVx*;RCmN-b$r>~~0o6R#z+7=1GFFi&$rTFCeHgbB;fST0UZ&I3=pC*CfdX+R=HojNVK`C6knm5YlD{Xi%p#b=wV zmfXKZi=TP!jF@n4?(SWLJVUCiPkAE}nFOcW>Jl?u4 z;JYV{K|=iG5D5J1ebaRE|K=hAz zCN|qavMdjzbIltKCMJR~8kfFlzD_^TV1_D8k$_=dtaAuNWoUPa1zN8eIL`dtr~iOWA#t@j6_e{n&S6QEAX3e1qTUsS)tr z(Fg>JV}XWz#i5aOL>{F)ga9SJY1L^xpz)_kpPRi>;^bUpRw8Pw#H*oue>WSboM{f-$Nz;2WMXyROb`(dvJGm zcPs98aCdhpR@{qgao6Gnio3fz1&X^A*Mk<9d-{Lp&b%M*+;7k9GrO~!Y?94xeo3$I zjZ@lQ?I+0IoVLl((DkRk9&|{LPsc2z-`1zqu<9;K4J3{E!m4i{mgk%Km}FX6IBe{tuK&zfH2g3K=__;=|)cEg!sw(hQ|}_OG35E{6`J7=~Z!D71>tsk*|iGW>|7L)VdNrcihVLy(;5Vrh<7O)UTkxaWPb( z;ygjjjZ#r{VKM*+i}-V=G>rPEO8f!|NW>?>-Sd-~c?@k6 z8An)zZD6?g*<0EdE*|lBIw3k;c8-Ra{qVj5h8@foRfd@;4Dc#NLmiJ~rL<2Lt^kl0mk;HS~8a-uO}@%C;Hej-C$!|8=whAOFve z#*?hs_zN{~1UgHAmZLOY(f98#p<95}bSIAA))U&=XbvdF&bt_4E#Kv2W#O^1mS_%d zaQkrQy~tj`rB2AE=4TIBGYd=}RN9;E?eiQS4|ORe^wA>1aslT)@McE7DL%VI0Ojum zCZkc3)gO^x`mWHl(J|Fy5);v%zb(>m-rxaPvwwJPJMq8I+mB3(NXp7GJ@cYb>|LV) zVod@=Qw&BpUw=cDpj4p{;JHpFLdIs_VlCGM$duw7>2We3hq0(;)<26-P;AQ-X;`l|+bJ3Mx23AefJdrdw!b?%W^$1T`du0Ob~bBC3=0sQJj^TPcF zoY|%nYhkJQyY@6n0y=V;#z)I}9Z5zrP!AvSrdj$DGUiY2M$o}y!6P92$(HjEmId@| zkxh1PO1nLc(603~5AXy6p>{kSNr`qF;7>kau1DW3GBI&0Y!Q)S_pV83GN5Odm4d>k3=eaFZSVQ&j=}44&>mKZ z-}p^rML|{;iuSH7oQCS-8j{Z`gqCcz<%gOqe5v;R?#U&d>39tv&<=$b%s;Z1=1}`} zk+BQ>%kdAPiI5im0CI5ik7i)xcBjycPe4GXd{K+Wzhu^~>uZTE`IA4=PsM0as<*}Y5*M;8^9$2d4c#nCu}jef}(kO~>YmIC5Nl>|7Nza+m? z3cXf=;|p5hEB6?xytENw&1*}YsHzys;sJ#!c?l#@|5pvB<;;b&cjJ=ACl zvQ{{5C0yu*3>QxR#vN;Kn2aS=4j;Nx{N}|bb4NfQ4P2$!t<6K%K+VC>B36hIzI~3t zS$0II4$S0xaar7OD0}QjnC&Uh&Lq1;2f~|S02gxol{9B5nU{NTf$;Ub%JAi;crHgN z4dzP{DOV`SSZB0d35dtG3Rd*;ac#2)cxx-mur&IDJNR&OVHn0tB0?X z7H`ix4|tV;Br9S<#%n-$iXp+51{iYGu1kh6^xa#g2Is%@bjbk$8t(YbdWv=?(qR#` z=zsqFDfBGW+MU`Z9UyGi&S^pnzH2$wl4T3ny88i-CQ4C(Y{Vqp`hekjIkJP@c)9{(*O zMqnx$Hb2j+YDJlPLHx?c$qS{BkfG)or}!Oe175>HavA@A6aB>@>r&vX zd>EMsH7pw{-eM&V-eD10G%|%`uH%=Xea~S@@5hIK9T!fz^xatxS*sEP&`T{TR8cU6 zp*(hv;;`}^mWf1w%KQ`{y>R&R=d?`i&Mfd^7z2>e@EnJIV(!T;_gG!%wIV~BWumW} z8KbYRy3OA~&T2m--CVA2f74lmIB6*)f5Qn5Wgjp_T|vbR&t5rW%z1-f8OnRn`K^be zWh;Y5%z;L9F8fFA;5{2jzj~oiZ{saT5v%s~#wUkWa`d}sOv@I;?k^Ala5^5l8+Q}K z@jlpmwd`j1c-+DKeal&`LfOqF&_RYG4E>Ts8E-4#hxtk5*1v_h=Qqi5-P~g8jnW;C z3rfLb@K~ihat&$0Cy~RxrLrKtEMivDBIEpH-o-JQtes23FlGirqF0#W^cgM^ z>&s|NSZ22QTDgtdTzi)8t+7H9w#)VS>bp6SBazf1hw$(g0rx){SivM^jm{vTTS8`G z3md~NY8gSKr#`&D!lq03Aa4nah{2qCj-mov0t(CP1MbQz#sztM!X=Hch=>?8ylOm9 z{K0U-1rs7ggWEC{62-ktNpv)dbo6*LVx%t~TC`;nL-e8nBjHm=^u_i)c*fR}lPdSo z+Ra^If0ta%aDWSs&ZRa+#X0aM4{}WaQMmZ)DS`&TXobLI=83 zPGvMv%rl0Nx9dU->K3DPIQ~$L1(8&9vQzY%+ga4rm2>_5k+WLYkZS$W;3=h? zu9VG;l=)XqHt@cQ*XqIA{)>zYq(-0!Tgjr84C?v8_h9D#kFamdhFmO$#>Be(Cg(_K zcn8@kSQd6T*pv*fyfcj-9$;YPE@-opQdsyc{NcIu1DqtA-S^&}-C?aMH3OF%o zC5-+Uml9M(z-ljQOH_$os2DM|J4m}2X5T>_hEAytuh#NJXD+b}z@W4IqjoLqV&@57 z$i)ydr)d$sW^);O1B-tPdf{RwiMcDcHHBnD+3%M+e1q18I;(sPAUpSds zwj}1Ts|pTd;+zG(R^%fvErK_Pldk^`scFQ+)6dEb*%M|62C5aK$8Fd}=2*I_3QWT|HMsE5qU^_>xCrzCM*UxH6#BST>-Ba2P9&d0Nq=eJ|(a|x~n==p!eBBE}2gO-OJ>`akp^0-5Z*-`UajKQ)MY=n0xUt)v?X9Vx!%6W!K503%~JE)YHFsghNuF->yhFc17g!`mA9yq+kCiiQCng#(!+tUms}N?g}> z=#;+Jpx3#TwTalvLKvARY z2Dd!C88#4}-P|et_=JQ$R?Xn%VxHYseONGD9??vQJ`BC^@4{`NgP5LKv>w|~N_F|B zb@<8xmsn;PI)oBl%xX2#k)t)3o?4z{s!-zkFDDx3hM{M)Uze_a5EVQXq)^ zD|OganTT=~NLwC0iQ&))qtN0y87O23#$*uyp}+EA%~rx5GTqjG-XEjn77>|gO6sgO zFEA0O7{Xw;(`bVCM8*8Rd=yyRp&+% z_*gL^i$|vjd`tzgO$V&VV2nH2iGAvU+{h_Y8C(t`uPn&X))ttQJnq zNZ}KpCi8FOjqez=@kkVi*dR*MYEX9eOu9Wq*9K7})Ak)kFY3fc?;{h$fPzD)DRdPs z)oKfbbdqW)^`BjHG&>ytHRo}&XBjnj#%0zOhl$nOVn}4!=OA+FqFuGDp}0nC`Xw49 z?|WsvbQnieAL?9|T0md7D}98gQ$f!Yk6kXweY|qeP6zXkUcbyba=63^h?dq}8au6> zoeEdKA-%9A9Gy_qv|JWZr@l&g5@mZmx&D`Bm+7v)RZA4FbQU;@l%n*pPuYB~r-X4D zq(zHFb#8w5%D>GaE9;Vz&4!T5Hn>s`dfPrNG^AB8f!an{OC3|B`x+kxS%l1Fr$EGf zJ+UIfzg}HWah)7bFXRdomJm3ctW^d3kiW^d5fZmqhd{kNNG$lX;)~PK6wIx{I;d6l zEe=MNUeYvk*l@vyG24%B+f%PoTKFOq&iDpo_S;QSFpVxTKEEnq#qA?`!+A_AX-wj% zM|!njrA>ENr?i6bkxi!bNSwkc1uRDQo z#THyJqlt7|{78W5Nt%f{1XC?YNyroJh#fv(Z(5ft+Z^i)68Hz+AbrwVKS(W^fG|-d z)SmfWGQ3Z?R$o3dH^ef`N0NRb>}O=Q#GmSAbrnI?M-UQz;-`#>EXpQdA6is6NlmQ| z3S&k(Utl~J76RZv)@c~b+M;Yoh5xz1(1#Wb(H!tR2XuE+QL=mlaetjr8EFd<``PuWX*P{?C+ zR4tiAUyCD<7?U^A_aKzsv}$HB?j|@Q3;J^E573XY{Bgl30*v;Wi>C0V7J8P;a_^34WSuV5wSFBr4{*b@cYpM?x51(O|SV#fgS=yT*tiFQJJ#D_x*L}TV%Ctyz z!|RN^f0jP+Cx2c@${|+iu>3q)zi#973J;ImSG+ZBqk0Bq&Pm*FH^D0{6!f~^u^_aN zAUqw;e)*EroUV-RF*(%hxP_W*7zEqB?sgNy&K1cwl$7tt-mAgwSOiQV4K0$`f(72A z-b)hw6+=vxe=EK3CB3S`Q+#}4-U!@^Q%Ra^a+pgam9srx?IAF#po3cThJ?{;qfNFj zD8W2JM@fhq(i6)poLvzV5rkc`US~#1q&6cu{v(>2o)?N_RTqd0O$dm~6(l&}7utpt z=7w`0K|UwB@q(v<0P;|YdNDiH+QDSe9q6~wW?2}BP)t)WdUaavkvV1Hj496yDIt9g z(W+eJX$jXFp=aJuXM z`2hwEYL|~S=#FWAe>wqDe{1sy!Xf!oF9%@<=MOnRGM@F}b!9F5D;OsK^;gjtKQ%sg zV$Sf?Bk_c85F8wc2Y2mmb3sXDs0~S^k=cI9j_LXo}RnUKN4+jnMixx43^^@(1~Mtxkigrm53KTmhs`x>{^j(C28?;+4{ zqtdF{u;fD#^V+mf_8fVbA1&!-*-cV1YeMhrLDJTv76;dy$`%&4-K zZ^!}fPx)dF-0+@4{*bMZQD~08H`ri(CHR^7v)vTb<%?*4n)0)5qR~Nfs<3gXC8RLe z2ExFPq>@Bcc9T*Y1VBaxI%llapp_Z_WW7JBIX78F3(1Sq`OtW@K(td%**}c3AAdne zTZLq-jMcX=&@obhr(cc#QyI`#K{!Hm5EJC<5K!%8pfZ9|6Y=)UqS@&jAH?Qc2ub>q z_UAqHP1Bpz;n$$-M8`Hv2s`a-NWa$PeCbycsIq2d_%H4~9^mJ3y22*BJsH2g-`_-1 zYkz0n&|O{+FC@sqqZZ0W9OnEAPJlx*|2#vVHH`#E+>YYT^gE?06OK(JafXb{e$=Ei z;QG215givvKklN5*=Q{)oL{62i&V54n;a26NroQ74o!&2t0$Us!;5XQC^9?Mo8v+n z_FTU?p8{-1qT{x*1TXiMg6FFj zcXTPYU8PgL&v|;5adxjh>nUt>uuSFR1yEr1t~eB+4w+9FbegqaqYh`>Bl7AR( zer0~NXQoOB2#YD<>a8k+qlq{u*?ySxhcv9A94F0;qZQilIJQKC)j~Ag*%EF)p{z!4 zeUgbztrRa_7jfL`1xi_p4G$9QHo9V6hExBzIZv3do9dQ+!@YJFEng7ojw=gp^?Q!F~R+qKGQ=u@~!_8Ff)DI0#VogYzjNGqWI%jDImUJiO-yaR=uGBRa6P${(=+*mBe+q6CC#V z>W}3ulBo0Ald*;tB5ZneDzDzbQh^o3Z18mr@tJ`Fn%_zsi8m6JWLk$M0??AJ-x-&1 zyvP%o^Rj+(aCu&3ea(g^D{B2Eu6LK3x+(`a(|-^-i2945{md204()vUC7Z%yh7X`j z+t<&)NwB4ahCQ^nH8w}3BP&u*5=6!(wlK%w?puj1k}Ub7-{M4c$2W2Xt*`hNH*1M4 z@?=Qyd=q+C2M^x_ZS1#PS%bY7BVEBoW<0Y1DD>@{lkI9LDVxC8Z2q9@izMb}cVU*8 z{Gi?HYbZuk!e5C$U36#sQ2XxJogMBqVUe%k44um~GH)@KgNby5ewY~1fZnang@kXa zi+`PV;b|4)3Ve1SQf)Rvn8#r#jxOqsY+3qZ zygPjpDXl{nJ*jXSxJ~pa$XVbF>wo)A*!cK=jd={cg;>Fc;ts8F^SU4pc&H~TZ2iYG68T{^pfr1cd}zgxjee_=q7RpwFqZIICM zt=jW~@RQRDb5#Ne!jo+y0Kzh>Ki<0n#VCozPo%e$!&lDlvu%8(PEFOz=B_ZDKiEs-8 znK5(!$=A&tx$=poyrJoY&K+r<&k@K6dj|;4bN5n9`~GP7+r3aWj(Zm{1OnXZR=}Pc zVQ|G7%X5G)FE1vi1w{WfG5)+YwM#@#YZ?jtah~{I->z7a(AVQ2^|!S;_tJRR1Rm8A zk57Q{sB-LUPBEPI%l#^X^w`W;V!Tj95@3)TJUN_^jTGxvH}VD*68`HG3?|tnq>jpI zMgNK;aemViK+y|u+)kH=TFq$IRevA8{?ofYLqBu}CJgnY&v$AWlR!Hv_^em@Y(M`f zYV1A~Ti24n$@FZ%IQBeyAWPmT5t(+QnxFXn#7&5(Hzg28n+Y}o0LF?WEOa8t#c(zF z`AKzk1Pnt#G;q_+pxvH%ZlxO3CrMM4{&1;|G9mQ4vVy4yyrF*lWWBeq8w9#VOXhNg zDNoY#_=-VH?_NPLxBwviE?wnY#7cgovtZ|Q#^YT z`TMPFa6k~ROz?)T1DcEdPy%vw4;=^P~6VjTKaMTP*n zhS6WndMuUyMXVFYQG^F^wHL;y`287`yVA3uy;pSDz>{*KlrO#NH5a=aqFF~Pn!jDO zI*DcN;eOeiUNbfn>QZX;w3yXR0ls#!#%N11b`)J{@4f-I?#d0mQFP*vBhoP)(v0$EU-n8z~6Et!8P5@PU|QU0MZp=`J&#U z2>;vR&vIBiNyt$Z-8#++vZ$~1ul9ACqjlCw<`fGKjb**THKse`Uxa^jdk1GbTAu-^3-~z9Ke3TK&mKmg)qc*RjQ7#jR9Q=hruM!r5M!{mLJ;^EX zE8vGy>p`ehWt5#plo`=cp$BW?QAd(*T*HJnq(LueqAWnJs`58fS||o@Oca%`=wS0S zJcm+|VJ5y2Axrv_)V#mtA$CmBH&ZA8pzb(n|)uPg}8w^K?D>I4i^*4m~HSx-$OgOBK1)2z*q<-RM<3?i9Ukl7Bz(G+^PdD=_P|^4nRWi%Iu1NzvP-`} zoUXzC%M?~SLL?|7;i#HMWl0{>oKkVKD&t>Hun@Zh^UAQ#vZj_4vau)m&)%9P_c!4PjD+Lq88)mJmb@i zk>_vj12+NY?@~TZh+a_GOeT3pY^ke#%`s?6ZsrKintLWAo^DfI60U|q?;w3m*yWA8 zS=z`RkC;N%lQvjw8k8vIZoK(yvXlEaY5Qu_oAqp1q%+T*7n&(&1j0<~ttTQm-MPzM zr$l&q6NEh9%3RZsmkhSOB6jsUb@ts|k2X7w-<>aq1~MUPoX(^_xRO`iHWj7 zDLCU>f?lE~J!xXfr~b%{Q9!8}^NC~^7sx;7a)y>1A~hWPGV3DBoD!by*m+y1Wfz8@ zAiXYs7AbT}Ma>19W<2D`!;x;pjxJ(~_s{(lzmQEv02y~gMRQHyxr<*KfE6FS{dR*% z7h!nL-%LzLSi_ig=>b3D?BJr*_?T9_0ty*1pgX3c4;Cz1@Af8Zj&Rgl=mlikck&d^ z59Xhn9*POf%9b+~e!k{}0w4E)ji~zMS8!1#Io0Mc(YDw7vhPvSZC+2XjC19xV>r33 z)jp!aGPEo_7=cbK$y+!<`}PE1fLx^Sjz>2ke+X|6QL#qz@xG>Em}I&a9j z!H+}8#8V7>&(F6_>est*-mY_GJ0&Uf#^uDlpfN>Q%;d)3L|D$(w{Tp#L6bT~^_Eh* zwu$uWTlecwvYZI9*J|ERZREBN%_;~SlEw)I1^&c`kXo6Yu0+C|JnB}Dr+({+mf@Wl zj-fO#PQHR0NI1h;N%57nOmcequ9&-5D9(`0ESHa(R2{#d4PX5MEZRE*eQh-x zL**_bSgCMjwgCY~*`J|7TS|k80oemMF_&q& zGzzB5KCz_7eM#s3`VrzMR--II0!;kps_$f1bJQTS}V3Y0@8|-1lxW zY=pL1b~Wp*bPB(a3?21_GV%6h#n%=Iv%(-rNE4#=7!T3myVTL{?eC$LMNNf7=&u`{pQ)_sIhx)$hC;*S0YHnw$f=!buqLSqsooZkNb~f@)vXns z>Q}!B4`bhmYtCuKU}Q3shJRZ1>KHWz#vulHYU0oTNx)*nj?Op?Jj4kFM^n;cN8`OP z)#4kUTF3tvUP=E>^1cWW!Yr9bI%}!-Ix1ZJrbpWt%fOU!#KI<{wmy?T@IZubYpWU0iguHOp zoqHMKxo>-<+{+ViCLvOz1=pbRT66#oQbi2k&A+L2C@zCjXMrt#q_-cW7njr|v~{Ka zaNj6`9BF1kya;$7Y~r~3B#`S~I{K=uQ@u*4BdLjvAK=7?{Vz0>-Z)nWll)xh%b&G( zDepw31ZD17oR+`E9`6CLyZtos++}?aOdzx9O_>*;E$oU}!9Y@8_4cneG>0pSUFm+3 zx*rgHd>wlQUPpGR;PgcH{Tg1`#+!CO?)`Xr`Ue$td;REK@40_$Akb8c*An{DOV0|t;Z=O zG^})bQf+xY94{8JCL1UzOZT6!Y!^=dGCirPJ-M}FTY#YWs5YwpkGv)~>QK;}SF>4e z#NL6FJzAE?EA@MwZ+^{nu)%*t4$r8f{FW=ROyZsQ3Y)1ONR3Q4pRvvjpU@xF$qvWQ zj6;%&M_Us)6gT+1vOWpyou7`KhPKLOKakQn;r>w^Vwuj%9DfbZ?)%9@1hVEVy3{np zjJKc%{hEG4=n~z5pQ2Mfe2Py~6uX>B*!62;bC7oLzs*W_lT+S!e`X4Z6diz3%NBvM z-fIqoL&eE?ypBv#Sch$_4`*}m6du^>kHY!09Hn<9Qd*0*zaMH~DD+0th-**9A)J}% zyR1qO2hJ%TZp=dUvCsGUzung*#KtYA>najH^U^)@1~ZKfYJ>t6i)$;Bl>9#1~M4l7hJGC%b^gXU;6rZi$tI|r{5!qt^) zpUKe>UZ_B@^_OS={K(o%`NY@b_a~1oZIz?aPKCZ&Zg6CzLZ~vnp(BJT4o4pD_f|oe zTk*wNV(2aA-yvo(qqAlU;>v+_*qs!kPmd9o^(Z$L|06C3Ke^SLAV=ecOilZ5u|c#|09)2`^K-WNnutPQ zD4}58xb6j_u!Y7}y5iaW-}-C00S8?L?g#0ajSUcE(+$6W1P};Su6_IL0rQ#@gXJ>M zV`(dIh&*n^Y5CR|$AI&XMUSOjO@z=?iTB4C%^QnBz94rt-%kRXo&a5OZIm#)AGLtWZ!?ZL4O-GHa<6Jq zk;CT0GpJpbP)MUo{mmfVDt>8qSd?-E>DS!2g6BPmL}pxqKtZVQH9bSLhEus9Xq&ru z_`UqI(0<0r7R<``W|QxX|CCkWhC-)=ZE(XP;;n%#Ha z8;RRqw&C*Rwp$>lqoXr{Op}-L^yJa6#)XUMeHi+Jc4wpcjlP$cFVIGCt!?yI_EN~4 zlOJM`F_IRNw|a8`%kL*jhz^!WIT~CC-h+WatRD2tzPkGNh*fR_`Xp}$m@ElA>hjU*%x)Nzu;%U6cC%< zgrrUanCZU#E}I)LCMa z5c`6?;{5N+wcO5RK?GlvExepWnq`nB5K#XCD6V^VOayTUD+{5vPSum-Zi(s&ePj|f zvB%{;zo6~SW)Qzt#FYN0sYHPY=8PVh<^=Qv`SQY=-^G4vk;&P{gV zpFzAXajH|+9gT)A+{Bg0zVQZf=7Omy`%|4lZf;WeEMc@ib2dLQz#cJ~nnDgUDp~T3 zppu`jhAHu$Bjy&E0FCVH1Y>Q59Iz;*MvooXe>%xw53cUj3$a4A>l?KkrJx{D<>IsJ7xX%@YjwMHl}q^M!y{!-^9AW;&uV7l zpeL}uhOJq)*Qz$8F#PQrnfY0M5=`aytc2}a>FnAySKCQu#`trvziE9|J1d=2bh2Oj z*sTvCtlE}{hPo9FIO)|h4Bu_O;Sy7=Tx4s775@ntQ$+)=*EVzaJdBidV1T-SxhWz# zweR)9?(?)9TeV7@jFxB~{(ku(>Fi9U4-405wkv4bjnX$j71gzPO40(#k;+94Ehi=Z z#hZTzcm0X?Lj$cktR+jy+4+;xGV z!RwB*x7|q#sM$lowXhHbfE;#UuJ#_ENDI5Dko^eHEm*{WYKm=6O68&b=r9f^>*)bFZcQHspeGlDVQyy4u zxB6r#PKy`f0~qU}%E>TWdEP-g1tVOjs8%0Ct^LW+LF0(!wkPmzTW5K|Yk}m?1lHEp zT!d4TDCl8;X3OD0y$tK;zil8!C=fxX`!imS((UH}2dx)`Nix@uHWZ`!aqDUa}&8BzF{>2f; z(h$mYo`5RDtGY;%8&A5Xck)nAxG(31!>b5vxJd*Gw%4Z~*=w*R&wu6i98r|*F3pu` z2#QS=ZX)Dl3Zy!fq+1+Jq#@^aB%@i&xcSazuhghwVkU+TMa^SaN^Xu#F-^eZ#pg)L z$B=7(!rqY_TeVW_eMkH z0+=2*s54i$2DLgm_St}d9(X!EdF=RFNye$r0(aNui;?_Iug927xYWOwU!a{>dJ!Kv zYp{t4uUU|+S`Qkx#tRxtt+NGE9ad1TXmRSi?kIjw#ScKh9MAUx=yO zZZEuK(f6U9z z!%^swrx^Q_*&z0z=F|5)8SOa%cOjN^7RgdIV=b`n6^7oY@E$E*8|>c5Ir*?5xfg;G^dnnyQ=9}!cuydMW!rrW7 z=3D^?l4gM*#3k;LzNu%)WCV|kNxE$(gSGLjs zBjb5bS)?y?eZ)HFen8ZMardeDu)AX500nxv2rAvktCdcDg53J0m6gJG54=7p3pz1Wz<4$s$fk0J5;OitDmT{#cKo5yvY#RIz** zuTQlOIoT1=x)4dZ;94m&xu8STGI!ZAXxyukR9}Xr>TI}FSaP_Pc1tKw-WJzM#nS#U7&ze_Ix9sXxwgM~GB{*}Dw zfFRsD%By=1Xtwpx(FUd{`&`7A zohJf;Ognv7(ea8VozZ`ojNlOw&BX@Edu%i1GRSI^<8kqPnS9`6^0e`v6@FW~tCZxF zk2EP$B)Vfeal6~AkvYUG=H6epPOf|0t1T%zz#JBToCausPYX&BBR#Sn*>g>(kKA9E z=t8LKu3~ukjQ?1KR5Vf2(??#-Y?aD0u-!S5mI17-eHZShj}xEFrirRB%%EYo5621w znjDjZo$Bo@t;GwB&2N(_&X;;6RGZ^9kq`^-ujQ&lyCFK0jaFTC4&(CP*mE`QNO3+` z=l;Qr&d<*czoC&S`}p|uK-)EE6&F(@!$N_}@dSRA(ymO~E1gcvOOH+=rLL9$lflsu z8kaR#n#bJPedp6fDVB6JaSj{lJs2ojW((S9ETYN8BkN;F`nXO z-vDE=X5r3wb^8F>EXd%Mv01N$n6)44IT zHj4hX4(PGcRQY~)5Yj~mjW}WU(;5GOXseCZ7L|ZslTv7`;jg#W%yPPxNbx=hqk!#g z!`_5!*bT&k?pB?V`) z8eFW@fl!qzShT4t95H9V{)DSCVuntSXu?F{c)Eql3lhM&hJZy|}Bca9&{mubUyJ^s!?Lc_tq-M`)4ism^1OTr@<68bW45{^*nc7d2@ zhs;AKI}q}5S{3j((aW22KNUPouez38KjZIHjje_#aHS38P<(_^pVt+^j;XTja!;^<&cJ}ulN0GYB*JmU@ z?XDNO+vB7_ZC`_FR=FtO4+tF4=l-f!`44Ol zBR9^V8&F!gv@93D3Vi$aS?^Zaf7i{}!xnrRQdSpFLE|t!b-Mfs1D{N7mUfWQEC9Bz zCg#ohN$)hxL4?hS7M`dGR^Iqdev89u^zR&U$#uF18PDs!Zzh!gZXUpQ9Vf=ND$xmZ z%tAeG5#X!RI>K4NyB*8Hmo$h{$fr4z*x=ElfDxlyi7Dwcv6R39Y9{AfHO6`juW{v= z@m%AH%`|iFFK-tdGSr!gdzAF*6L<^LAF~Yz{E0qiJmHA^MJ_kvoR?!y-gAXB1>&mR zl4ctUsc-9_VIpU+Ek!!yeo%_Y`m_d8&m8@Pz)LVJtkS_H{b_gQE~)sB)vul1a{#m7 zAU@RlYMDh>N7JJ?;hj=1Nj_iB&o&m2M1OxNbv{Tl7Cp!IN%&$Ybx=7$3$njX!t7}B zspOT5b>X?E1j4d4H~398BM)^;gG-E9?O*qk?D5L^_Za z?Xc2QMAE||3P%o`*=0`F+LI>{&l<{QiFjg|`Qk}}=oRq6mT_C|qGm1dx~C29tP}XMlXLyFG%a#oI>puh9{qe*F&(PX1*$Z)&>kPUU|-2 zIIAa_hu`TkMG`|}f?Hf#2dC92S0M@Nar=Jd3x9+I;;65#I1&-ZW>?$rI1+PEN3f|F z(;nx)GGKqO)N+X>hD&Cw-7~+P!1eLOx)T4kUSn&rU&=3%;ciU3CiQ12^TV(n;t1 zFIchDCElRPy~!ZL2DN76^@KZclkxY}>6Ny#|KQG;_6yexfCpH38U9>MOwVDg9QpCO z(yKXLdPf)>+Q?bv4hHIPt7AR}Ji&dWb>Tz@W@)1cs0gMLEAN~}!>lN%As_3;1sy`k z#?BWc#|4EE{^qk?aiz=}rE67dj7*|L*#?dTQBU#-d|7ejNg5kGD{*z9H)ks+`TJCMk?n`!;%?^Kzl3Gi=ncNvFUL^%j9$k-%jphtPs#@_Fk1y_F5y zt-hM;I9WeyeiQ#|imSwYR_i^|uMs7;hY&l6cOTw-aJI(K8uR-kQLlXh_pDs@;aeIi_ z5$C4C5oGUu3HMmIxFZ=x1LV8V03D8<#(FpYw19BjxBml_Kx@CgCL(+mTOVX`;ge6e zu&PIHZ~*XG>vF_}e!~1W#{uyG+)9D=Z!IA#ER64mbp!6^rjG-@SbCJOu#SXpR~O z78b^;5#4}$JOZXqU&+0lbBRYVedcZ+-rdFLD{c@L)|=^rJAmm#ZXQNp)Vgbgh4tj! z5n+7){W5lb{5h74Yx$0&Lh()`H$6rpB_Btn(PF0(WVvejaM~Vbd^m*gnWIpNcqB>vr^}*MOQfJ> z_S_wuoB1}5E>?uBeRh3OC|(1vZ6n1lUF&n{q#1L{1)`#3@v^GGxn%DAa;~n#C2Jw! z!3&rFbw3iBfMm=`yx>@Yalq0!rcq~hrd1HDF#qoW-Tj(Y43;Opm!)x8kK$zsZvZ&5gG2&QasaMU7c z>_7;F0KFOv&UPT_(5WRHob1r*>~OHRtxK)9L!(mTU~h-xll2OuCtIR;9SB*V)#=e2 z?0(}*1PQ&J9a^3KrI+ouytczVSM`y&DR~fm^D(LST&e7F4y0!d`|RBWM^vSe@7+b^ z`Rk=6(v32ysi^>1fKdx?(8PWxMe2Tz!ClY#Wy7e}@Jql}-G4{>2HR&=q|VU0e6~0f zrz0!)lfBf>jSz zgLfw~fU2FeEP8(&6ORrctWQ(YCl%y_K~14_3(_`(Q>#D(NJaB)fB9n0P^>Kpz=!XB z!-xWxn6z>WP>ja!K-yT0GUyud5;7<~kQi0&id!D%wl^1(-& z39}sMy^Y&IQw~F$QOs*sk;W&MQ?gt|3?9*_fPg}-^yu7#mhTJ)sW2I>V0)Dx8T{5> z*64kSSU8Upo5PUm4+Y>h&CyJ3im<%4r=sG2ghdt<)X1z~H--{r9l4(XE}jrr+7ILX z98B4nNUnL8F_kw6Y+m6c`Z%tU_l216J1Wm{rxPJB9=X1y!1cw-dy_jdBh@a82MUqGtCwq?+_#RXTup9eDWIv3lVW;-eqaW9T^S4EE%hj37X(*P>FX_+inP z*clvX(WxgIjTZS8cMb5`)*z@=AgjP?l|h!#NiwLO-9*%C2|@n%>MFo2+4IrrNE$V2 zM59KH=+>wa)lW`j(T3URi?pMVi-u|qYjZC%fD4x|ap}SZbkc3qcn~LBNIia%{aW%OR7cN{N;_?NG zS1QVn=ba$u3~5`M)twzD?a|0L zsTEQLb3iZ`?mpteg$pD_T*k@W6LW?Nl?t>P74aE*qR*VAMHLm-Ol7%n;R4q#U7%bA zKh|9F#x?yg^*T0V;xR4nHYv$3D;D6Pil9(%5Vz3abaD$_TKj{h8~_80!@(oR5Y>8- zll%Yx8G)T1D%C6jQegnxwV+pfk(rspjZ4vV@x6mozkTlZ6)Ia8t-TZCU()f8;@?XE z9vX>CwM%0*6d)=lo~8RPU|BzeZlR5^^AEym{?!w=1ej!MRW8c0vxP7uALXVD*?Tuq zBOnl6U}a=e7Vb`ZHr=w)zil__o4;fBw~MIw(Mm>sv5#}}o8a%K=BuL_Ebi2k@ikMK z@!bmS%MIu5wUZd^b!4F8+W9MFMPDPsD!6>+7S@z|NNN>YwM0~g;NGdzh@3c5go+(M zA0c}4XMFuhLkbOD$@uZBxH9Q&W{+t~v4M;EV!gAzu3V&A?FQ)dhF2aOz-wHCa4}ZkU{1lmq(6?41v#5o z5iC)lDFHxgB9ygUMCIKj&vG)L6`6e2t01i=+1d?AfSq2Q+fXmb3Y*v5V9(k4JiKxh z(z1AvXkv&egEXrKIWd-kJ`R8(H(yUDE#QNsO2=xsNy9hFac*}uH`mXkRL=!u%8;os zvF=(LyLycTtVn=|iyck6*M(FAPv1~JZ4O{ppa4gs3fbBVNX7DO$D^2RM9d`;3)H~P zn2v*cV4nFd?p`FOIDk2kL${1<{NWo;K0F9_qDZ!YUD{3T+-o8Ps8kZhY%>`uBirw1 za;W#1+{RQMPCDvz3`P^3&iW5qGS_blKYl%iP1Be2sP_k)__8J0!{-~w#cSE1c%mR=}!gG zl0%%@m2IoSsVDE_)2;hS*H@uj5L|q?knLYLrP{dr>|S(=_NC)#{lRDwb;W7xU4~;n zT_Y!BAx?mUlOt-qj9LOmXL}@#0R+!pF}T(!5;- zDpjvb(*QX8c@1v-bdcZ{A7V<@Vrw0xc$JLVIe7U7Fyw=2d^7z+eponze(z2~tA&Nr zrt7O zzV{0N=(Q3CgCXB^3ovc#efIUKL-@AtxXeBPz(*&**slyeS{Z9VF|I_U)0|Ae0Rikg z8%Y(HOGKrWp{bW6>t=pVhgzk1cXSzcG;fHHS4T7%_DrlBK-Ue&a@QA^14$0ilO>6K!bO7GVsgp936O(xPTxcqqb4*$#SW{@gwJO2r!~^^a3J(^H>T%r&i%n zB#`q-Dj)$U2!NZ9J1H6+;!n2zRw({1qXq1RiK&B{qJ6J9ecrvn2i?l>)d4L|m4}g& zY32EM_g1SQ(A_|d+BMm?Wj~J|oT7-G2Z1#^W8Cx@jarbL2B|T(&}nm+_~mBOGxng? z!2RnfB;Swc=Fw9)M_!_OkTWTcg)k-BK2lJr)c<)i0RbvWLZ#7S%CWsc&}vku^}5`@ zHEJnOjjQ5yAh1}>IJ>zsaNHCY&-jQXGbf``tGR#kI%B8J#wWm!^wifUn0uwK7-RuX zb^-#Pb$FBk^jdfv>(p+H9Q8g>oX~QPM0&Y#@;%$oJ?0bqL$G_Tu??E7=j8eGVf1*FBX zxV<|&J%_M$*m&H4(6`@U;yybP4@?GZod^|cH;wOmh61U$xIwlx3wNFE3A(!b$8*KaK#*TkPdwt zf!@}Z;p?q;NlZG1ox3|=dynd=O`+*qp-ed)z~k*BbN5B*9*g;|OI;G>1ZK=yPvnld z0QhL2UZV<>&UV4z=!|1nXQqDh0HSvS@bU3%I@Ya*d-Qo!4!*yCpas}VX6je>W>s1+ zNpoiaa0yuZ#b=1v2-JG}-_Jv#_?v_P2dzXvfE^eNB&VA&$7S=*l+rvb)sMS}j-$0^ zz^_KBl!d@mpF`88HJN_A9?8>t)4N4svfaufOer8q$g;qKOnios3+FCz{nA;koH;>F z$4DkDoI;#Kaiq)y^m;9Fo*VaHZ$v15b&*p(fOx&B)f&=MQ%Flm!QIP)x8I-2!+STm zfAb3O&-fa@f_}usq>z=Bk?+{PDz7xeG+Ja<{1Q)O{qA625PQH`V@IskkDWihi*MsW z0Mv7bIrC@Jv+qcXwP=btRn0`-Y+8+8!t;F~fbA7SbW#S{E;0Gm2evN+#`dX7zrzz~ zQLQm}m%!1@pP17bWF#g+P9oF8Dq@{6hn8=Cg{W|p_=rU2^fgeZ$#=v|izPia2COFB zfwA*OFtFAND)#8X*Bw_e=FuW*g?&WP+9$Z51igG>d2i=hz>lULFtOzzg1b#*-o&fa z9Jr48lN<4_(@I))T7d9aMJiV0EH&HTZ;eB9TW3n!r#Irg#EFDfpNb)H7M5EuvA;J( zM=r)wf*K!Bqf)PTDN?B!F7|rPn<`*2KE`6qB+~*hk7KYVL^G|SFRIxKY0&jOiq&mO zM7o+*jxkKyyA+G61doh2sn=;Gr9yX-go;9ztIYhm15k=}V_@RL3AC&?2T^=J@wacV zV_s|QYYpYW^$wWI#9;xVqf@bDCg<+&bPL3##FCSqNIO40!@m8DCjENjy}LQZ{k?H9 zTF^Q$i`v;EEc5Sd0di=7K#>D6Ia}x8+&h1 zqvI#s7l34aQbVUful1%uk%G+Lu!VR)2mEpevUbd;P;hyYy-RcR{z+O`lZa7!;GzSq z!4;92xAx2|3nY^nt=@oD275g?x;cPK``X+%6n~8*Nk}RQlQ9P;S2xCezKHD13_N^1 zNKQ1OQmK&T*XJ0&(g0z8GcRs!-$z{3J+Nk>1&XUQ)a%+991G=1+oeVTUfWi4=a-fE zsx5?duMdXO`SNrH_I%!rl6G}}bG@Mj?bx#RQ;uy326GJMz1^Aqc^yQ|Xi%5H2Ut0# z4eNs{l5}GaWepnY_G$xo^JOllHG-B^%HkjVto*_Du;+)N ztXvy{HT5(#ef3ld>jvm>23C)0$flAj$c#RQyH?HTb?cKpz6-8})pYWJ20!gY@-K`8 zeAcf9HA-(J=E?>PYUtHG7z$JYVD5z0G^|sD*z23n0L`oSBcNJG04i!={et2Au(=*N zaVM$c=Rmo(T}T18t)E00?;Ny9?AtSnLPeidk@YSNE%$H4p_1(jl)3Fov$gOxVoqE_eaFfF9<=O-|FdNQluDS~por%a3Wm?cNF z>Sqmyt+GJ2TF5rbI9p-W#~slPFG{jQC~_89WiXj7cv}og4|9+B}kd=nNuM?})f}^tw2!YjV zMK&67bauwc)tR)UY$TP0Uav=zq}QT>BD~@Np`4eFaxH5Ewf|K5M#XhBD*pT31#5xY z#QJju98{!sIt4=ESU|(?^4`pTCu|b?Q)}dMIeFp%P&4XpgKmQ^Hlv z$1{dA_v1Uv39d=2^4`>J)*0zuS*#Y&sU_^496+VFb=j-}dq+nkwe4>;w!GAOv+~;E zH6lq8@{_N%p7w)aGTIs=N>4iO5kkCHwM5E8o8qNeb1{{r!-g>Hor0)KbmB}ZL~VM9 zp5xjgIp+_26pDYE$gxtdxF;pQ7(r%YdsMOsKW|6uyb6+*YN52Nm2vM5!{8)HiZwB# zcNx?@PGPopMwm^cJog!-lxbn%xMpbOx)@bX$cZKzSNEjshR?`OjzFV=0zRHdE?%T% z8gUd7qu&Z5y2(~Vb{alDu2|HrXmV0f#h948el`X@q$ZhY5a>dwFTN%_@i9J55^a47 zVhn4K%0a^$E;?H8Uyjj9i!sSW;{d3)Wh?gfIucV&RMNxzEweD_1nDs*l+KbAf0Ys- zC|;WW)!oSXW-+5DzYkF(@C1II)QU>oJ_G)IH?<1IUnL93$u{EUqQcv)5FlZd1*S~f zjnrNXP6hliTP3VkGcFDqgye(OVkX~>RtQ|3>=2S8R*Tuzb|Bk`uZI>qZ8eHktBjm& zLZt$uS)f)KDOAuG@I$uB*hvDby%(6xxO%u^mBDJUAj>BF+zjAR5~~c7Y{Ajp6|2RH z0T~A`cPwTZtXA76kRF~`EHYMMMJs`whbvZDLRid7HwcQqObHMaFO4L@&`Qn>-L&9U z7e(>^m;fvm8C#R)ykr5g*#g+kSBq8fdwmF4ta6_D0x+Ac*an`@PnJQ>G5>0+6(q1c zSufI)d@Ppy3qL7!ZXVLpGMk_NY1_W%@=_@Ns@JwBMTJ74P$(3yjuId!6bgkxp~&Zz zzG9eiB#C{KhhfQh0La(_L3WO`9ngka-TDCzud;Z#WMI~|d$4v0V^+-uRhd7v+?23f_W8Px&#HKiu@506#M&=Cs zfJXMG`Dp1Rq<}`b%dfp=WZ|IqXySZ<@!w8H?H>x*I%gWSem~c~`2;delrIaDhV`I8 z<)JSu~X=J?^D z_W8qQ761PTA&?}2PGf8RuTcD3Ns@&0k{g`9(g5M7``H+8Z|AF7?}JZ$)WAKJhQ3pG z(P2poKHIny+)BL4A_BH*mTqx9rCK5U_%%2mPBY&)-flG<@Bm={txOJo zI}b0QWQC(9XS>2iZRPyP0U=@ZkeohlnowB#q&)~v+(oy*a9w|LdX zRJ>*icsg_X)I*94TKA+qfkN>wWsy;ep7Ean4hCjio{5O+5Motq1qY$N`GuAIGYCO!5%rTsMcmI~o% z>zs7p((xOZO)+Ry5LCG^I_JUwJdDf6$()GU)t77ME>hesn*u?#iACc2p)(Y6%%VuO zV89N0of^r-mFHXAAHDb(bMkFUy6Et)@@$6Bzp8Cenyo0u`Vb!6AYL`J-E3-l#9lLlE4+o)WpJaSeJ zYB>iPn6U5=)njKf{lGp{&Ordwt_|59!Ss8(Jr{#M#!zo+o-(R{Ku;ZwYLvjW_Ot#d zh8QaIP0NFPbmbsavIPjIuBDL`cMe}Il&)O`aN+KwOq@+|coi=QXo%0SkR5-Yz#@eJ z9T_qt-;BUN(16;(o2U%9b?z)0Ih{JCe8JDw*;QPc2{|JL+1-gdCoU0O(hWQRXMIa- zxg~S!&{Pgit&Dx63ASwmB)=L=?|zl&Lt81>$rd2ojm_cF_0xbEKUX!SD%Zkvl{{&XN_GEiEbj537@2gYB z15^CFSp``_g;2e`FTP%BfFJ=DE0B@>`~ZJccG6OB+(@>~tbwuOW=0I$$ki3qacllH z0PpUM<;9N2-dCWNnqtq*#9txY2#<3x$-5c4#kPj zf>19Fb61VQ;M10&-`wEw!uE6<(uPe3lX1Cwfr%4C+2!;G2j(p!?!hJ2Oszyv@1>0U z;UV(0N-VjvpJ-JLKApXdOAD4^@ruKc5Xna$G^2j+`PjM>vatecV>WG@m1fP+l3ZWE zn=-7sQpGS zE`GBLNiB0M2g28X&(Tpea)X1X`Zo1vLGAV&_+cq6>wN^z4U;VaGAc5%Ex10nOhHcv z(p2ssGDrjFt~k$@DW9S9dW>f(w5VT{!E+`se6u}SGaGW?+)VK7z?f~393E1V8;572 ztMD$f@4~j44LQ26A4dy}Vsihl$&T3u1`9PT6659%#V@!Uv%^zaH>4$9##Z3?niN*Q zUlYH!??2lYCMy}q2|S3?Qx*$PPu(s>HFP%9f&VD(VEFwVi;_=-~R!pc& z`4O|I+T%wSSNV<}OO69BY)gcWRo>+M7$cEmk27i12JY|u2EA`4#S(LvFtrk zi<|c4&iiHaMOp_tQKxEY(lbE1cAr&qs&MSsK^zB$^Y!3)$l14e5N)P%))jW2_>yDC zj&bS2F%BC$vuRKtz=(sBftaLh+LTD)*v~5on0bhi{pZsm{TGfMUPZm{FY(FL9b`xB z!O>ZdqrC&D+~~FB7yk=K;8L>m z$IkEI*s){$RDU)D8+9iqb|((5jwHt=(bL_`{$pG61P1`!D{5&rcn0O(zD~dP!F)00 zBf@un30aSF(^!DCa}W8TqaVkPpXb=IV+>w-k+(+f!s*l$nvEa8-or5vYa4BI^|nYV zagj=W`qOyQ5u{yjaqjd~jvqTl&g4Bb>-;XszkK+c$4Bw{lO$VT1PaCf0$GTc`sM0t z8z2<$QW0;jqL%qG)kB-GHCzMS<2Il_vX#b-f_bE^K?yGyFnc7ZZ13l5mUkoSrZ?uK zbG%i2B7J?J-B_*8Au^9-b&lT{*-!iECBANWNKFQr)s~>0ECo)tj8rt zd3Y0z)`){vA{!rWEndYZeLSJsTL4U~=gr(7_8=VcS4o=$6v#=Xa<2eRm=hpw8*7h0 zq*mi>^gh)Q!jf;9=Ve`$y^Axig(Rccxpb&crVnz~Uu6$#Sj3(Qh^} zwS@`iW-|dOqlXqBkKof)YQkJ1D6DTm#Pw|MBBKdEOi0z5T->Dv1gCbKqQ0*mCz6ZO z^6q-x-M0{M24L5WU{3f9=FaY&$eGbpDpZWpo%_FVKez!qC$?hF4@XIGuExi!_fx;i zdo-z3f(x@o0I3*&g`YK|!MiJY`qbaODcG0n%EPVa=^f_Av4kqfw=ZD^9`4&ukFsX2 z7VL`G+PQ34@iutW0AO7gPtxnpWBanB*qVMS6bi+wr&7JV+xBbQQBp*lj9ZEcpF+OW zaI4Ae?_8N3xs0XOsd#I)P^H;KZs;5_dQt$}p21+wG802Wzb%CUkm4eTHz3$%7-)H(w~Na%EGu4QH69dnJ6 z%{+P9=D=42!@4&6&233ZG%_?0ZrQhE*~~afp81A4a|iL0-tEZ%E5CifWeG^mVL}@N zYyPjjyN`u{lonwi^oyUC@I?p(SA1Sv^H1yry*FhC6KKuo|6z`_6o6%~*YkQAhQ zyZ7$ip85T83He=6^eZKw=i}i+_D-FdyL;z-&zyL^4FxZJN|&AKm|HxA`@>RDLIb{3 zNOlk?t${adAJ!_z@1qoO9Z08AQJv(pR*~`IUObTWHxk zg*l}bHka(9dymNkjL?+Q0Sn~r+DUq5J(R=%-ar5f^C9u%zZbU*Pvw^3(@77&cgy!O zZT5UFzH>Z_?FC$P{d)j>wl0rXKY9**%?b*F;NAZlYQ=u^GQ-&Bz1a2J0`i;P%b`Qx zbItIE%qwz`<=alDyVs*Q*8&Eb3Pr0kIS^R{dM>C@CohyZ@9YDff9x&#nb*+e-e)*b zkEyq|2HF13ojg9a2U@k>XS|GmWu*(gxa~1+9Ue!yt~Z?R;)pZED;g z*POEf;kzx_B&HT&ic6(O6%+5qx8Rpgma!tZlGf#t(Q0iCzacDuE7w7LrU-K#_8b$4|1cN#;7Bhi}7z&Di4_j{NL6j3TASv=2lmimR z+{(2BdNaMP z`7oPHz+@w$b!E2vzLoE0f5PaVMMTu=$w&3RK^|xMz(eehi1XMo${RPTOi?IP$j2g~2AIu;-bupC>6%l>y9r)c4qbOX_y*|-R zuK+!WSyOm)Vl-9C$ABWwum3B)&op>;#GM3`O)Ofzm3nR5bh-C2P81NnKWMP{{Wp26 ze>|Ln0bzF#K78|Yu5FwO5)dv3K_f^;Mg}oTBsNFn(b*qQm$Uka!2m285Pf_juw~h0 zta$P%h7CxA$mY}mYIh&RwVy{3_33r=>slMAank4aW(^8`k<9vJ84Zi)a>aya7(8GQ z11}p)QjJao^%Dn+zvA^9R5JxAYS@YS%kse31;AGs(6svyihj81#OHZ4? zrAD8QKqA5aKjP}i9De@?4y;dNtynI)Y;fphHFOR}AV^CybRBvX&p*EoU-nN&Hw^%< zf4PT*m0!?d_%K5AT^^$<5HL&}%5|Uc(5WgYP1^FwFFx@90)!d^{C<=;uzmY> zTp4?gzMhj+LZGbV=+6Z%4`szUM}KyEb&9j|I5JFgMj>q9zLWGF+d(fo?il$7Y~Qhu zo!htLF4zZz8ZZ|e$|E|?!R|tp(!2xwlP^8u{GtbRwr$(SfddCAD=RzgGe4fy8iZo6 z&cW^3EckpOB$Z(T_Ny9Cy!117RNP9hn_mYd3Kh8ehK}@}^&wSuenrdo?g60G>m@rk zAAHCD5Q{uIrRiBXjY1kWsmhWMFJj@WnHVvLSegT$Km0uPoCg4fykb9URyG*k(6(g( zO0u%R2>sEz0+3gbjqWR@$Q{6)o{eH0;->MJGX0V_XnphJIQk4>%2%tXSh$erhO>`5 zKc5a+d4&W^L(ly?Ss-War`WX62U3|=CqFBfKxwGzzAON_S=s15SExK*gPiP4@Q2Rt z`5p;8wP`n4LhI+3>EvYQ5%iT}0v;Qi#^|Nv88>VsL+&3BfognpActiyy~o@4U5u@5 zc!N7n5VCR$2)gr5_#T;o+i&T~{oi!urK`tNYvjFb+@X*&dn!|&=?m1NM=V^Ma|KC( zdDLvu44VRuX5G>K0R}mI;AqGI2Q0e%UIt!%J=Z-F39;3eKFmFvl0p^}rC z4SIM`QGfxx>Tv7y`aD1CZkpV5ew-p8uRUYkMhR1qXCVk3XFaFer~#H2%`(eli0i?Pkwg*>-N{F zcK3vn{Pv3TQLF`Go7A8Xh>ZS)K=#QS3ICOhAUys2VwSu+70t1qdLApcJ=}{%18=3n zZ7aAV<|(dy^+Q}r3Qh0&nC@%GGHu05Fg0S_?BA(2$XpV z%C(zQ!}%Ge8f^f$DAvSf!@8j)Rz132>q<7th7ZA_$MXD$THNFPh(}+!AB-jRYS@6s zpSqg5dn*HGdNzwCs(28XLRHAEYewN2JOZ>702)MtZ^%GwNp)$ZM&Y|`I2e)Ka}l&( z`5BXLd>PkckI_3xHkJHKmvp>3l%B_co z$^;A@(Uj`dhhwYN6M(dOaTE?4NAo`Q05cX~+6}FFDrydoy?P%QA8~WzWUl*mIhd-` zBrzB3u)bicdcrdFtze?Zs;RvC!8)Fr{4k!tEHvPT9O*we%}4kDQ1>KiO#6ygAAT5P!DFPQn0e}l zuOYepNw14Ie|dml(EpFCX9K{+&#WVI>ea0M=@F7^!&Q*qC;C8$5 zd41@*e%b>9PdxEN;R`RkU<89fqp+|r?7xzd5@X-KeMWY6w(-9xE-o>qzdiFGZ-2lr zj1kvAW~`ZXxnUTd|EVlOh<|RzJ2Q=f!lJWXj8pRB&-q5*cMpWUo?#e9#}O|Zuk}na z45Q$L+upd?Z!~RE%kZyxA#B-3!!Q!7Uu|rdGW_UkrG{bDz3esP!vWQdZ*%jEk%>Kx zz@g8KcYZB0Qmc(IdZkn|4oaZla2-?}l+nYAd6# zY>iQK(A&n~su+6~y=(mc&%KZH45L|McVqjstN-3b5$CP?&ulfuPkzyu|Mi!~{{8z6 zzu$k#+m@D=8oPGwGD=EHPI#|B@?S6*G+ub&1>=b)o+vzLyE*=U)8<3o+PO5ly(@nl zj7SI}&a~ATP`_{!@u|mZ2OU6kwZ{CkErxFK2RYE?3f8XO%g*_~@?hgVRDI@U-d%8j z?3^rGn|>#vb{%qyGx#B|nEr!D(Z7Fx`uFe8wCnq`aNl~OHqGJbM~ARFc{B~WUPb46 zwYmTLD=A&OAap<(Ia-`%=WH*ABXR>U@Zrxm^uj~D``}QBy!>nzNeFR)b6UY`vEla| z8wJ$>e4a8itAT<>UYmOSuyh)W++M!x?O{XnUi|*u{p@*nHa*)PBDrA?w2xO&&aTp- zZDR~Q)L46Hl$nYTkHx55iT)`L+AVsMd0!1;_3r&VG2sKYEV+y?R(t~%dHf|#uX8>i zM5u6Azot~X_&Msg@5CSb;tL_f>0$t?Vqmg`Pma?f4z`qU&&IVIsWP+-aIg<>t^1C4 zbzMLW2DOHd@7ztnzK?O<*p~rS;iZGs_-fIU%$?Md2vZV?|DpIGoRhwE_25^r-e20Y6rgOfn%(k8}PJgH44?TU4cf z`(A{`LKH%X|BVh5m3Z(J=X0d4-lN0sdoyt7?gYRWghSb-{JL%%8#it|`rp3o8>tp3 zrsuuabN|d-R=xK)8#iv`i3gTYapwmNx$8>6O82H#)-7*OSO0pbekon7u&4YOv_ly* zs}h=|?5;5l*j#fc6T1#)?z{oJ=V$Uwl^OfMM?BQ69UC|P!q1yFlE3~v z?rdg(#Lm>TL2+tLzFqt)`TN(yUyRBs#NTz!*B}TX#J|l7v}{zFN=02b@-cYO2jgG< zoF`hW;i92$(<((_ecemA{-u?mtU9`FryB6o)aRKwIF0w?=W_FeCs6#?(kCI3$;+l= zt{UpeQ(1#vH+5%t1s|B30g!fSeY%x)A-R4J0Gc{gzMScigV>?X|aHU@*M3%I%*#4QfrA0+&2Kfj1`JK;pEq^m}+dnBvdmWfcE$ zXEh)!*-?Od(=smZ-4bj`M_*r)6{PI9?`hw>Hp=0tnNOz3fVGP^(I6^^#HL+NTUqxO z2iUP>4c*eBk9I3O6`yZDM1`DRXw|tF@aF^WY|aVbS^Wb|I@LvUgwLt4W_Ka>U8|_q zy*0;8e<_6cTjGH?9vut}KKfb>8_aq3#-l%9Q%B>Pg@4|CaAcQ6Ms|7rgv%2KrB~}Uk({R9DO~>p-{d; z?xa$D5?EtTd7Gsh%4q9fN5$rCnE&|8f4P2QToef@6;VtPCtRMK5JybKN*tLFK?os) z_%|tv!peiC6u5(DHz2s&1|8d3`N`aoAEu7y&&CqJ`^AlpI>TmeV)T?J8F>Attbczp;Kcc& zG{&||saf?`OgnGr1|P4`eI^;K5gaCoQcXz0%Uy@cdoJ9dF8JH))rQ zAuTP9@gv(2*f;Cwvgg*jNb7kOX=!Op7}XB_z^8xu-U%Uu`0p_cgIaBy6A>44b_0SZ z09|URJo3T>Zhap-E1x-B!qERzlS(#F`?@#Der*^N?;pmni4(c(tz6!_z795W=-2Hc z%2jO3l}*cWUC+L(vZgTeofkphNjC7wr)&B6nFWxw1Os^GhxO>W3;3}(f|hOWr1_!8 zm^kr1nq5DUk+&@8x9I~=frT6Lc$P#@&i$| zPuv%Ic^>SVKbOuuE~aOP1k#l*YiPTjCWwK4=pD{3WOF%@;xlan3OegX#`&YG=C_g91irfN>XBvj)~?6! zeqQoEj)q_+t9RGNoPH2gGu~}G*_RB);!U)CcqI3~vxl08=5X&%uYvty09NFcW7?Ds zOu2S1X1jylZR*i&$TgtWW%X7McC(FDJA;h7<4*2vu!&J`e-EZACp@(;=O5rI`&vkQ zkTyVt0XOmHqU)IQ@Mh5JGizlY%zc|j7hVMoy8*DMq!A_K7UB(>nDNDSYX0^aw`_eD zVnfRpZi`0$@Cv|>$>gVR!&>wlHU>;Bcx9cJl3A}X^NWGd=4t@;R_MWNoomr!^&B>A zx`?WWmeR5NB#7=zw=SJ2x%+Ygc7v5G7gHl^1s%IR1CeQ=W%*ZQik8{ogb?CF6A0+& zhH>`CLGT82Vw`@SeexH~M|M^bxOG_zVwgWY_2}Nty zGPI!w>>ZAlrAfO~R+O~Gm$Mc_GZPbO2Q@UwPqZz_Zza*R9z2<9-#pK)_e?rzILH8I zJvEI(>|o}s6`?YhZD#h0P54)T4#1Ah8C)8-2O1um;3+yG8jHnBeyKvv`rjB_s|aF` z)lftx#Gt65_6NbBPPEewrcgVLEn5$fs&3Bq8ppA)HM;#BSQ>(!7&k)3Fl(2hs08_4qcUl6Hfqi8ZSocQl?0Y7ct z!P>+Q++v3&VDGB+;=yvHruUkb~YZ({%YAmz40vTl1JPV>;7k%wW&VH@N5C&Zrml#Q*=kLD3~Q@YEeQ0Vn=&`Diyd1G6bA*OD32XEA-o3@YuIg)hD>^FEvplu}w|5N|es zV+|66fdGmE-k^@JxQIlD8E_uER)J#!p(t>;e4z_a;_CBihgWunM zgFEkOM{M0LjB1g@{GS$5`^pFSDI-X`K6i6PhbH*amvd{U^340;2da&@m+$xcNW0`V zuIkc^K*lfs@Ld(+-1J*9+;+>;On>nKrq2A7d#|~Y%wJ}maNWljWs{b63F8{1!NK{* zEgSR7R?^ZM^1`KQ;M(}N%i#gWJ@+HChIFD751)Ve3kOzw!JoCm`d?)MLvMPEPsX+- z)PhThaEhX^r4UL2XZsPu5q<+F@btu<4E?qT<{JmmzET{DGn(YYL|P|Q<-_kj1CC9M zvUKiJ5^E%I$N=3Rz-$VgiVbMprZMl$zLQ@wv#B<{HSH4PShcU1cV3&!dqZPLwWXq` z)?(E!ZZ4$&2=z=jlx`1okG|e*nwuxbI_Q7@H>5V}#qudm;2=;PfVh+hauhT1b`@K- z+ALchWH^~e_Ysv;0aO#mf6EB{yL?gtP2y7dY|#fmt)okq%v(Wnwb1wrjVr_3GadtA z@=AE1V;Ym^y-4M2+tRG6!h3H&3BZIUK_2bimM6b|g>oZX{*5NN59L~YlrjIcL|Wx?f4CXDm7|3Szl6{-&Xxfy^8$-g&hG1ta}%Gq62eH z>p%K3?f_!q;_%qxNg|7BuZ;cQPw+3OKwOLiyDyQ@R}3M-DT+eY=9M@qS33JO2*A!J9LuQt?Fg|Z+Rzoj!G9;!b04!7U70P=r0ZoOYhA^WYT=#zF4aQt9LR}Qta%HE89 z-+so>mQLo{d-L1vp&Rx}KfHd|UHCF~66J($0~+$mo;no1_Ame+AArv%jz%fT0>a0J zADR}&FSW1c!z%_8s!W7VGq!R|pSG0bujBd8eq+|{!;fCWN)4eyB&bb$@$}4J`Q(lf zNB32wzD9=#1xLMBr}q8{aUL)M5A}-Y=^uWEDrqDFufBX0J965R`O_z1>*uuKHR3JTTA;CCP0=ANlr>Cxj-uJ6%Ve)r9x zM~{nn@u9w$v(^$9VJ43xCO$fwEgwEiA#l%wU$g(mH;-=jQyx5dxvW)iHm#m;PZQ~0x~H9 z?zrb`wtf9NU{C^FKjmw_o-!6FB?wHPyN$W`-v#8H>;U3CWf%snt0xlYw4U97;0x#k zd>;PzjrgHH<%sJ#o&$NHdx~fhtuXt;`*`lR9<*uIj+SlOQ03Dxe7f=#)M{5!5omtf zXs-D*ju%HZgOXpVmIT%+tr^@m3LIUC1pMtg&@I_QrFv}vxW8=-FMahMgC4cfrcF!6 zG-|_DHCHom>KFL1;q|%+_`FBU7Bs-;@nIak!G3gCE!HI7!tDF51HJHQ`Jb7eMN;u> zTK8+m{~xd5@@S|$>K>-Nv4F<5O}zTaM6UWKmNso#@y6)Bq*m3?qGAXX7BjB4lkp$U zpyQ)EXw#+*^B=jA3bm8KVgrJB{W|_Xl&?vwiBI3Xlh^k5r%j74v~JUegmTr3tiY(T+B4+VJ)z^_c!tbyAvLPTh-Ac>0GJ+O%v-n>KBjHMkBlo~uiA z(~+m;eHY?vhy!lFqc679Hb-AOlnZ$o9{k?$^%V`uasv$OT#ePsDq!qgg%8*^`)4|7 z(ImI*g|E02>>9fbXff(l_P;QU;lsOAZuoF|+&G(`U%C{41qINx<83rwHI?DRhmjrC zg(dHQf?d-o#?EWgzh(FQ*Kq+ayt0_gHFJ)ZV@)Bv{pvK_yMJWArtsinvv_;#AO>~y zpmiP2&>LRo`H_PdTHA-Y^>9W_dI$fy$tS%Ip-&78H+_@Cef_&Lyjdp0h7ae}wGFww zeHwQ6cf4N`$H&tq0td)2;Pp3t;H~k~pl~G$FyZT!Y+v>=C;GA?&ToccU@Ko2)fRbn zA2ED+YeVeb4G>Y`=xY^#^|P--$-5XeB?W-?m7UD~<_Y%ywi?Co(5y;4_DXeu&@K3x z{#Chd^|!?Oc7nY+7XjOrkEgu#R*u}H=iXZ%#|^(j`OvYfz>R%s)2{9`iVv+OUNflM zvJRLMFat|p8bD;Q6HpF-VYQs}+%OHbycK{Z8mw6}8GG^NM;kH%Jl#14+vbg!t5ga* zUkzCG%n&>W8v`j^-!O{yKfFW1u3xDdXC|&*OG@v%4K2=z0!;2-oq-MJ;7QK>;=z(SuU<*EO}s~p(!3m9Ii#+j&CuL*xOG_(-sv)wv8amx#ID!-8mogN8W zt^lQe=vd9fgu0iKv2iZxRfkfz_j4{AW#wyEW6A|xV0JKlVHSC_o?-Q>vC!~l05*Et z^6C>UX?x8tJTuKiy{&V2XvZ{&zL+9l*_LShyB|RVDwL1I9$x_ss8k^aOJw5FazvV- zTugaXdn{VOpi*oi?&jjJBvmS1WhidexFmklg6F z*QzF1A)yv0li~ns9a~<%yaUP~JHDgh@yBRhJrSxO`>>#5=&?oRL=#XsZ2y&_p;EhM zCp>oLSg3rGYgi=?sz?)B~`RjoT|w{Lxciia3$x+ z0NJbeK;u)NTHpXmq?>JFxdkx|@J=ZA;P2*KwFj*j6J>!Z4&C>fow9sGi%Si20ZbpZ zr||35*S|LQ*88-=+syvY&is8*%sa>)DkTOT$!Th@JUMfL7%BF5VmS|DU6#{^wtBPo zN$?dd=T1U74;W5oq`ZII;Q~P}-)pY*ZjK;`-n>~Jxa$L((1Qw5>7v9~3)HYKYdKnC zHaxlzyuq2CgVpx0RTM@kA*nt*##3D|Dm!3=iTy*L9_Wyc;5-F|83i_44CJ!KJ63M5IgZ>OMm3)N&c&6Rn64GcGG zRy}U}_|KG&s9D3ec05JD-Y((t`s+Gsn1p{8+jQu7Voj`g)`pU%Kq;PzNaz7~pQ-3Y zAXxQCPn%6m6F#RyOEww9D0Ov6NY&*V02uQ*?pACA&%N+!h>B%9bHkUe6O!Fry$F?^ z9kG`tURWzC^cGi!)(kg?vT~XiNtc6%i&H`YW`(m&Bp?x05lQXTpmVg{Lcjcb4u37|0fF`+1(uOSjrysULZg zU0ei{ZMG*H$PUk;h5L(=pQ+5emz^@Q4me8jgews;mq*gwo8eRn{9Uvg_2q`9i zy5QfhkGNSTL`8rkp`1ec{Eg!H5~QT5OTXbdqX2jPN3VPm39TXcMZjSLbm6NY3>#K@&VA3f{T#O?Qy!Hf-7_5}u zdhp|(GJ3HV%hzDE9+9VG+VxFK9`1f2UoMGoB6Y)!YIc04rwBjW9*F^^O}wQ#OtyDl$axSIBBl~cq3dwdbf)scD%s3Y|Iq%F zY@W=LnnRxiY4fKqk+cFb1PL+g;mAXU0o!6Ts1(X@vOQYvmu>%eHp-;G7fPfQORr)$ zOorfzV)sWS^rOc@w;ayC?j2vdzYF|py9L&r$@zhdLoIA_7Pbf2kW=vxzX|X3&g%mS zQa>!Y=l1qsk_Jf+&7vxc%u&o0UXG`cD}AIunj5g@2Hhj^NdWjRnp|qT#gLLMEJS8e zvl>$&df~OwklEV)o&ORf5&TU;r z7kNX%R0cgc)ihOu=GuoN$@J-Z1Mlwwh1c~=iJ)g|{g1&nxK&t^6M&GocfAf{6bx?| z%(bfFx+#qaYt@IN8MFe?uJN4m@MPF>tslhF?e@@v*+xgbcp{Hpe4JLQH;-?NO3osx z3)p%2j~8EjASn>IsBk6|HR1d+6s+ypGH@sDLu4yx@>=VmY?*MiIX#34L`8zw-?X(5 zqM^9C)NhO+!1mezt3gxE-fEx?`M4_rjJW7PS@^qZF5n0$1y)>mO+$|+6;jx%cLn?R zpPzxG2;UC{^@@yD!~(uZdz*QpULF?^SDzse8EN%a0?~h*v-LiNv+JOxU&%Ce%|Nt} z^2N!O`{KosT$qip+ioF+4KrS0JqLv15nXOzqj0%tBIvV36Y=HsT`e!jmor9TJ)7)< zpSrl`4X-Vr0h`_6`$_}%9px@DvwGG*VPYDYq~4`4Mtr_`zY|?hf;CVDT~UugE^eek z_lapb=HU}l+s?X6rtwAVeA2YrtWKwX+=}(`UmBW}ch)gyQSI;$pLTlsiUB!e<7*B0 z7%8(|)hj=e_mOt!5ku|Aqx#)!H#mRh4t1dd>K|#5gNS)xpi!)isO$7T1KY>@&+MHa z(#1ld&dGo7Y7i|&51Fy4?1f133z`wT8aI?T%5o*!JE<~n71`s`evLA^VHt9bTdG)N z3t}3A6MjGFzkHGX%9d=}Qs-w$sQ)8trR+;2{muL_B|I!7_U7w3h`fsvXCvBe9!s5Q zIexed9Bp-1ng@0@r6f83M38$lqfo>;u+c0w%xy<`iU`)=(LFnRJw`QxO;jb}IT7hh zR|>SkbUKNOLEhU8#hY>tXZTo$qLyID;Z`Wuxmb1bxuds0O&|H|H7@s0MjB=zk^E9j z38~+!$`+S5VJ38U!3)7%lQRYF?u85z$~d8I{I58qjF26op**93-tL9t;c0$t8`5Kt z_*_`7fHW7?W5{eZQ_1%DzzOJb^?1&5EtaI3dDKzIxu2z(zbl+txl)xLJn8?az~H40 zJJC!wRZ&?5<-q1Rh#A+ESO!V>Cjh^a2o$*DXV8wS30eC-8=Q1C<|tE6a{2Q;U{u9-Vi zI=wU8!?D>~o+HnE%de8%c4X?VBz{Mq1=VtjM3JcL!-^l?2`PqoFwe}Bz-gQb*`E;% z)Xqe$cJPIio#?i@xKiV#^E#TR%z|?IFZ8jG?ku>EpBcLeh+=;i3QV-5fow$WD~-&( zhY-Af*mttI8&sR_Cppjg_86ff^M89PcBhuwtj~6k(z)WS?ydZ3&?(B2yCctNojRGY zjJ5?}HqtX^sL?lw^NNDi?ar^>VA^V&KXbv4b|(vcR9*^f;vHRtv#2J~&m?oUYju%3 z(o`{*9FYj?$rL^4^W_`Kd^DE8ik^^Ebsqhi&xt(vt<5VnKHc#5Kr0OrxY;~#v$o)< zqv7#OuWI<;e~}p-ui$82G=YOPtlmeb7j%VYrjMvpD^l9F_;?lO3@6{2W(b^+k4c(O z9uX^?#L-ucqs;!XzI6RSX!lnh1(k$9wtB!Q{4T5Iqmnt42^o2zT`u!2Rz-&4G?ag%w=B)w7K>f@Edr@vIMS99%xGyjaCgV3t(!@b(z2iG%MAENR z{K9cI3(cPlrOTSjtISatA5^$Z01=6CSS$=2F|PL#Amr#xc;$K*pB9a^>siLAhOV3M zlexg!Z2wU-gW7`&55Mq6h~W54+9#|`_ExMn_q19=Wal>)QiBf~WHdaLhQj^>9|kA4 z53|y$aoRPK&jf)dY3-{mI}rReF*|+JOIFuG@oy|=JK5W4d8b;*Uo|D`W^juOV3bko z$6c=l;U22#cb6UJ|7H>Gz0g)J6#8KC|6w*e-r}X9QzZ4XK;LWitgwXPiI*8NB^Xh- zEVruNurs-xXaAFzjz&1d`J=Sf!WZ}XL3Vp!1o_cQ9>-8Kvg||c#n?xPr@86o`bZtk z3sfj;dA#*FTbH+iygDTRmvD@UO7)5m&KwM>`IHV{9&dj_YkwVIani+-d%M=VwZVH5 zE^{#z=U~~?O3wFDr|^Hrd%jgFTo)Mib>Y8~bv#UfX$*|*8*_B(!Pz+=!0GIW-E#)C zpeu?jRpERhf*pd)`*X5iac%ItBx97gstCOy`QvwFXO_8RtifcFmik^8Dvg1U+oz}r z@#nKKU-m{yCU?)#`&N3I(MdaD4x#Zd0et@Rh{HI4T!Ido>`Z+HSH&MPxvN0C4{x$u zKyQ3b~y^Xgx-cdG2(gWW%nP8r}tDU!!}T#Sj+*{83!gETmnfmb0r ztbZ{JtV8p3BajtDc*Nq%iglZKFDfz+oN3l(@|Oa)eu0{?{ktiE1;Uu>mtH6~QVi?0 zOIuwm_q*y)dio=MFKtBp>4zd-j=M(FO4NG(vFLAw1O_^}Xg$Ozg7z}?wMFulABy<< z43b5k@CunOD<+IK&nX$_00s)X4Ja!;r7)_T?(L|@bV5}Y$Z&Z@`_YYbomy6xCt-Rr ztfP%K%13<`aitoCVf3qg6NYI)=iyciE*`CIgy=LkS3e&F5{YK)Z~Ny%Fe*d}flWiA z^$#gV4HC*!ic}@-AtRbk7^bG@Xgn>%LTR!p zboYH_y5k~Cf3=4sN{%u0>H#wEHC`CscTxpK^K?=rm-$jNKU`q;yu3=BV33D3x4TfE z)`h9ia{#$Em0R;(U2Q;z?;4&S;*bvt6F`JiOa*lujeXOe)CrzFwU)1xgDci}jQx2g zhspZ}=Rb^UTL;H&^Gic^Mk4Asj17bqjt4RInUJJ2)1m1mwRK=b@zooh%jp79bDb5j zH;(yR9a!uPQ&2H4)#}Exo(Nr!RYGd8izo&r{PqhD+)^{&e1w$zR8VZ#1Q{3-EH9O* ztsM0M4b6D0PrHy8Ut$;bm7bV^A=hcS(=sUq603iy(*tljYEFU z9HT=CBib1XBRV}}n4NVMZZeg(YdBh8U+;?uyDE=#=Nu|f?Tp-!CxHzqfJ_7!Eh~3| z!WGk2fD+1$LZm?g zCj-#qfej@cc)ikw12IR;xu;S>n-p;=Yvh$zuwM05f;_$;7=+6SN*<~#^{;qvc-pH= zKHtae2Q_299w0g2y!!spPY>T85Eo!?B!2T5x-wdm;cg2?d18#uDJ15EofHj;Z+Y^% zG$FgccDH$C!ukEv?sr;zNt&1-17imbWHKH+9d8KSQ${&HW~eHwF$Q6UiU|_eEN8a5 zoF5#fBJ3ofsK|KhaomVoBpjz9I8MS5P4-2y6#SHc9ttsAs z@Tkc+YlxztNn6>^&u!lk6Ff8Z@F> zt95WK5R!aKO?7i!U)dQti9GxhfMw;3w;&AyGdUmrGd`MzR`uQYZ<(G^8=&FVGHtYM z6V`_KWY{=QJU`zA^pU}9qxR$rywVVQh|0!HOv}x0Z;PDt%17a=pC-sV5IBKeCny#; z9Zz+JxBv&)&knjYefD>P8M-@)5e+gIqIC%1- zWLw=;nlQCgP#a}J!`fd)lp?8aU+mlGUx(g~-=sl_U_!pMu92zqs2shE)+c^thR((_ z>+7{*Ow+#B6Lo~2HL(NncU7yMa`dv!%70vFBVh=P)j@Cq=jX|dSj}su=V3Ef?D!0D z3gwkctze>jv2Zu zY8A+g9#{5*?4$vrv-_?$GUSJ!49`#G4;FWcUf-v0l_T-{v6|RZB%YhNCKF1co3vP+ zj-xocX(%gRmX=orkNgO+zqA(Wyi?&u%SNxM+*U_HNtPm~?d@bNzt(}SV2&r0!7h6k1br0WBcKS4PrYFN5L(_-%D z;`oRzG@1&Abiy449Cf)A!w+ru=%RhZ`KX69evaLdfOqg>LV2tY>=!}IxKqBMN+u;r z*&lT$736HItPHC(Ko9qK-Cc1K0QnVR9!pXWejHT|FH&v#=DKsa-o(#dt|>5T8_G#! zX45bgUR3~oxIeYF<^&bFCCFRn$r4a_gguTb~(gC z)hWwZi}{g5;I`TUHk>f()m3J`*Q5_bus!1ZVx{&DGXljra1RAcf;L~QET}J%H(q$g zx(yksIwzBDIZvg(;IZ1I3&vXNuO_iS&(}i8zOIv`OX2xc%oSIx&DP-3k^R!c9Jq-b z5v@7<2C}u8BOfWb++eY{cOV&Dr$`*?X$6gr)T88PWuZIdq)zE>*nQI)WttN@(9^=? z;>I$(9K0*j#I4r{yxe=1r=$32U}tl;u5>g+uq-g@@zAAe_lPY^q21EK`*?VHK88~^ zvrG?}glG>GeBDKORpj^aX!p8&p+sYxqT+_Ste6*4nS}^J`H}g8mtJpeOR;I^cr!4w zx^A#0Z>F|_PJP=mO4M%L;l`&i=Q#9b3~;^8az%EMb%Hiunk4se zFz0Gd8iHjRQZHiFwoLvDzu1zA;Z0X+;knQXDFkWgoV?Nm!&F0M3V;d6S#3hi_XqDe z5JfBsHS1TSanm7{cLpLyei@hRRx4G*bu z;m+>BMFi~1=kP;&cWq~xp{|-xLMF;`4&h+i0458AUB zre_4RTY=K%tH-J|_mKmw0U~rpHXu_t(4tJfnbv6xxycme} z3>8dG#RT%Z)5R5rrXIwT9#c9~)M=b2E zp2OO=DU_VW?)!i+W-XJh={>`?J%id}6nL)sU zvO$m6R$>bkfU(#nJT<-xt)`u14$9izm7eN9<;Z$%alc&1kYHZ3+HPRE4}`a`L_&}GArt%8o_QmGY@sF1bdD6Y zqbx?}%Az#wTZCS=(g>gCF}2P&BW=Q`14v)6nKW@Yb0?qQ2ePm9@_8BpQHt51<#46k z7mhgUSF3$w^s{7}70u{%d84NwIGyMHY^kPzSD(ytfZk+f6RZ&jhhtkd?HzPu8y(sX zrI#Q$$FebfbMzNyW_n*$^0>>Koe z6u@4l!tMLqklK4lV+CeNBEgtTrUB()S;M?(m{~}A^Ix1UuZZrmB)Y02qsehBp%dc4 zofx=|@t;3B!{bv&-I;>3@%L{I%;D-V@%-KUOgHy;g)op1R*e0d<;tuH*Vnn?xR-K# z&qBg2hzmV!A^)N=ko=K9d{(?_tk^axLu;9&H#s>bZUzwPTbem4jClTDY;2GWXUoT_ zKTFs9rKRrWtODr;551-Q*fqHI^aXZO1=+eW z(in}v|Ib*%<;J|80IWI4Mj174W2cN!82?m=yMyz0cji=)pl@RZ*3>VEn4HvsX|5+D zu7%rNVj9=Gg;F^jdz|Xm)v3agHX{wIcX#Fo57gOGo6po?{SjnezdgDz55n~(0G5&S zAhk7!kJdG3#9B)C%V$}`xbxGu{;0XOg66M&@J}Hb+95l7knpHzP|7lnmx*p5kgilL zjA%(oY*^v+^eJ%33kWf$CjLMb%4p67ROSn!Yxa9d!b%AoZ%^SRto)#K6Qb*F+JeAe z=DHbcmCNArvFf#qkDI~&Tp$9H9`P`%W!b-6F+4hIC-oKs5ma3R0pEg{1(yz~ok2{xXGQAq~F=#h@hJ-!tp@Q|d&zStRlhNu*XRUzJ-P@};LMwQI zO@BcS{+L8ky_0u_DPjeWmwW(;FsZSdBchf!Z6suLmW7moqU*m2CdTss^hY$Ys?5OE zK@MBr@Br>0@!j1nIJ@ys?O4lS0FXJN1*y(?xQJ|dbc%v`5Bm9QF$5!=MD`VKzsuJN zPx~hWy7{&)AmWq?TKXC`(b**e2hIu6a)2(>4U%|GCJrkODX?(e-1s_ZGgH{H{4x{SUdDs1UW&bV?XsBn>HUYQ)UV5JX^QD$7h8Sg zhUiJ(%W2X}uT|Un%SBp3J@@aQBb%rQG+BDZ!*TR}+)#WoH6|rqNsLcZ-gZdcun4xR z>Ho^0kHI+fmsLEok3%>uaAKlc0yk=1Jvtf~2%L2+!NM36b{U2ah6Gja2SRH0dOxn+ zljSR%5ciypy4+i(?jA$l75NC{ynh5FBQY&njek)pczI{ zO}qxGL83W$6r->a!GMZLw?K3B0*T)(=6L=NuDr@0r;XAMS^Rp-gG?hoA{yDqEL2n; zCSP=h_wK^;9+3 zpS9W0OA530(GkZNKJ#_ARTeugXM}9#DSlaPS)45CBj8(t@>Uer+cxiToeMkfyI_of z@7epPL#Y4mPJCz0^VPB*?QI7L>-gvOh%-DQi4uQbJ=F`}YJGB}4@N+;{VT0=+NadR zUoTr_;xP`@>`!SrzPY*m;Jn>pf|l>Im&-7FHb`VF?rhg`WRlIF|4b;a)U_v+ms(t- zux8>$a4rlZeLa^E<)DT}O4Wc)o)TLIXx@4PPj5x65UxFO!wZe-vfl6S1mT zRfW!u_C$(ocsWBhxsY1|GJpo!&c`EII|0Tjb1641?8AkDHmaA8v9ncDc%KZ<966pu z5OGya#hV=3S#BxZGDOQQcNaq-Ns&`j=6N&udl;dV5G&InppM#uw$ZOU@bez)2tJVp zXUTo*Em-_+`ZD~bJAy^knMe5i=-=)+;~Q;2e-MvAbR4zw?%_%X!bHzz4*u{Z{q z89DBIVS|^>e321{z%K>Z*gr9gLi-hyASc3yO}R!se%>HMwJVKag64axAT2t3Y5fZ8 z^oSx2HP~L_g*C5*1=27+GK?`ymmiJBym$d6XyU|tESt)anmqu!>;Q=I*T(80ni>XePnLiUA_p zTCCNMElQrkD#6@lCGlsZ9TfJEx?sH))QY&-e0uii94U0ZsuCkT-Z8h^@Qi6k6bN7) z9Mk(0eJjR!rERCxV$yQx3x(aSNdKPtO7A-5$2~1Q7RC@*)TE-4);Xin}`1#+HBL=)QwSyb6`t!Q)V8F9l?3y zhv@rZp;->985lIkAFq8tzhL;q=#mie5eWlBF$mn35X^HGkTj`;|(RptrTO;HCGCy!+6`xNf zO!g&wU~QZV?n*c*kUaEpMioblN0rc9JLdrfWg*kg>NBJ$!c~4#3%SUl#ayRQ`TBnh z_6^+*=Y@l1A9qn7ScnKzTIAFZ3z=JGeUb>A6uTj z9^CaXj!YLqxL7br&3p^c8K<8{#li^1z$b=2dfAb(Ki?p`_jBrZD`lQAUo2-JT(-n{ zp00`0b$^RKA>gWHS*Rg|HP`*Pzv}Ast6@28u!YASlyq0b%qz50d=UACKK*;ZPrN3q z9@lu{Rm5G9;?GVGn!x6%hs)C?;v-Mb(*?e24o5NSzZu?~53@I~3r9gZiO9!dR~P-I z$>LTZA6N_IV&I;yFC}AbXvQ(Q@07G#`b@mE6u|i_5V|}8D?BMjPT)y^&uQhuRj8~| zuL{<%ZQLjpNmrB5^E8pItTA6ESuAxBhw(l%pe=MqkCF?#0m$ROp*(NycnJ9#vA#5& zh+7{ZE;C$<{1~Tp?XZAhNUMRLVTKUW(-Da>C1di@7gb?J3^ss3LT$aSzOdS8hZfgu zu~^fMCu!+{9rFJj?+g6(bB%So^d83jRl+wE$f!!db&vb2n>S3rXf*Yrem8ndy5)r( z+y2~*MACNC1h{52xv$jl*wOOW{q0ku!$wxf#h)RH&c+T8zVA9M7FUgPId&K@sH~KB zRgX-$=OKorZYRGwdD`$3rWK7Ak7%`Tj_(3RX;{zC_8aX5gZw(T(CUmK$+5WS+F%Yb7!|3aIk8H6Qc~W)Dfq{pi zCzXKK>kz$P-INSGi`1>QxaPeq#_Ej)lKKCZzYin3gh1~3$So8c z`7L=$A3}}n-=E%)>YLoJOU7h6x98(|eSp;H=ZHi_<3FMM=6&t^A?Modg4EJ|#ZWEj zk#m_-xO>Vdm@x3mBY!&*Uaf7rjb5OeF6lONc?S~jtu}6b6AxPg^bmSc+v$j{X3!eN zPouaUy`*TtoC#EI#Sy{3`Q0)N8+1m~tL0f#n}1#y*^Jmmbl4=HR{HO%q%XH^ z=YqY&mSLg5xUTqlk2~?)J8Zy{ZsJG!OKc2?-<<+k~fXDXQ~IvwtC zb+p@MwRB*@$89}yH={^S-%b%!4{=@(flG;c-u~dMR7J^!4OQBxMkWL>re6-p818P#TNhj2#aNKeTm zFFiw%XFCh35^Hc*W3|VJMJ3M8AioWj>XHb_krlan=O5;fP?AF#Q@D~Dtn??iQ zS-^)L+DybrL=;4?7My!SFb6jd-D}`dF{W`{{YW4znJ;X$xI~umQGsTGr163}V12&?#%#1lmI0CBHQle6x3j1X&W*zhEO8*lI?TR8T#2%b`14H& zl(+m18B~#vfVE?9Iyhiy3~Q|}XMJD|{?EWu)X!_ivqMgFI@!ub^C2VS#snaW3UoCM zV3I0&;-iXPoG|h3C|&@a^riNfxHD;*i07IFu#{;fkNIw9JcG@W)D|EtCCet{0in-B zM}LEL>BVb}KTx2EOWvgqa52>GJI!W+6;bgcXb+ky#oCoGc5jmt5cYtSruhbd{56v$ z-cTBQsR=OJcV`hCgT<YnyQh4yK$N7jIc@Ze~-*W;L{vllH!bRG4p;_AXOuSI0 zWVzzvp!U-SYoRQ@(0=9<zH^w;hYViK01#LX7A8GY%9i2#@UF zuiZ{;%H!@vuRm`b@n55uxQ`vrg8C9!u`454-zg)HMWs^FRUc zDv@wPxlXtaFg^>F8XN{Bi;>k_T*PBb2(26CA2r0p@9CA+qu=*?#JzSRX_3Bj>)tZ8 ztc%IY%B~<~l_uur$8Xrvvawx}k(Cz@4xP>%I8QBET8LnPo#3wyIvNNTdwAI9wnNTx zY)cs#jOMCUyW8tcR_aY^g39Qki?wMpsIHD`Jp$k=FiTdjZ4wOeLg(#vc1%Q&9h5WF zb_VvQsknvE8fRnQjUe~P9#K=t?*Oy~gDJxH*-S6a2sq}-U3#2SuI7t7c2$UDd;2(; z=2s@sib!W=qe}1HXT?$k5}H3`jpM?PWMF%^q6({^l1#X8Y;j1TykT2e;sn zT%sb`y=sSPfT>?L_eUIYG4hFFqfntoS)6w-@r`9=C|EiYtbUN$x*jzMt)XY?@~BP2 z8Lpn(`0pP0K0A@+xIQEsLD|BR+K8gDu$WTqupa9VCAI)&% zGFLj==^XKf!^I^lVdoN92aWEgYsCPg>h2WV6*d+nw$Ke5v63KVc9!|otG-{&;cU0&t%eugV+)TZ-yKS-x&08{po^E!AxWJEB)F045u%mg5QkXmU|W~7Qrl+nE+1t_Rq?m5wL9J(>%V4!`dWAoq1H3fF`^+W0{g z6zdSi)bTtZzRp=JwD&Qo%dpYO>P_eQ?w!)lyc{qxp>+psy4m9_B>foVq?UH&ebFrP z+|%yhw4Fo*))!z+*ZzdWRG;mnJ@ml+goCJrvT%8nHtxn}=UC{&7ZQ?hW(Z_CA@@XT ztLuXP&B9xEOFZ!_^w$o@IN4ubV)6d@GU3`!g}{k>kIpXEQqLY5Y6u$5;!SgW>p{ zwG$`l4F(2Dv%NC>5BdmtE?<~$md*fw^;yo+cWtSI@^0U6tqHNWTjOS{va z8$J`rExwE}z1$UqGbBaz5s7!I4e4>gR^hfD0KaE!dM7z}bit&;H*^!goqmcIv`2)1 z6sKJcRDu5OY#80~gnOiK%iCet7G50wi~aN&y>;jgPK~=7zS8jl(AwFQs~-#HyLK#I zpVyUW_@EHDcQOjs?R%=m`J?~H0`t}PY{B)hmPMtyRY7S710>eFys~lU|5slqZh9}2<}A4qJOO@5C9?Y z3(4T(@$;ttJ6aPTPLgTOz+)fF+{du0&Rs{GEmSON)${9oPA) zE5Asf6NR<597Er1tNO4&{0obc?;R#fEXh!nE={4}BR8~drl-lUZpH+cR6BQ6K=wby z9u_1KzP=G&u0stc52DW&6v-TkHX$G;#NS5HfDBNkPSA~^zkBraimtB%k)6e2puotw z|8^Wnr4_Win!786h!#W|nEhz9^AAXHwva(s@x1xdJ?N1yGJ7&?$CH??B3C~Elw#Lv zTqdZsW|sW2D)2=(+j2Ozc*&L(A#EciV3yOXJ(ut(n@OMfm1f})OP zww##BuE^LS=i*9Lki|V(KLemmw*$|pkxuZZhbp}2^OFV#=kDq>E<*UV;De1aRG?u$ z7Q7Iyq*X)y!9>oczLhc4wv#5^qbxQ8Lo=rCfL+Vd^@X&o0aB_3bh1f<(aYnGirEA2 z`VF|3`?J2w&<6xw^`o*=5ek@zQMbQl=aVp-ka-whp)Gm^nA_;CMyJIR+?}>6#m1J zU|>DpqAYxsy_k_V+u@sxgvo@LQnO5HAhvkO1d-<4E#kjERf?)h!{5;>600+Sm4sq22`4< zOr(9WWP1IDFQm&i9AkQKfH1B0FHs-4|2dEQQD}8~bH?5)C#j5=uV>=%@9PX2KwAfa zZJ{up=rD^1h}jZ6<&(Ig37d?qvod=~u{XqDLQiyB%V<+wj&J4~L6y?W3M$*bZM}(G zF7WoZ&z2n^>=F3wbpXX(P7{a|>WH59cGv`;{O!eFvFG9b8Jo;8Z0tNs_1W>zZ(7==sbh<-tfl;K_&tp52sy)aVtbI#9l24;mq*iS9G_8?+XhH0ATb7qId-1w*Y=(a2%xsLa=4VUSy~Io&jW7RX)>!hGCB zr(`w)K;~zcd&2IbEK&ahBCnQil?O%(;v?vw(}$FLj|&6;m+$0@IRQ%E z86~3AxE=Q=L`1}uv-<$1mAsh$?9h-IJLacP(Hr(77Z0WcmIq$d7$0yN8g;97+CMeb z?{4oo{==XP=%So&q4B`Krx~PeP;n%`eCI;2Xduj=p#@v`oQ$7#;j1uqJS!{f?N-?V z8kPU-eqh`~(O#`qrbvP#nHZD=4vd4~Brh+IV$tyJA5cP|h(m-6Aqb=RZ`JL8O6fnO z1RfT+DzQ0xW^rQSf2yfyr0!3oC+Fw0Y!Cy%C76XLe0Rr7(0iC6|Neg`XJf;R9-{m| zU4r8Tm`~t=qka9i!JP~+^o9xwYy|H&0)<3`F+rpKMpj`V<-Y>}4#~u3Zf*_^jRqE= z;O-Ir%?8}P@&9u$q5lDYU}*PmyTScS{dfHR|3Quv5(NL}W2*ms{C{@ue+%}%LjoqY z|KAbDBq1_Fm~lZxl5{BVrgc`BF@a?Vfmp=Cq-!Z!u?-PCnmKF0c6@oIb151_=p+8$ z_P%%M@LA3?JA6q5r>xw%z^&S~qtz~|FKthw>F5;GYGHjt8+=&Xt~qB(2o#D999kg- zm5p|P9_2|C|M8IzXltB*5yAe)IS?rR$1Ot<{wE>+Z}}ejr6kaZ04}RE_q_ferR;FB zX37TyWUGCX)zFBFih94F{wM04?!5#^Q3f7$*IvyHL`A?rLJShwBEy&e*VQ5Z-=Y66 zMEU-{5)B?n92-h)2F@fA`9M<+S6-m#EX2OjFBKeEjns=$%jD{lGS2G6e~`*cX@R^( zzHG4QYuC}LiHLJ(m?ZSu=Z8G1kh_$$G%$3Dy0%midtE~r5K+N7b?472eKVK&2eNoC zB&D)49>pP9eAN)RQK4R+mbI@g<{&$uqWZ?2WE(4uK%+i8bI+3&9AG?H^{pW+BO{}S zt1|y_v!YT?R20(fcoF1&_PcfCTv*@mpRy|42XXnSv9c_2Px%sd#yyf5#l4|FD~24N zL+Q-o;?6rVHnzliq100#Z$XdmN?P+rDwA&W)}6PKwckI3!Uqg&FT7g2j=B@Ra+_aJAZ}I75|`qJf7AjCaelQtN<|xwwB*4+w|KEP<=04DpSJ3FQFQSMFXD z&fo6}%luIVue;d)3l;n`mJbpZeA;3a^;JiS;(!XAXAkKw^or^g|lzp>hcgbF{x8IH_cO zeR1r$vI91^0Y!UAXgI`z|`1Y(4!cLh0q|SF*VV`-IB74oud?*~`QoB|-?u+&wdR{;#J3 zH+ur(&S}`7eq6tH<)7jn^Bi)l+i?4nn&sIzbPJRjH*XFp4|X7f!}C@@ch>3LJd*1O zFve7*+6YXcONH+C9FFl%T%C!bs|W@1&SbYfxJ-g0T- zIBa@}xOifP1p?`w+tgtFm^q;PiV^ZMn&TFkTr$|*u-bmzpKf%JF+D(d7%pe8UyDC_ zkN^1m+eKUFXsfit5cGYmx$*m2+6kO{e{OfiN+{j0)~(7!wQo1OU)S#!(ZT;EpS&~; zr9Kf()A4I|#J*(^Jj~*Qi$f-UH=D2FCxhLF3aRW;Fow!s{0qLX#i4*(J97{W8z?NW zI%x3Ad{6nODe)>W0`>ryjL#Ndnr?}cKHZV?2nR;R2Nv#3OcdQn);$*K*1x{s^2Vab z(=haD)1r4a#iH)Q*FSCurF5Jk)^o6{1d|p6cPiMd6Hb~M%+I`Smg_(o)-u-ih?Pi$ z=6n?;nT(!q?(^qQp$a85d7X#)0Lz}CJy}z)+qT0M8osZ*GRkCeS%d~Oj>&cBH*1|xG z{cr=5m+Q*0LEAmrwBT`hMVpfE8zuf^d$X|9Xy9|;h%VHO0PqZd?Sp(&=y0;^0u zO|PGERw>8Kq{XNnK#NF=B74gGB$n=#DXbcu;#ayW7F(wtOsheQima;4^(sAwKYhK@ zwWIP@snEkQ9oCn7>-I<>FfFV3A!G~JH5$})^2E*%7aHr*W_r%+i|P%2^p!niOKLO# zir3}{fZpes+=(p#hf!fTg0f?lJ=nO~@Om8w(*15*E0y@CLgq+SS{VJRf)N0OokO3k zC>TKc@@1?;R#g&C0)SqCcQTjEHz}kR2fw&Fp7oJ_@ANIX^Eeikucb0Vl5j>Us8AOC zC6F9h=lso+5V&CS;FlDI|5eWpQ2#MH9%A6{<$*Uhl*!2CXrzgx@-vY@s+>gB%nn9q zAhM>FAQ{qPN-ENj!gS5Ro91xq=SI$JCzN_uN)3&kST|enOx{xxfi#-KYlh-naE10& zLOQB2=_38JA6HaG|7wR!z`s{GU=n*L|I9m4u2IJ3lg@vM`x;kaf)ADFi-JSRM8x0F zxuOSerSd^3M?A(04P0NWpiI|$;PrY@YdhZ0e>8fXLdk3jjoG0?z;R)|OBL3F4Nl0} z8_rgajB-#6RHkuZ-wJlnvlCKXu-h|}U~kkzgwFSm(G^-9ss5sbxyxxE9DU zFB}k$w-#3aDo!g1)=^fNkk~W;H(#qWSLR(&lA(Q4GHH8OhUQn}F-$q;C`tsPyZ^7s z&O9m!B#z_W0^*fuXo*LmXdYyitPgQG*OfiqqJ9P zd9Yr@YHB5JR_2YGSLL~BNwVPnxBu<@KYz@ddGqG;neT5#NaAK+37WsfMO$ncmg2+R z{3+JZ+2x#Kv9aJ=8k+#4;*MTTvqE>_6KZGQ&!6*4ZxY6a=IA{4`G}3cWt? z_}rXa!8NMcm+;jFrtAX)v;$@J#Jj@IO~O~*#tT~eR6MNJdC=I13G9z*Bb;^Uq0MYV7b3$H#`W+&tF(j}qMDt=-KF>C zsK%-`D{9spE63gQ57RKm94#ggQgF|AM@-!Ujx!D%$>HEf`7a=JNAjk?Bp@{&@z=Q0 zK-?Vjwtm3A_wqEK-sq(}k@-~g_44w)ColrUOfg%G(R2jnPl1q%E8Xz-bOlYeE z&4ih6vQvKqOi#}z7$Q?UdlLx>ck8=3Qz`DTEh!qR>S_SCMS-i8E$6AJjn_k)`O;kz z+vWibRFhhA6kKj+s?r(8o}V)SpvFs%3d!{;vKt+vHFLg3kqrAm>**vg7>8M5{b{JI ztaqv4mZf5Lr>V;ez#Pv_%M#KxlXoSbWnd zEqTyb)k}}ksc&_J+ncH9KEzvw6YCsMhp)y^d{)L&WK|15ymE<()M$AiPi4I*pD~y7 zP|~68r%E_m`bvZ<J6kJ^lUI7L~T&f_6Vq(6=)`I!yhH`gbw5s=KGhIs*=I7MW!J)D-UiH?cS6vu9&u8|#`17YFnU$djSC zlH*-7hdgnsGjEqR)HF3+$x7NDO{D}u3&g2oc5U+SWZ@HyoyaGf$pSgSw9ytaD?{;5 zq9iKsh^VWGLZK1i(Z807La6hf5dXuqU_~M*OpC?ZrKy?ptaqQd=Tk>K-qM{T3dtyu zImG1&yJ`=b8xo2h4ptMZV!x^|EqP_wUE=rEkiyZ3HwOY++2b=Yw1IY@SRQYRkR)Su fruW?Q;cTJu_^0~GS~;aF5~Akn Date: Wed, 14 Aug 2019 17:54:54 -0700 Subject: [PATCH 363/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...es-to-security-settings-with-tamper-protection.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index ae2c287e14..d9b2c3e1b5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -117,10 +117,10 @@ Tamper Protection will not have any impact on such devices. If you are home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). -If you are an organization using Microsoft Defender Advanced Threat Protection E5, you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization with Intune](#turn-tamper-protection-on-or-off-for-your-organization-with-intune). +If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization with Intune](#turn-tamper-protection-on-or-off-for-your-organization-with-intune). -### How does configuring Tamper Protection in Intune affect how i manage Windows Defender through my group policy? +### How does configuring Tamper Protection in Intune affect how I manage Windows Defender through my group policy? Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender settings will be ignored when Tamper Protection is on. @@ -134,7 +134,7 @@ Currently we do not have support to manage Tamper Protection through System Cent ### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? -Currently, configuring Tamper Protection in Intune is only available for customers who have Microsoft Defender Advanced Threat Protection E5. +Currently, configuring Tamper Protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). ### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? @@ -156,6 +156,10 @@ In addition, your security operations team can use hunting queries, such as the `AlertEvents | where Title == "Tamper Protection bypass"` +### Will there be a group policy setting for Tamper Protection? + +No. + ## Related articles [Windows 10 Enterprise Security](https://docs.microsoft.com/windows/security/index) @@ -163,3 +167,5 @@ In addition, your security operations team can use hunting queries, such as the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) [Microsoft 365 Enterprise overview (at a glance)](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview#at-a-glance) + +[Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) From 4c456c78a684eb7849bb64150a0ec806bc2b005f Mon Sep 17 00:00:00 2001 From: Robert Mazzoli Date: Thu, 15 Aug 2019 07:39:19 -0700 Subject: [PATCH 364/395] Updated Edge secondary tile logo code example in Surface Hub topic --- devices/surface-hub/surface-hub-start-menu.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index 9ddfa628e6..41f2584519 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -3,12 +3,12 @@ title: Configure Surface Hub Start menu description: Use MDM to customize the Start menu on Surface Hub. ms.prod: surface-hub ms.sitesec: library -author: levinec -ms.author: ellevin +author: robmazz +ms.author: robmazz ms.topic: article -ms.date: 01/17/2018 +ms.date: 08/15/2018 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- @@ -107,7 +107,7 @@ There are a few key differences between Start menu customization for Surface Hub ## Example: Start layout that includes a Microsoft Edge link -This example shows a link to a website and a link to a .pdf file. +This example shows a link to a website and a link to a .pdf file. The secondary tile for Microsoft Edge uses a 150 x 150 pixel icon. ```xml @@ -165,10 +165,10 @@ This example shows a link to a website and a link to a .pdf file. TileID="6153963000" DisplayName="cstrtqbiology.pdf" Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf" - Square150x150LogoUri="ms-appx:///" + Square150x150LogoUri="ms-appx:///ms-appx:///Assets/MicrosoftEdgeSquare150x150.png" Wide310x150LogoUri="ms-appx:///" - ShowNameOnSquare150x150Logo="true" - ShowNameOnWide310x150Logo="true" + ShowNameOnSquare150x150Logo="true" + ShowNameOnWide310x150Logo="false" BackgroundColor="#ff4e4248" Size="4x2" Row="4" @@ -181,8 +181,6 @@ This example shows a link to a website and a link to a .pdf file. ``` >[!NOTE] ->Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub. -> >The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark. ## More information From dd94dfbf00f8b54a731abd4c37c2315d78e9480a Mon Sep 17 00:00:00 2001 From: Robert Mazzoli Date: Thu, 15 Aug 2019 07:40:43 -0700 Subject: [PATCH 365/395] tweaks URI entry --- devices/surface-hub/surface-hub-start-menu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index 41f2584519..9c1f451f63 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -165,7 +165,7 @@ This example shows a link to a website and a link to a .pdf file. The secondary TileID="6153963000" DisplayName="cstrtqbiology.pdf" Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf" - Square150x150LogoUri="ms-appx:///ms-appx:///Assets/MicrosoftEdgeSquare150x150.png" + Square150x150LogoUri="ms-appx:///Assets/MicrosoftEdgeSquare150x150.png" Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true" ShowNameOnWide310x150Logo="false" From 30a9e26a27f5903bbe522a98bab62a0e79e861ec Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 15 Aug 2019 08:54:58 -0700 Subject: [PATCH 366/395] cleaned up a stray CBB in Upgrade Readiness --- ...de-readiness-to-manage-windows-upgrades.md | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index 671ba50c38..bb0ea00851 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -1,63 +1,63 @@ ---- -title: Use Upgrade Readiness to manage Windows upgrades (Windows 10) -ms.reviewer: -manager: laurawi -description: Describes how to use Upgrade Readiness to manage Windows upgrades. -keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, -ms.localizationpriority: medium -ms.prod: w10 -audience: itpro author: greg-lindsay -ms.author: greglin -ms.topic: article ---- - -# Use Upgrade Readiness to manage Windows upgrades - ->[!IMPORTANT] ->>**The OMS portal has been deprecated, so you need to switch to the [Azure portal](https://portal.azure.com) now.** The two portals offer the same experience, with some key differences. Learn how to use [Windows Analytics in the Azure Portal](../update/windows-analytics-azure-portal.md). Find out more about the [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition), or jump right in and [Get started with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-get-started). - -You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. - -- Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. -- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. - -When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. - -![Series of blades showing Upgrade Overview, Step 1: Identify Important Apps, Prioritize Applications, Step 2: Resolve issues, and Review applications with known issues](../images/ua-cg-15.png) - -Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step. - ->**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are running a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB). - -The following information and workflow is provided: - -- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers. -- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications. -- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications. -- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process. - -Also see the following topic for information about additional items that can be affected by the upgrade process: - -- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity. - -## Target version - -The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example: - -![Upgrade overview showing target version](../images/ur-target-version.png) - -The default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. - -The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version. - -You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, Windows 10 version 1607, Windows 10 version 1703, Windows 10 version 1709 and Windows 10 version 1803. - -To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution: - -![Upgrade Readiness dialog showing gear labeled Solution Settings](../images/ua-cg-08.png) - ->You must be signed in to Upgrade Readiness as an administrator to view settings. - -On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace. - -![Upgrade Readiness Settings dialog showing gear labeled Save and arrow labeled Cancel](../images/ur-settings.png) +--- +title: Use Upgrade Readiness to manage Windows upgrades (Windows 10) +ms.reviewer: +manager: laurawi +description: Describes how to use Upgrade Readiness to manage Windows upgrades. +keywords: windows analytics, oms, operations management suite, prerequisites, requirements, upgrades, log analytics, +ms.localizationpriority: medium +ms.prod: w10 +audience: itpro +author: jaimeo +ms.author: jaimeo +ms.topic: article +--- + +# Use Upgrade Readiness to manage Windows upgrades + +>[!IMPORTANT] +>>**The OMS portal has been deprecated, so you need to switch to the [Azure portal](https://portal.azure.com) now.** The two portals offer the same experience, with some key differences. Learn how to use [Windows Analytics in the Azure Portal](../update/windows-analytics-azure-portal.md). Find out more about the [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition), or jump right in and [Get started with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-get-started). + +You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. + +- Based on diagnostic data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. +- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. + +When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. + +![Series of blades showing Upgrade Overview, Step 1: Identify Important Apps, Prioritize Applications, Step 2: Resolve issues, and Review applications with known issues](../images/ua-cg-15.png) + +Blue tiles enumerate each step in the workflow. White tiles show data to help you get started, to monitor your progress, and to complete each step. +>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are running a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Semi-Annual Channel. + +The following information and workflow is provided: + +- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers. +- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications. +- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications. +- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process. + +Also see the following topic for information about additional items that can be affected by the upgrade process: + +- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity. + +## Target version + +The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example: + +![Upgrade overview showing target version](../images/ur-target-version.png) + +The default target version in Upgrade Readiness is set to the released version of the Semi-Annual Channel. Check [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx) to learn the current version in the Semi-Annual Channel. The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. + +The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version. + +You can change the Windows 10 version you want to target. All currently supported versions of Windows 10 are available options. + +To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution: + +![Upgrade Readiness dialog showing gear labeled Solution Settings](../images/ua-cg-08.png) + +>You must be signed in to Upgrade Readiness as an administrator to view settings. + +On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace. + +![Upgrade Readiness Settings dialog showing gear labeled Save and arrow labeled Cancel](../images/ur-settings.png) From 33b7db65d744fcee455a5ae89af9e7890bd1e300 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 08:58:36 -0700 Subject: [PATCH 367/395] fix warnings --- .openpublishing.redirection.json | 7 +--- .../preferences-setup.md | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4f7d56e2c7..2757821538 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1627,11 +1627,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease", "redirect_document_id": true @@ -15101,7 +15096,7 @@ { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md new file mode 100644 index 0000000000..e5f2d93731 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md @@ -0,0 +1,37 @@ +--- +title: Configure Microsoft Defender Security Center settings +description: Use the settings page to configure general settings, permissions, apis, and rules. +keywords: settings, general settings, permissions, apis, rules +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Configure Microsoft Defender Security Center settings + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) + +Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. + +## In this section + +Topic | Description +:---|:--- +General settings | Modify your general settings that were previously defined as part of the onboarding process. +Permissions | Manage portal access using RBAC as well as machine groups. +APIs | Enable the threat intel and SIEM integration. +Rules | Configure suppressions rules and automation settings. +Machine management | Onboard and offboard machines. From 8c47ec8b26b326b09b9305f4c2d6b2ed302d1ebb Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Thu, 15 Aug 2019 10:20:16 -0700 Subject: [PATCH 368/395] new page - wireless connectivity --- devices/surface/surface-wireless-connect.md | 84 +++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 devices/surface/surface-wireless-connect.md diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md new file mode 100644 index 0000000000..5194ff2160 --- /dev/null +++ b/devices/surface/surface-wireless-connect.md @@ -0,0 +1,84 @@ +--- +title: Optimizing wireless connectivity for Surface devices +description: This topic provides guidance around recommended wireless connectivity settings for network admins and users. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: dansimp +ms.localizationpriority: medium +ms.author: dansimp +ms.topic: article +ms.date: 08/15/2019 +ms.reviewer: +manager: dansimp +--- +# Optimizing wireless connectivity for Surface devices + +## Introduction + +To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings. + +In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key connectivity considerations for wireless network administrators and Surface devices users in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go. + +## Prerequisites + +This document assumes you have successfully deployed a wireless network that supports 802.11n (Wi-Fi 4) or later in accordance with best practice recommendations from leading equipment vendors. + +## Configuring access points for optimal roaming capabilities + +If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/en-us/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols: + +- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device. +- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization. + +Surface Go devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs. + +## Managing user settings + +You can achieve optimal roaming capabilities through a well-designed network that supports 802.11r and 802.11k across all access points. Ensuring that your network is properly configured to provide users with the best wireless experience is the recommended approach versus attempting to manage user settings on individual devices. Moreover, in many corporate environments Surface device users won’t be able to access advanced network adapter settings without explicit permissions or local admin rights. In other lightly managed networks, users can benefit by knowing how specific settings can impact their ability to remain connected. + +### Recommended user settings and best practices + +In certain situations, modifying advanced network adapter settings built into Surface devices may facilitate a more reliable connection. Keep in mind however that an inability to connect to wireless resources is more often due to an access point issue, networking design flaw, or environmental site issue. + +> [!NOTE] +> How you hold your Surface Pro or Surface Go can also affect signal strength. If you’re experiencing a loss of bandwidth, check that you’re not holding the top of the display, where the Wi-Fi radio receiver is located. Although holding the top of the display does not block wireless signals, it can trigger the device driver to initiate changes that reduce connectivity. + +### Keep default Auto setting for dual bandwidth capability +On most Surface devices, you can configure client network adapter settings to only connect to wireless APs over 5 gigahertz (GHz), only connect over 2.4 GHz, or let the operating system choose the best option (default Auto setting). + +**To access network adapter settings go to:** + +- **Start** > **Control panel** > **Network and Sharing Center** > **your Wi-Fi adapter** > **Properties** > **Configure** > **Advanced**. + +![* wifi-band settings*](images/wifi-band.png)
+ +Keep in mind that 2.4 GHz has some advantages over 5 GHz: It extends further and more easily penetrates through walls or other solid objects. Unless you have a clear use case that warrants connecting to 5 GHz, it’s recommended to leave the Band setting in the default state to avoid possible adverse consequences. For example: + + +- Many hotspots found in hotels, coffee shops, and airports still only use 2.4 GHz, effectively blocking access to devices if Band is set to 5 GHz Only. +- Since Miracast wireless display connections require the initial handshake to be completed over 2.4 GHz channels, devices won’t be able to connect at 5 GHz Only. + +> [!NOTE] +> By default Surface devices will prefer connecting to 5 GHz if available. However, to preserve power in a low battery state, Surface will first look for a 2.4 GHz connection. + +You can also toggle the band setting as needed to suit your environment. For example, users living in high density apartment buildings with multiple Wi-Fi hotspots — amid the presence of consumer devices all broadcasting via 2.4 GHz — will likely benefit by setting their Surface device to connect on 5 GHz only and then revert to Auto when needed. + +### Roaming aggressiveness settings on Surface Go + +Front-line workers using Surface Go may wish to select a signal strength threshold that prompts the device to search for a new access point when signal strength drops (roaming aggressiveness). By default, Surface devices attempt to roam to a new access point if the signal strength drops below **Medium** (50 percent signal strength). Note that whenever you increase roaming aggressiveness, you accelerate battery power consumption. + +Leave the roaming aggressiveness setting in the default state unless you’re encountering connectivity issues in specific mobile scenarios such as conducting environmental site inspections while also maintaining voice and video connectivity during a conference meeting. If you don’t notice any improvement revert to the default **Medium** state. + +**To enable roaming aggressiveness on Surface Go:** + +1. Go to **Start > Control Panel** > **Network and Internet** > **Network and Sharing Center.** +2. Under **Connections** select **Wi-Fi** and then select **Properties.** +3. Select **Client for Microsoft Networks** and then select **Configure** +4. Select **Advanced** > **Roaming Aggressiveness** and choose ****your preferred value from the drop-down menu. + +![* Roaming aggressiveness settings *](images/wifi-roaming.png)
+ +## Conclusion + +Surface devices are designed with default settings for optimal wireless connectivity balanced alongside the need to preserve battery life. The most effective way of enabling reliable connectivity for Surface devices is through a well-designed network that supports 802.11r and 802.11k. Users can adjust network adapter settings or roaming aggressiveness but should only do so in response to specific environmental factors and revert to default state if there’s no noticeable improvement. From 5737fc1e7749183046187ee5bd5648760bb0aa9b Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Thu, 15 Aug 2019 10:35:00 -0700 Subject: [PATCH 369/395] new page for wireless connect --- devices/surface/TOC.md | 9 +++++---- devices/surface/change-history-for-surface.md | 2 ++ devices/surface/surface-wireless-connect.md | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index d467d86338..b5f4d56009 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -30,6 +30,7 @@ ### [Surface System SKU reference](surface-system-sku-reference.md) ## Manage +### [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) ### [Battery Limit setting](battery-limit.md) ### [Surface Brightness Control](microsoft-surface-brightness-control.md) @@ -48,11 +49,11 @@ ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) -## Support +## Troubleshoot ### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) -### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) -### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) +#### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) +#### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) +#### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) ### [Surface Data Eraser](microsoft-surface-data-eraser.md) ### [Top support solutions for Surface devices](support-solutions-surface.md) ### [Change history for Surface documentation](change-history-for-surface.md) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 992080cdb0..ea290fea58 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -19,8 +19,10 @@ This topic lists new and updated topics in the Surface documentation library. | **New or changed topic** | **Description** | | ------------------------ | --------------- | +| [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. | | [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | + ## July 2019 | **New or changed topic** | **Description** | diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md index 5194ff2160..fe1ff34fe6 100644 --- a/devices/surface/surface-wireless-connect.md +++ b/devices/surface/surface-wireless-connect.md @@ -18,7 +18,7 @@ manager: dansimp To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings. -In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key connectivity considerations for wireless network administrators and Surface devices users in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go. +In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key wireless connectivity considerations in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go. ## Prerequisites From be526fdb1dc5cdf5daa485c6a0cfb7b194a454fc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:38:39 -0700 Subject: [PATCH 370/395] redirect --- .openpublishing.redirection.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2757821538..ec4bd3b774 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15084,6 +15084,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", "redirect_document_id": true @@ -15094,11 +15099,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", -"redirect_document_id": false -}, -{ "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", "redirect_url": "/windows/deployment/windows-10-subscription-activation", "redirect_document_id": true From a5f62c669d85e5f29228a57aa087f503df472cce Mon Sep 17 00:00:00 2001 From: Sarah Date: Thu, 15 Aug 2019 10:41:35 -0700 Subject: [PATCH 371/395] fixing build warnings --- devices/hololens/hololens-cortana.md | 1 - devices/hololens/hololens-network.md | 2 +- devices/hololens/hololens-start.md | 5 +++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 5be69e50cf..d695fabeb9 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -3,7 +3,6 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed ms.date: 08/14/2019 -manager: jarrettrenshaw keywords: hololens ms.prod: hololens ms.sitesec: library diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md index a3082e1e7c..ab771501ee 100644 --- a/devices/hololens/hololens-network.md +++ b/devices/hololens/hololens-network.md @@ -2,6 +2,7 @@ title: Connect to a network description: Connect to a wi-fi or ethernet network with HoloLens. ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.prod: hololens ms.sitesec: library author: Teresa-Motiv ms.author: v-tea @@ -9,7 +10,6 @@ ms.topic: article ms.localizationpriority: medium ms.date: 8/12/19 ms.reviewer: -manager: jarrettr appliesto: - Hololens - HoloLens (1st gen) diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md index 1e8b575f0f..edf7ac3ae5 100644 --- a/devices/hololens/hololens-start.md +++ b/devices/hololens/hololens-start.md @@ -2,6 +2,7 @@ title: HoloLens (1st gen) first start description: Go through the first start experience for HoloLens (1st gen). ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +ms.prod: hololens author: Teresa-Motiv ms.author: v-tea ms.topic: article @@ -15,7 +16,7 @@ ms.localizationpriority: medium The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. -In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](hololens-basic-usage.md) +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](holographic-home.md) ## Before you start @@ -54,4 +55,4 @@ Congratulations! Setup is complete and you can begin using HoloLens. ## Next steps > [!div class="nextstepaction"] -> [Get started with HoloLens (1st gen)](hololens-basic-usage.md) \ No newline at end of file +> [Get started with HoloLens (1st gen)](holographic-home.md) From 33c5492a9269d5e720e23969af189dff914a9b3b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:43:43 -0700 Subject: [PATCH 372/395] json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ec4bd3b774..48f671dadc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15091,7 +15091,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", From 1e0d05382fd111d8dd9e40becf256dd156e98b59 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:44:14 -0700 Subject: [PATCH 373/395] revert --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 48f671dadc..ec4bd3b774 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15091,7 +15091,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", -"redirect_document_id": false +"redirect_document_id": true }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", From fca8ecbd6268cf3d1aa597d76a7eecf97ac9ca73 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:59:50 -0700 Subject: [PATCH 374/395] false --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ec4bd3b774..d3069c4d21 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15096,7 +15096,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", From c896c03605a92e3840741c505288fa55e4390a47 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Thu, 15 Aug 2019 12:11:33 -0700 Subject: [PATCH 375/395] Update set-up-school-pcs-whats-new.md Adding WN blurb for 1906, updates about support in SUSPC app. --- education/windows/set-up-school-pcs-whats-new.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index 27ca52dfd3..546e8c7831 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -9,7 +9,7 @@ ms.pagetype: edu ms.localizationpriority: medium author: mjcaparas ms.author: macapara -ms.date: 06/03/2019 +ms.date: 08/15/2019 ms.reviewer: manager: dansimp --- @@ -17,6 +17,15 @@ manager: dansimp # What's new in Set up School PCs Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases. + +## Week of June 24, 2019 + +### Resumed support for Windows 10, version 1903 and later +The previously mentioned provisioning problem was resolved, so the Set up School PCs app once again supports Windows 10, version 1903 and later. The Windows 10 settings that were removed are now back in the app. + +### Device rename made optional for Azure AD joined devices +When you set up your Azure AD join devices in the Set up School PCs app, you no longer need to rename your devices. Set up School PCs will let you keep existing device names. + ## Week of May 23, 2019 ### Suspended support for Windows 10, version 1903 and later From c94274e48fde5478f9a8507ded8cde2478035ec7 Mon Sep 17 00:00:00 2001 From: Sarah Date: Thu, 15 Aug 2019 12:36:44 -0700 Subject: [PATCH 376/395] links --- devices/hololens/change-history-hololens.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index b886719944..a228d800c0 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -50,11 +50,6 @@ New or changed topic | Description --- | --- Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) -## June 2018 - -New or changed topic | Description ---- | --- -[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN. ## May 2018 @@ -86,12 +81,6 @@ New or changed topic | Description --- | --- [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New -## May 2017 - -| New or changed topic | Description | -| --- | --- | -| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) | - ## January 2017 | New or changed topic | Description | From 73218b275bf639e0ad36255e5e641f51b8e065f2 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 14:36:21 -0700 Subject: [PATCH 377/395] update troubleshooting topic --- .../troubleshoot-onboarding.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index fa862e9599..5f81c16bed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -25,20 +25,22 @@ ms.topic: troubleshooting - Windows Server 2016 - You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines. + +## Troubleshoot issues with onboarding tools + If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem. -## Troubleshoot onboarding when deploying with Group Policy +### Troubleshoot onboarding when deploying with Group Policy Deployment with Group Policy is done by running the onboarding script on the machines. The Group Policy console does not indicate if the deployment has succeeded or not. If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script). If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding issues when deploying with System Center Configuration Manager +### Troubleshoot onboarding issues when deploying with System Center Configuration Manager When onboarding machines using the following versions of System Center Configuration Manager: - System Center 2012 Configuration Manager - System Center 2012 R2 Configuration Manager @@ -52,7 +54,7 @@ If the deployment fails, you can check the output of the script on the machines. If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding when deploying with a script +### Troubleshoot onboarding when deploying with a script **Check the result of the script on the machine**: 1. Click **Start**, type **Event Viewer**, and press **Enter**. @@ -76,7 +78,7 @@ Event ID | Error Type | Resolution steps 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 65 | Insufficient privileges| Run the script again with administrator privileges. -## Troubleshoot onboarding issues using Microsoft Intune +### Troubleshoot onboarding issues using Microsoft Intune You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue. If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. From 81790b9e25ca8dc1fd022934df388db133853a58 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 15 Aug 2019 20:15:28 -0700 Subject: [PATCH 378/395] CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again --- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tus-windows-10-1607-and-windows-server-2016.yml | 14 ++------------ .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 4 ++-- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...atus-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../release-information/windows-message-center.yml | 3 +-- 12 files changed, 23 insertions(+), 34 deletions(-) diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index ad95a86417..31a7a6d3e9 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 91613ec839..8118608a28 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,12 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + - @@ -86,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
August 01, 2019
05:00 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
@@ -104,15 +103,6 @@ sections: " -- title: June 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
June 04, 2019
05:55 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 14b06262a2..1b0889dbd0 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 0f421e0330..39d57eafaa 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 43dd7629a1..3b3b4c6a3a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 84e577f6f6..9115ba12a6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index ac69403baa..4d5a9c2743 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -95,7 +95,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index e6f0096fc3..7d9fd8bc15 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
05:08 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
- + diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 14996a4841..830012240d 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
05:08 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 033396edf0..ffffcc852e 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 08e207a24e..187dea5393 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 85c3bf144d..2af37b5b57 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,10 +49,9 @@ sections: - type: markdown text: " - - + From 94479f861d1671b4707ce76e16aa7d9a4ed94e2e Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Thu, 15 Aug 2019 20:25:40 -0700 Subject: [PATCH 379/395] publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again --- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tus-windows-10-1607-and-windows-server-2016.yml | 14 ++------------ .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 4 ++-- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- ...atus-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- .../release-information/windows-message-center.yml | 3 +-- .../troubleshoot-onboarding.md | 12 +++++++----- 13 files changed, 30 insertions(+), 39 deletions(-) diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index ad95a86417..31a7a6d3e9 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

MessageDate
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
August 13, 2019
10:00 AM PT
Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
August 13, 2019
10:00 AM PT
Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
August 06, 2019
10:00 AM PT
- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 91613ec839..8118608a28 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,12 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + - @@ -86,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
August 01, 2019
05:00 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
@@ -104,15 +103,6 @@ sections: " -- title: June 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
June 04, 2019
05:55 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 14b06262a2..1b0889dbd0 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 0f421e0330..39d57eafaa 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 43dd7629a1..3b3b4c6a3a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 84e577f6f6..9115ba12a6 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index ac69403baa..4d5a9c2743 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -95,7 +95,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
05:08 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index e6f0096fc3..7d9fd8bc15 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
05:08 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
- + diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 14996a4841..830012240d 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
05:08 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 033396edf0..ffffcc852e 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 08e207a24e..187dea5393 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
05:08 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
03:34 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 85c3bf144d..2af37b5b57 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,10 +49,9 @@ sections: - type: markdown text: " - - + diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index fa862e9599..5f81c16bed 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -25,20 +25,22 @@ ms.topic: troubleshooting - Windows Server 2016 - You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines. + +## Troubleshoot issues with onboarding tools + If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, it might indicate an onboarding or connectivity problem. -## Troubleshoot onboarding when deploying with Group Policy +### Troubleshoot onboarding when deploying with Group Policy Deployment with Group Policy is done by running the onboarding script on the machines. The Group Policy console does not indicate if the deployment has succeeded or not. If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script). If the script completes successfully, see [Troubleshoot onboarding issues on the machines](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding issues when deploying with System Center Configuration Manager +### Troubleshoot onboarding issues when deploying with System Center Configuration Manager When onboarding machines using the following versions of System Center Configuration Manager: - System Center 2012 Configuration Manager - System Center 2012 R2 Configuration Manager @@ -52,7 +54,7 @@ If the deployment fails, you can check the output of the script on the machines. If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the machine](#troubleshoot-onboarding-issues-on-the-machine) for additional errors that might occur. -## Troubleshoot onboarding when deploying with a script +### Troubleshoot onboarding when deploying with a script **Check the result of the script on the machine**: 1. Click **Start**, type **Event Viewer**, and press **Enter**. @@ -76,7 +78,7 @@ Event ID | Error Type | Resolution steps 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes.md). 65 | Insufficient privileges| Run the script again with administrator privileges. -## Troubleshoot onboarding issues using Microsoft Intune +### Troubleshoot onboarding issues using Microsoft Intune You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue. If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. From 48879207d5f87c77132c66d119009fd6379268e6 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:45:06 -0700 Subject: [PATCH 380/395] Reviewed A couple of format edits only. Looks good. --- devices/hololens/holographic-home.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md index d48aa839a2..576866ca2c 100644 --- a/devices/hololens/holographic-home.md +++ b/devices/hololens/holographic-home.md @@ -35,9 +35,9 @@ Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look ### Open apps -You'll find your apps either pinned to Start or in the All apps list. To get to the All apps list, use the bloom gesture to go to Start, then select **All apps**. +You'll find your apps either pinned to **Start** or in the **All apps** list. To get to the **All apps** list, use the bloom gesture to go to **Start**, then select **All apps**. -On Start or in the All apps list, select an app. It will open in a good position for viewing. +On **Start** or in the **All apps** list, select an app. It will open in a good position for viewing. >[!NOTE] >- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. From abfca66c461fde2452066bbb9050abca2b4e5af9 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:48:48 -0700 Subject: [PATCH 381/395] Review Metadata edit. Rest is good. --- devices/hololens/holographic-photos-and-video.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md index 721198bb1e..25e8d4a104 100644 --- a/devices/hololens/holographic-photos-and-video.md +++ b/devices/hololens/holographic-photos-and-video.md @@ -2,7 +2,6 @@ title: Create, share, and view photos and video description: Create, share, and view photos and video ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 -ms.date: 08/07/2019 keywords: hololens ms.prod: hololens ms.sitesec: library From 6dbc883bda694533fb7bc99089fb3d827d6b0453 Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 09:52:48 -0700 Subject: [PATCH 382/395] Review Metadata edit. Rest is good. --- devices/hololens/hololens-network.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md index ab771501ee..6f7cb43370 100644 --- a/devices/hololens/hololens-network.md +++ b/devices/hololens/hololens-network.md @@ -9,6 +9,7 @@ ms.author: v-tea ms.topic: article ms.localizationpriority: medium ms.date: 8/12/19 +manager: jarrettr ms.reviewer: appliesto: - Hololens @@ -36,4 +37,4 @@ The first time you use your HoloLens, you'll be guided through connecting to a W 1. Type the network password if asked for one, then select **Next**. -Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) \ No newline at end of file +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) From ad87484a5a31449d394082a09ba534cef352fe2f Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 10:02:17 -0700 Subject: [PATCH 383/395] Review Made a few edits. Rest is good. --- devices/hololens/hololens-cortana.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index d695fabeb9..03ad75f637 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -9,6 +9,7 @@ ms.sitesec: library author: v-miegge ms.author: v-miegge ms.topic: article +manager: jarrettr ms.localizationpriority: medium --- @@ -81,7 +82,7 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): >[!NOTE] > ->- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. ->- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. +>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary among regions. +>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. ->- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place"). +>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (such as "Select" and "Place"). From 2dfdfc69f63be5709e1cbaaf1cf343d9ca3adfbe Mon Sep 17 00:00:00 2001 From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com> Date: Fri, 16 Aug 2019 10:11:49 -0700 Subject: [PATCH 384/395] Review Edits. --- devices/hololens/hololens-start.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md index edf7ac3ae5..d303ee0c44 100644 --- a/devices/hololens/hololens-start.md +++ b/devices/hololens/hololens-start.md @@ -31,7 +31,7 @@ Before you get started, make sure you have the following available: **The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). > [!NOTE] -> [Cortana](https://support.microsoft.com/help/12630/) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.

+> [Cortana](hololens-cortana.md) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings. ## Set up your HoloLens @@ -39,14 +39,14 @@ Set up your HoloLens and your user account. 1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. 1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. - - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your organizational account. - 2. Accept privacy statement. - 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. - 4. Continue with device setup. - - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account. - 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. + - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account information. + 1. Accept the privacy statement. + 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. + 1. Continue with device setup. + - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account information. + 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. 1. The device sets your time zone based on information obtained from the Wi-Fi network. 1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. @@ -54,5 +54,4 @@ Congratulations! Setup is complete and you can begin using HoloLens. ## Next steps -> [!div class="nextstepaction"] -> [Get started with HoloLens (1st gen)](holographic-home.md) +- [Get started with HoloLens (1st gen)](holographic-home.md) From 31fae324f179b2d5928f27579be9119fd4f0235d Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Fri, 16 Aug 2019 10:45:11 -0700 Subject: [PATCH 385/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index d9b2c3e1b5..2f5b0d9a95 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -132,7 +132,7 @@ Configuring Tamper Protection in Intune can be targeted to your entire organizat Currently we do not have support to manage Tamper Protection through System Center Configuration Manager. -### I have Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? +### I have the Windows E3 enrollment. Can I use configuring Tamper Protection in Intune? Currently, configuring Tamper Protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). From 321de700278025606127be7e6463b008c979067b Mon Sep 17 00:00:00 2001 From: lomayor Date: Fri, 16 Aug 2019 11:18:39 -0700 Subject: [PATCH 386/395] Update TOC.md --- windows/security/threat-protection/TOC.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 6c69dbb154..5f3fdf726a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -112,8 +112,7 @@ ##### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md) ##### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md) ##### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) - -##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) +#### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) #### [Custom detections]() ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) From 53279882ecfca6d0e854e65dd230c66b78806761 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Fri, 16 Aug 2019 11:26:58 -0700 Subject: [PATCH 387/395] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nt-changes-to-security-settings-with-tamper-protection.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 2f5b0d9a95..02469ed7c3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -80,8 +80,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal- - Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities). - Your Windows machines must be running [Windows OS 1903](https://docs.microsoft.com/windows/release-information/status-windows-10-1903) or later. - You must be using Windows security and update [security intelligence](https://www.microsoft.com/wdsi/definitions) to version 1.287.60.0 (or above) - - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above) - + - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). (See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).) 2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account. @@ -160,7 +159,7 @@ In addition, your security operations team can use hunting queries, such as the No. -## Related articles +## Related resources [Windows 10 Enterprise Security](https://docs.microsoft.com/windows/security/index) From 571f981a04e67b518dc73297e4a9f34f0f13492e Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 15:16:41 -0700 Subject: [PATCH 388/395] checkin for new issues (#924) --- .../resolved-issues-windows-10-1709.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 2 ++ ...lved-issues-windows-8.1-and-windows-server-2012-r2.yml | 2 ++ .../resolved-issues-windows-server-2008-sp2.yml | 2 ++ .../resolved-issues-windows-server-2012.yml | 2 ++ windows/release-information/status-windows-10-1507.yml | 4 ++-- .../status-windows-10-1607-and-windows-server-2016.yml | 4 ++-- windows/release-information/status-windows-10-1703.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 6 +++--- windows/release-information/status-windows-10-1903.yml | 6 ++++-- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 8 ++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../release-information/status-windows-server-2012.yml | 4 ++-- 16 files changed, 37 insertions(+), 25 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 36039dceaa..be99ac3e4c 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
MessageDate
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in the Windows Collaborative Translation Framework (CTF) service that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
Take action: Install required updates for Windows 7 SP1 and Windows Server 2008 RS2 SP1 for SHA-2 code sign support
As of August 13, 2019, Windows 7 SP1 and Windows Server 2008 R2 SP1 updates signatures only support SHA-2 code signing. As outlined in 2019 SHA-2 Code Signing Support requirement for Windows and WSUS, we are requiring that SHA-2 code signing support be installed. If you have Windows Update enabled and have applied the security updates released in March 2019 (KB4490628) and August 2019 (KB4474419), you are protected automatically; no further configuration is necessary. If you have not installed the March 2019 updates, you will need to do so in order to continue to receive updates on devices running Windows 7 SP1 and Windows Server 2008 R2 SP1.
August 13, 2019
10:00 AM PT
Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019
Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard.
August 13, 2019
10:00 AM PT
Advisory: Windows Kernel Information Disclosure Vulnerability (CVE-2019-1125)
On July 9, 2019, Microsoft released a security update for a Windows kernel information disclosure vulnerability (CVE-2019-1125). Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically; no further configuration is necessary. For more information, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide. (Note: we are documenting this mitigation publicly today, instead of back in July, as part of a coordinated industry disclosure effort.)
August 06, 2019
10:00 AM PT
+ @@ -64,6 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 6c32625e16..83c3088ff9 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index c99e109581..f18cadfa85 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index b83e9cc1e7..ab89868649 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 9a3dd8d77a..804f0e47c1 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 31a7a6d3e9..4b64489ae0 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
August 16, 2019
02:11 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 8118608a28..3bb897d5ae 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 1b0889dbd0..09c2eca790 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 39d57eafaa..70644fcb70 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3b3b4c6a3a..3e96064949 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9115ba12a6..0f1d82271e 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
@@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
  1. Go to Settings app -> Recovery.
  2. Click on Get Started under \"Reset this PC\" recovery option.
  3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 4d5a9c2743..7b9a5a06e0 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -95,7 +96,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
05:08 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 16, 2019
01:30 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- + +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
01:41 PM PT

Opened:
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 16, 2019
01:30 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 7d9fd8bc15..120e6354b3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + - @@ -81,9 +81,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
05:08 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
02:04 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
- + + -
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
02:04 PM PT

Opened:
August 13, 2019
10:05 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 830012240d..eb9d2ad3a4 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index ffffcc852e..04ed0fc40d 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 187dea5393..9fd8685619 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" From 8cb1108c9687283c87e09b902571e374d413b56e Mon Sep 17 00:00:00 2001 From: huypub <38988242+huypub@users.noreply.github.com> Date: Fri, 16 Aug 2019 15:34:15 -0700 Subject: [PATCH 389/395] checkin for new issues (#924) (#925) --- .../resolved-issues-windows-10-1709.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 2 ++ ...lved-issues-windows-8.1-and-windows-server-2012-r2.yml | 2 ++ .../resolved-issues-windows-server-2008-sp2.yml | 2 ++ .../resolved-issues-windows-server-2012.yml | 2 ++ windows/release-information/status-windows-10-1507.yml | 4 ++-- .../status-windows-10-1607-and-windows-server-2016.yml | 4 ++-- windows/release-information/status-windows-10-1703.yml | 4 ++-- windows/release-information/status-windows-10-1709.yml | 4 ++-- windows/release-information/status-windows-10-1803.yml | 4 ++-- .../status-windows-10-1809-and-windows-server-2019.yml | 6 +++--- windows/release-information/status-windows-10-1903.yml | 6 ++++-- .../status-windows-7-and-windows-server-2008-r2-sp1.yml | 8 ++++---- .../status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../release-information/status-windows-server-2012.yml | 4 ++-- 16 files changed, 37 insertions(+), 25 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 36039dceaa..be99ac3e4c 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 6c32625e16..83c3088ff9 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index c99e109581..f18cadfa85 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -67,6 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index b83e9cc1e7..ab89868649 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 9a3dd8d77a..804f0e47c1 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -64,6 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 31a7a6d3e9..4b64489ae0 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
August 16, 2019
02:11 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 8118608a28..3bb897d5ae 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 1b0889dbd0..09c2eca790 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 39d57eafaa..70644fcb70 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3b3b4c6a3a..3e96064949 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9115ba12a6..0f1d82271e 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
August 16, 2019
02:11 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
@@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
  1. Go to Settings app -> Recovery.
  2. Click on Get Started under \"Reset this PC\" recovery option.
  3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
" diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 4d5a9c2743..7b9a5a06e0 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,7 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + @@ -95,7 +96,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
August 14, 2019
05:08 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 16, 2019
01:30 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- + +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
01:41 PM PT

Opened:
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 16, 2019
01:30 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 7d9fd8bc15..120e6354b3 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + + - @@ -81,9 +81,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Acknowledged
August 14, 2019
05:08 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
02:04 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Windows updates that are SHA-2 signed may not be offered
Windows udates that are SHA-2 signed are not available with Symantec Endpoint Protection installed

See details >		August 13, 2019
KB4512506		Investigating
August 13, 2019
06:59 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
- + + -
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512506		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
02:04 PM PT

Opened:
August 13, 2019
10:05 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 13, 2019
06:59 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 830012240d..eb9d2ad3a4 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512488		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index ffffcc852e..04ed0fc40d 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512476		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 187dea5393..9fd8685619 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Acknowledged
August 14, 2019
05:08 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is presently investigating this issue and will provide an update when available.

Back to top		August 13, 2019
KB4512518		Acknowledged
Last updated:
August 14, 2019
05:08 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" From 1505a4d35fd7875e86499bb62d85263d9627bf73 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 17:05:42 -0700 Subject: [PATCH 390/395] New Announcement added (#927) --- windows/release-information/windows-message-center.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 2af37b5b57..6cacd95c0a 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,6 +49,7 @@ sections: - type: markdown text: " + From e4d207c5ec3c1b889ebf090940348b4c94809aae Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 16 Aug 2019 17:26:03 -0700 Subject: [PATCH 391/395] Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- devices/hololens/TOC.md | 45 ++-- devices/hololens/change-history-hololens.md | 11 - devices/hololens/holographic-home.md | 90 ++++++++ .../hololens/holographic-photos-and-video.md | 42 ++++ .../hololens-clicker-restart-recover.md | 2 + devices/hololens/hololens-connect-devices.md | 46 +++++ devices/hololens/hololens-cortana.md | 56 ++++- .../hololens/hololens-find-and-save-files.md | 3 + devices/hololens/hololens-install-apps.md | 19 +- devices/hololens/hololens-network.md | 40 ++++ devices/hololens/hololens-offline.md | 3 + devices/hololens/hololens-requirements.md | 195 ++++++++++++------ devices/hololens/hololens-start.md | 57 +++++ devices/hololens/hololens-status.md | 36 ++++ .../windows-message-center.yml | 1 + 15 files changed, 527 insertions(+), 119 deletions(-) create mode 100644 devices/hololens/holographic-home.md create mode 100644 devices/hololens/holographic-photos-and-video.md create mode 100644 devices/hololens/hololens-connect-devices.md create mode 100644 devices/hololens/hololens-network.md create mode 100644 devices/hololens/hololens-start.md create mode 100644 devices/hololens/hololens-status.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 36cbb30a09..fe85d293be 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,36 +1,45 @@ -# [Microsoft HoloLens](index.md) -# [What's new in HoloLens](hololens-whats-new.md) -# [Set up HoloLens](hololens-setup.md) +# [HoloLens overview](index.md) +# [Hololens status](hololens-status.md) -# Deploy HoloLens in a commercial environment +# Get started with HoloLens (gen 1) +## [Start your HoloLens (1st gen) for the first time](hololens-start.md) +## [Install localized version of HoloLens](hololens-install-localized.md) + +# Get started with HoloLens in commercial environments ## [Overview and deployment planning](hololens-requirements.md) +## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) ## [Configure HoloLens using a provisioning package](hololens-provisioning.md) ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) +## [Set up ring based updates for HoloLens](hololens-updates.md) +## [Manage custom enterprise apps](hololens-install-apps.md) +## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -# Device Management -## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) -## [Install localized version of HoloLens](hololens-install-localized.md) -## [Manage updates to HoloLens](hololens-updates.md) -## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) -## [Use the HoloLens Clicker](hololens-clicker.md) -## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) -## [Restart or recover the HoloLens clicker](hololens-clicker-restart-recover.md) +# Navigating Windows Holographic +## [Windows Mixed Reality home](holographic-home.md) +## [Voice and Cortana](hololens-cortana.md) +## [Find and save files](hololens-find-and-save-files.md) +## [Create, share, and view photos and video](holographic-photos-and-video.md) + +# Accessories and connectivity +## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md) +## [Restart or recover the HoloLens (1st gen) clicker](hololens-clicker-restart-recover.md) +## [Connect to a network](hololens-network.md) +## [Use HoloLens offline](hololens-offline.md) # Application Management -## [Install apps on HoloLens](hololens-install-apps.md) ## [Share HoloLens with multiple people](hololens-multiple-users.md) -## [Cortana on HoloLens](hololens-cortana.md) ## [Get apps for HoloLens](hololens-get-apps.md) ## [Use apps on HoloLens](hololens-use-apps.md) ## [Use HoloLens offline](hololens-offline.md) ## [Spaces on HoloLens](hololens-spaces-on-hololens.md) +## [How HoloLens stores data for spaces](hololens-spaces.md) + +# Recovery and troubleshooting +## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) +## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md) # User/Access Management ## [Set up single application access](hololens-kiosk.md) -## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -## [How HoloLens stores data for spaces](hololens-spaces.md) -## [Find and save files](hololens-find-and-save-files.md) # [Insider preview for Microsoft HoloLens](hololens-insider.md) # [Change history for Microsoft HoloLens documentation](change-history-hololens.md) - diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index b886719944..a228d800c0 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -50,11 +50,6 @@ New or changed topic | Description --- | --- Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) -## June 2018 - -New or changed topic | Description ---- | --- -[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN. ## May 2018 @@ -86,12 +81,6 @@ New or changed topic | Description --- | --- [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New -## May 2017 - -| New or changed topic | Description | -| --- | --- | -| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) | - ## January 2017 | New or changed topic | Description | diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md new file mode 100644 index 0000000000..576866ca2c --- /dev/null +++ b/devices/hololens/holographic-home.md @@ -0,0 +1,90 @@ +--- +title: Navigate the Windows Mixed Reality home +description: Navigate the Windows Mixed Reality home in Windows Holographic. +ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c +ms.date: 08/07/2019 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: scooley +ms.author: scooley +ms.topic: article +ms.localizationpriority: medium +--- + +# Navigate the Windows Mixed Reality home + +## [Navigating MR Home](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) + +## Use the Start menu + +The **Start** menu on HoloLens is where you'll open apps and get to the HoloLens camera. + +Wherever you are in HoloLens, you can always open the **Start** menu by using the [bloom gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) on HoloLens (1st gen) or tapping your wrist on HoloLens 2. Usually, you'll use it once to get to **Start**, but sometimes you might need to use it twice. + +> [!TIP] +> When the **Start** menu is open, use the start gesture to hide it again. + +At the top of the **Start** menu, you'll see status indicators for Wi-Fi, battery, and volume, plus a clock. The tiles are your pinned apps. To talk to Cortana, select her tile, or just say "Hey Cortana" from anywhere on HoloLens. At the bottom you'll find the photo and video icons, which open the camera app. + +To see the rest of your apps, select **All apps**. To get back to **Start** from the **All apps** list, select **Pinned apps**. + +## Use apps on HoloLens + +Apps on HoloLens use either 2D view or holographic view. Apps with 2D view look like windows, and apps with holographic view surround you and become the only app you see. + +### Open apps + +You'll find your apps either pinned to **Start** or in the **All apps** list. To get to the **All apps** list, use the bloom gesture to go to **Start**, then select **All apps**. + +On **Start** or in the **All apps** list, select an app. It will open in a good position for viewing. + +>[!NOTE] +>- Up to three 2D app windows can be active at a time. You can open more, but only three will remain active. +>- Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. +>- If you're having problems with apps, make sure there's enough light in your space, and walk around so HoloLens has a current scan. If you keep having trouble, see [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq) for more info. + +## Move, resize, and rotate apps + +Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens-clicker.md). You can also rotate an app window in 3D space. + +> [!TIP] +> Rearrange apps using your voice—gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move <*app name*> here." + +### Move an app + +Gaze at the app, and then do one of the following. + +- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it. + +- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**. +- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**. + +> [!TIP] +> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze. + +### Resize an app + +Gaze at the app, and then do one of the following. + +- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done. + +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**. +- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**. + +> [!TIP] +> In Adjust mode, you can move or resize any hologram. + +### Rotate an app + +Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers. + +## Close apps + +To close an app that uses 2D view, gaze at it, then select **Close**. + +To close an app that uses holographic view, use the bloom gesture to leave holographic view, then select **Close**. + +## Pin apps + +Keep your favorite apps handy by pinning them to **Start**. In the **All apps** list, gaze at an app to highlight it. Tap and hold until the menu appears, then select **Pin**. To unpin an app, gaze at the app on **Start**, then tap and hold and select **Unpin**. diff --git a/devices/hololens/holographic-photos-and-video.md b/devices/hololens/holographic-photos-and-video.md new file mode 100644 index 0000000000..25e8d4a104 --- /dev/null +++ b/devices/hololens/holographic-photos-and-video.md @@ -0,0 +1,42 @@ +--- +title: Create, share, and view photos and video +description: Create, share, and view photos and video +ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 +keywords: hololens +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +ms.reviewer: +manager: jarrettr +appliesto: +- Hololens (1st gen) +--- + +# Create, share, and view photos and video + +Use your HoloLens to take photos and videos that capture the holograms you've placed in your world. + +To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**. + +## Take a photo + +Use the [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures) gesture to go to **Start**, then select **Photo**. Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.

+ +Want to snap a quick pic? Press the volume up and volume down buttons at the same time. [Where are the buttons?](https://support.microsoft.com/help/12649/hololens-whats-in-the-box) + +## Take a video + +Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app. + +To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a 3-second countdown begins. To stop recording, tap both buttons. + +> [!TIP] +> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md) + +[Take + share photos and video with Mixed reality capture](https://docs.microsoft.com/en-us/windows/mixed-reality/mixed-reality-capture) + +[Find and view your photos](https://docs.microsoft.com/en-us/windows/mixed-reality/see-your-photos) diff --git a/devices/hololens/hololens-clicker-restart-recover.md b/devices/hololens/hololens-clicker-restart-recover.md index 81c7ffc704..25e49740c9 100644 --- a/devices/hololens/hololens-clicker-restart-recover.md +++ b/devices/hololens/hololens-clicker-restart-recover.md @@ -16,6 +16,8 @@ ms.localizationpriority: medium # Restart or recover the HoloLens clicker +[Clicker recovery](https://support.microsoft.com/en-us/help/15555) + Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. ## Restart the clicker diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md new file mode 100644 index 0000000000..c702921e14 --- /dev/null +++ b/devices/hololens/hololens-connect-devices.md @@ -0,0 +1,46 @@ +--- +title: Connect to Bluetooth and USB-C devices +description: This guide walks through connecting to Bluetooth and USB-C devices and accessories. +ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30 +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +appliesto: +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect devices and accessories + +## Pair Bluetooth devices + +Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard. Pair the HoloLens [clicker](hololens-clicker.md) for a different way to interact with HoloLens. + +> [!NOTE] +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported. [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660). + +### Pair a Bluetooth keyboard or mouse + +1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. Check the device or visit the manufacturer's website to learn how. + +1. Go to **Start**, then select **Settings**. +1. Select **Devices** and make sure Bluetooth is on. When you see the device name, select **Pair** and follow the instructions. + +### Pair the clicker + +1. Use the bloom gesture to go to **Start**, then select **Settings**. + +1. Select **Devices** and make sure Bluetooth is on. +1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens-clicker.md) +1. On the pairing screen, select **Clicker** > **Pair**. + +## Connect USB-C devices + +## Connect to Miracast + +> Applies to HoloLens 2 only. diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index dfe9539b1b..03ad75f637 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -2,26 +2,63 @@ title: Cortana on HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed -ms.reviewer: jarrettrenshaw -ms.date: 07/01/2019 -manager: v-miegge +ms.date: 08/14/2019 keywords: hololens ms.prod: hololens ms.sitesec: library author: v-miegge ms.author: v-miegge ms.topic: article +manager: jarrettr ms.localizationpriority: medium --- -# Cortana on HoloLens +# Use your voice with HoloLens + +You can use your voice to do many of the same things you do with gestures on HoloLens, like taking a quick photo or opening an app. + +## Voice commands + +Get around HoloLens faster with these basic commands. If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use the following built-in voice commands. + +**Select**. Use this instead of air tap. Gaze at a hologram, then say "Select." + +**Go to start**. Say "Go to Start" anytime to bring up the **Start** menu. Or when you're in an immersive app, say "Go to Start" to get to the quick actions menu. + +**Move this**. Instead of air tapping and dragging an app, say "Move this" and use gaze to move it. + +**Face me**. Gaze at a hologram, and then say "Face me" to turn it your way. + +**Bigger/Smaller**. Gaze at a hologram, and then say "Bigger" or "Smaller" to resize it. + +Many buttons and other elements on HoloLens also respond to your voice—for example, **Adjust** and **Close** on the app bar. To find out if a button is voice-enabled, rest your gaze on it for a moment. If it is, you'll see a voice tip. + +## Dictation mode + +Tired of typing? Switch to dictation mode any time the holographic keyboard is active. Select the microphone icon to get started, or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." + +> [!NOTE] +> You need an Internet connection to use dictation mode. + +HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**." + +Here are the punctuation keywords you can use: + +- Period, comma, question mark, exclamation point/exclamation mark +- New line/new paragraph +- Semicolon, colon +- Open quote(s), close quote(s) +- Hashtag, smiley/smiley face, frowny, winky +- Dollar, percent + +Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com." + +## Do more with Cortana Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. To get her attention, select Cortana on Start or say "Hey Cortana" anytime. ![Hey Cortana!](images/cortana-on-hololens.png) -## What do I say to Cortana - Here are some things you can try saying (remember to say "Hey Cortana" first): - What can I say? @@ -44,7 +81,8 @@ Here are some things you can try saying (remember to say "Hey Cortana" first): - Tell me a joke. >[!NOTE] ->- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English only, and the Cortana experience may vary among regions. ->- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the All apps list, select Cortana > Settings. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. +> +>- Some Cortana features you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens Development Edition. Cortana on HoloLens is English-only, and the Cortana experience may vary among regions. +>- Cortana is on the first time you use HoloLens. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana > Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. >- If Cortana isn't responding to "Hey Cortana," go to Cortana's settings and check to make sure she's on. ->- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (like "Select" and "Place"). +>- If you turn Cortana off, "Hey Cortana" voice commands won't be available, but you'll still be able to use other commands (such as "Select" and "Place"). diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md index ba459eff13..e147ac2845 100644 --- a/devices/hololens/hololens-find-and-save-files.md +++ b/devices/hololens/hololens-find-and-save-files.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Find and save files on HoloLens +Add content from [Find and save files](https://docs.microsoft.com/en-us/windows/mixed-reality/saving-and-finding-your-files) + + Files you create on HoloLens, including Office documents, photos, and videos, are saved to your HoloLens. To view and manage them, you can use the File Explorer app on HoloLens or File Explorer on your PC. To sync photos and other files to the cloud, use the OneDrive app on HoloLens. ## View files on HoloLens diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index c4f9c80521..7ff737a027 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -1,16 +1,15 @@ --- -title: Install apps on HoloLens (HoloLens) +title: Install apps on HoloLens description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business. ms.prod: hololens ms.mktglfcycl: manage ms.sitesec: library -author: dansimp -ms.author: dansimp +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium ms.date: 10/23/2018 ms.reviewer: -manager: dansimp --- # Install apps on HoloLens @@ -72,9 +71,9 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. >[!IMPORTANT] >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode) -1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. +1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. -2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb). +2. On a PC, connect to the HoloLens using [Wi-Fi](https://docs.microsoft.com/windows/mixed-reality/connecting-to-wi-fi-on-hololens) or USB. 3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up. @@ -84,13 +83,7 @@ Using Intune, you can also [monitor your app deployment](https://docs.microsoft. 4. In the Windows Device Portal, click **Apps**. ![App Manager](images/apps.png) - + 5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**. 6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens. - - - - - - diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md new file mode 100644 index 0000000000..6f7cb43370 --- /dev/null +++ b/devices/hololens/hololens-network.md @@ -0,0 +1,40 @@ +--- +title: Connect to a network +description: Connect to a wi-fi or ethernet network with HoloLens. +ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d +ms.prod: hololens +ms.sitesec: library +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.localizationpriority: medium +ms.date: 8/12/19 +manager: jarrettr +ms.reviewer: +appliesto: +- Hololens +- HoloLens (1st gen) +- HoloLens 2 +--- + +# Connect to a network + +You'll need to be connected to a network to do most things on your HoloLens. [What can I do offline](hololens-offline.md)? + +## Connecting for the first time + +The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. + +## Connecting to Wi-Fi after setup + +1. Go to **Start**, then select **Settings**. + +1. _HoloLens (1st gen) only_ - Use your gaze to position the Settings app, then air tap to place it, or say "Place." + +1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list. + +1. Select a network > **Connect**. + +1. Type the network password if asked for one, then select **Next**. + +Also see [Connect to Wifi](https://docs.microsoft.com/en-us/windows/mixed-reality/connecting-to-wi-fi-on-hololens) diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md index 49190e6907..7de0cc1381 100644 --- a/devices/hololens/hololens-offline.md +++ b/devices/hololens/hololens-offline.md @@ -16,6 +16,9 @@ ms.localizationpriority: medium # Use HoloLens offline +[Use offline](https://support.microsoft.com/en-us/help/12645) + + To set up HoloLens, you'll need to connect to a Wi-Fi network—the setup tutorial will show you how. ## HoloLens limitations diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 0ff5596fa3..6d0b1dcf12 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -1,88 +1,147 @@ --- -title: HoloLens in the enterprise requirements and FAQ (HoloLens) -description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise. +title: Set up HoloLens in a commercial environment +description: Learn more about deploying and managing HoloLens in enterprise environments. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp +ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001 +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 -ms.reviewer: -manager: dansimp +ms.date: 07/15/2019 --- -# Microsoft HoloLens in the enterprise: requirements and FAQ +# Deploy HoloLens in a commercial environment -When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below. +TODO - [Commercial features](https://docs.microsoft.com/en-us/windows/mixed-reality/commercial-features) -## Requirements +Deploy and configure HoloLens at scale in a commercial setting. -### General use -- Microsoft account or Azure Active Directory (Azure AD) account -- Wi-Fi network to set up HoloLens +This article includes: ->[!NOTE] ->After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline). +- infrastructure requirements and recommendations for HoloLens management +- tools for provisioning HoloLens +- instructions for remote device management +- options for application deployment +This guide assumes basic familiarity with HoloLens. Follow the [get started guide](./hololens-setup.md) to set up HoloLens for the first time. + +## Infrastructure for managing HoloLens + +HoloLens are, at their core, a Windows mobile device integrated with Azure. They work best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services. + +Critical cloud services include: + +- Azure active directory (AAD) +- Windows Update (WU) + +Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. + +HoloLens does support a limited set of cloud disconnected experiences. + +## Initial set up at scale + +The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, picking your language and settings manually for each device gets tedious and limits scale. + +This section: + +1. introduces Windows provisioning using provisioning packages +1. walks through applying a provisioning package during first setup + +### Create and apply a provisioning package + +The best way to configure many new HoloLens devices is with Windows provisioning. Using Windows provisioning, you can specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes. + +A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device. + +### Upgrade to Windows Holographic for Business + +- HoloLens Enterprise license XML file + +Some of the HoloLens configurations that you can apply in a provisioning package: + +- Apply certificates to the device +- Set up a Wi-Fi connection +- Pre-configure out of box questions like language and locale. +- (HoloLens 2) bulk enroll in mobile device management +- (HoloLens v1) Apply key to enable Windows Holographic for Business + +Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens. + +### Set up user identity and enroll in device management + +The last step setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll: + +1. Bulk enrollment with a security token in a provisioning package. + Pros: this is the most automated approach + Cons: takes initial server-side setup +1. Auto-enroll on user sign in + Pros: easiest approach + Cons: users will need to complete set up after the provisioning package has been applied +1. _not recommended_ - Manually enroll post-setup + Pros: possible to enroll after set up + Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled. + +Learn more about MDM enrollment [here](hololens-enroll-mdm.md). + +## Ongoing device management + +Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely. + +This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens). + +[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens. + +### Push compliance policy via Intune + +[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are not-compliant. + +For example, you can create a policy that requires Bitlocker be enabled. + +[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows). + +### Manage updates + +Intune includes a feature called update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed. + +For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update. + +Read more about [configuring update rings with Intune](https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure). + +## Application management + +Manage holoLens applications through: + +1. Microsoft Store + The Microsoft Store is the best way to distribute and consume application on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/en-us/windows/uwp/publish/). + All applications in the store are available publicly to everyone, if that isn't acceptable, checkout the Microsoft Store for Business. + +1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) + Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It lets you deploy apps that are specific to your commercial environment but not to the world. + +1. Application deployment and management via Intune or another mobile device management solution + Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy). + +1. _not recommended_ Device Portal + Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use device portal. + +Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps). + +## Get support + +Get support through the Microsoft support site. + +[File a support request](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f). + +## Technical Reference + +### Wireless network EAP support -### Supported wireless network EAP methods - PEAP-MS-CHAPv2 - PEAP-TLS -- TLS +- TLS - TTLS-CHAP - TTLS-CHAPv2 - TTLS-MS-CHAPv2 - TTLS-PAP - TTLS-TLS - -### Device management -- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4) -- Wi-Fi network -- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs - -### Upgrade to Windows Holographic for Business -- HoloLens Enterprise license XML file - - -## FAQ for HoloLens - - -#### Is Windows Hello for Business supported on HoloLens? - -Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens: - -1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md). -2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello)) -3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**. - ->[!NOTE] ->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview). - -#### Does the type of account change the sign-in behavior? - -Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type. - -- Microsoft account: signs in automatically -- Local account: always asks for password, not configurable in **Settings** -- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password. - ->[!NOTE] ->Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy. - - -#### How do I remove a HoloLens device from the Intune dashboard? - -You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard. - - -## Related resources - -[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/) - -[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune) - -[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms) - -[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/) - diff --git a/devices/hololens/hololens-start.md b/devices/hololens/hololens-start.md new file mode 100644 index 0000000000..d303ee0c44 --- /dev/null +++ b/devices/hololens/hololens-start.md @@ -0,0 +1,57 @@ +--- +title: HoloLens (1st gen) first start +description: Go through the first start experience for HoloLens (1st gen). +ms.assetid: 0136188e-1305-43be-906e-151d70292e87 +ms.prod: hololens +author: Teresa-Motiv +ms.author: v-tea +ms.topic: article +ms.date: 8/12/19 +manager: jarrettr +ms.topic: article +ms.localizationpriority: medium +--- + +# Set up HoloLens for the first time + +The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This section walks through the HoloLens (1st gen) first start experience. + +In the next section, you'll learn how to work with HoloLens and interact with holograms. Skip ahead to [Get started with HoloLens (1st gen)](holographic-home.md) + +## Before you start + +Before you get started, make sure you have the following available: + +**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. After setup, you can [use your device offline](hololens-offline.md). + +**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free. + +**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661). + +**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). + +> [!NOTE] +> [Cortana](hololens-cortana.md) is already on and ready to guide you the first time you use your HoloLens (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings. + +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure your network is either open, password protected, or a captive portal network and doesn't require using certificates to connect. After setup, you can connect to other types of Wi-Fi networks. +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. + - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your organizational account information. + 1. Accept the privacy statement. + 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. + 1. Continue with device setup. + - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). + 1. Enter your Microsoft account information. + 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. + +Congratulations! Setup is complete and you can begin using HoloLens. + +## Next steps + +- [Get started with HoloLens (1st gen)](holographic-home.md) diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md new file mode 100644 index 0000000000..22c5e995db --- /dev/null +++ b/devices/hololens/hololens-status.md @@ -0,0 +1,36 @@ +--- +title: HoloLens status +description: Shows the status of HoloLens online services. +author: todmccoy +ms.author: v-todmc +ms.reviewer: luoreill +manager: jarrettr +audience: Admin +ms.topic: article +ms.prod: hololens +localization_priority: Medium +ms.sitesec: library +--- + +# HoloLens status + +✔️ **All services are active** + +**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical + +Area|HoloLens (1st gen)|HoloLens 2 +----|:----:|:----: +[Azure services](https://status.azure.com/en-us/status)|✔️|✔️ +[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️ +[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️ +[MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️ + +## Notes and related topics + +[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens) + +For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/en-us/status/). + +For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/en-us/windows/mixed-reality/hololens-known-issues). + +Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/). diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 2af37b5b57..6cacd95c0a 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -49,6 +49,7 @@ sections: - type: markdown text: "
MessageDate
Resolved: Delays starting Internet Explorer 11
On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

This issue was resolved on the server side at 1:00 pm PST. 
August 16, 2019
04:00 PM PT
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
+ From 56c76070ce139ff80dab5292c81b7720605bbd9f Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Sat, 17 Aug 2019 14:28:50 -0700 Subject: [PATCH 392/395] Latest change added (#931) --- .../resolved-issues-windows-10-1507.yml | 2 ++ .../resolved-issues-windows-10-1607.yml | 2 ++ .../resolved-issues-windows-10-1703.yml | 2 ++ .../resolved-issues-windows-10-1709.yml | 4 ++-- ...ssues-windows-10-1809-and-windows-server-2019.yml | 2 ++ ...sues-windows-7-and-windows-server-2008-r2-sp1.yml | 6 ++---- ...issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../resolved-issues-windows-server-2008-sp2.yml | 4 ++-- .../resolved-issues-windows-server-2012.yml | 4 ++-- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tatus-windows-10-1607-and-windows-server-2016.yml | 4 ++-- .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tatus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 8 ++++---- ...atus-windows-7-and-windows-server-2008-r2-sp1.yml | 12 ++++++------ ...status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- 20 files changed, 46 insertions(+), 40 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 798d3fa659..efd586d8b9 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
MessageDate
Resolved: Delays starting Internet Explorer 11
On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update.

This issue was resolved on the server side at 1:00 pm PST. 
August 16, 2019
04:00 PM PT
August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows
The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
August 13, 2019
10:00 AM PT
Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506)
On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.)
August 13, 2019
10:00 AM PT
Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)
On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability
August 13, 2019
10:00 AM PT
+ @@ -57,6 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		August 17, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved
KB4507458		July 09, 2019
10:00 AM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Resolved
KB4505051		May 19, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index e8b0598941..bf1e899bff 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -71,6 +72,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 0786837bf2..89d2b4a9f4 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -63,6 +64,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index be99ac3e4c..876d623cf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 2dd93de94b..dc24852730 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -76,6 +77,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 83c3088ff9..8ff857cf53 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,8 +32,7 @@ sections: - type: markdown text: " - - + @@ -68,8 +67,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
- - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index f18cadfa85..3c832e536c 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -68,7 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index ab89868649..8ca80054e9 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 804f0e47c1..7725b0bf92 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 4b64489ae0..9a8ebe8053 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		August 17, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 3bb897d5ae..4a6c046585 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 09c2eca790..0e11306afb 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 70644fcb70..22dc09d48a 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3e96064949..a0e9fb7109 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 17, 2019
01:37 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 17, 2019
01:37 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 0f1d82271e..9be5808d94 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 7b9a5a06e0..1039a0f7f1 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -96,8 +96,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 16, 2019
01:30 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 17, 2019
01:38 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
04:28 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- - + +
DetailsOriginating updateStatusHistory
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
01:41 PM PT

Opened:
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 16, 2019
01:30 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 17, 2019
01:38 PM PT

Opened:
August 14, 2019
03:34 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
04:28 PM PT

Opened:
August 16, 2019
01:41 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 120e6354b3..32a79ba231 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - - + + + @@ -81,9 +81,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
02:04 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
04:28 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
- - - + + +
DetailsOriginating updateStatusHistory
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
02:04 PM PT

Opened:
August 13, 2019
10:05 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Back to top		August 13, 2019
KB4512506		Mitigated
Last updated:
August 17, 2019
12:59 PM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
04:28 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index eb9d2ad3a4..9d7b7f6c5a 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 04ed0fc40d..b8b9bb20a0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 9fd8685619..df2dfdfbe6 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" From b868e2688c4f9ee47f81e17283bc8940869db5de Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Sat, 17 Aug 2019 16:04:49 -0700 Subject: [PATCH 393/395] Resolve conflicts in master (#935) * add message (#791) (#792) * New announcement added (#809) (#810) * new issues (#819) (#820) * 8/6 AM Publish (#843) * updated description of how wdav screens apps * Added new content for auto-enrollment * Updated format * revised to emphasize cfa * Multiple updates * Updated image * refined wording per sccm, intune, security center * corrected link * moved paragraph about ransomeware lower * addtl updates to change name from Definition Update to Security Intelligence Update * More updates * Fixed typo * Update microsoft-recommended-block-rules.md (#838) * Update microsoft-recommended-block-rules.md adding blocks .NET binaries for WDAC work arounds * added in missing 'audience' attribute * pre-release and typos * linted and rfined wording * New Anouncement added in august (#842) * Merge changes from master to live branch (#854) * Add Deprecated tag to 3 deprecated APIs * Status and description updates (#853) * change a message (#867) * add note on office data * add note for oatp * CAT Auto Pulish for Windows Release Messages - 20190808181530 (#866) * add new issues for multiple window platforms (#882) * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881) * CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) * publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again * checkin for new issues (#924) (#925) * Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- .../status-windows-10-1809-and-windows-server-2019.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 9be5808d94..fe70958c11 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -118,7 +118,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
  1. Go to Settings app -> Recovery.
  2. Click on Get Started under \"Reset this PC\" recovery option.
  3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
" From 76b087182e0763029ef239fe1ea53230ed65e26f Mon Sep 17 00:00:00 2001 From: jcaparas Date: Sat, 17 Aug 2019 19:31:47 -0700 Subject: [PATCH 394/395] master to live (#937) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) * Latest change added (#931) * Resolve conflicts in master (#935) * add message (#791) (#792) * New announcement added (#809) (#810) * new issues (#819) (#820) * 8/6 AM Publish (#843) * updated description of how wdav screens apps * Added new content for auto-enrollment * Updated format * revised to emphasize cfa * Multiple updates * Updated image * refined wording per sccm, intune, security center * corrected link * moved paragraph about ransomeware lower * addtl updates to change name from Definition Update to Security Intelligence Update * More updates * Fixed typo * Update microsoft-recommended-block-rules.md (#838) * Update microsoft-recommended-block-rules.md adding blocks .NET binaries for WDAC work arounds * added in missing 'audience' attribute * pre-release and typos * linted and rfined wording * New Anouncement added in august (#842) * Merge changes from master to live branch (#854) * Add Deprecated tag to 3 deprecated APIs * Status and description updates (#853) * change a message (#867) * add note on office data * add note for oatp * CAT Auto Pulish for Windows Release Messages - 20190808181530 (#866) * add new issues for multiple window platforms (#882) * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update policy-csp-update.md In 1903 we deprecated the value of 32 and combined Semi-Annual Channel (Targeted) with the Semi-Annual Channel. We need to communicate this change in the documentation. * chore: Replace tab after unorderd list marker * Update windows/security/identity-protection/credential-guard/credential-guard-manage.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * markdown syntex issue There was a syntex issue with formating. It has been fixed. * Update MDM Path https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash Issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3553 * HTML Tag fix There was issue with HTML tag in live 203 and has been fixed. * Update windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-overview.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update waas-overview.md * Update hello-hybrid-cert-whfb-settings-policy.md removing extra "want" * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update hello-planning-guide.md * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update whiteboard-collaboration.md * Update hello-key-trust-policy-settings.md * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update start-layout-xml-desktop.md Added syntax and note * remove reference about Windows 10 Pro https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3255 * Fixed Typo * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Adding Question to FAQ https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4288 * Updated with TVM refs * Emphasize Device Sync https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4401 * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * fix: MD005/list-indent Inconsistent indentation for list items at the same level * Update integrate-configuration-manager-with-mdt.md * Update use-system-center-configuration-manager-to-manage-devices-with-semm.md * Update enable-admx-backed-policies-in-mdm.md Added two links to notes. * Update windows/configuration/start-layout-xml-desktop.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update index.md Corrected typo: 'annd' to 'and' * Update windows/security/identity-protection/hello-for-business/hello-planning-guide.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update devices/surface-hub/whiteboard-collaboration.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Create troubleshooting-agpm40-upgrades.md * Update TOC.md Addition of Troubleshooting AGPM Upgrades top-level link * Update windows-10-upgrade-paths.md * Update white-glove.md Removed a singular reference to WG and replaced with white glove * remove last 3 blocks in IT Admin * Fixes typo issue in line 47 Closes #4557 * Update metadata to replace non-existent author * Update index.md Typo - corrected 'Bitlocker' to 'BitLocker' * Rename windows/security/threat-protection/windows-defender-atp/configure-mssp-support.md to windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md * Update hello-planning-guide.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update configure-wd-app-guard.md * Update kiosk-xml.md * Update kiosk-xml.md * Update waas-servicing-differences.md Removed double use of the word critical * Minor update to properly reflect supported macros * Update applocker-csp.md * Update kiosk-xml.md * Update applocker-csp.md * updated image needed I don't have rights to upload a new file (the updated error image) More details here: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2489 * MDOP May 2019 Servicing Release: new Hotfix Link Microsoft Desktop Optimization Pack May 2019 Servicing Release. Replaces the outdated MDOP link to July 2018 Servicing Release. Thanks to CaptainUnlikely for the Technet blogs information update. Closes #4574 * Creating a WDATP alert requires recommendedAction Otherwise the following will be returned by the API: ``` {"error":{"code":"BadRequest","message":"recommendedAction argument is missing"}} ``` * Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update guidelines-for-assigned-access-app.md * Corrected typo Changed "ConnecionSuccess" to "ConnectionSuccess * Update install-wd-app-guard.md * Update self-deploying.md Added additional links. * Update install-wd-app-guard.md * Update hello-hybrid-cert-trust-devreg.md * Update waas-delivery-optimization.md fixed typo * Fixed a small typo Changed "wwitches" to "switches". * Update for the month June 2019 I have added the content for surface hub based on an update KB4503289. There was no update released for a hub for the month of July. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4586 * Update devices/surface-hub/surface-hub-update-history.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * typo typo the Action Sataus column instead of the Action Status column * Correcting small mistake on which version of Win10 displays MBEC Correcting initial mistake when changed docs. * Updated links Hotlink for configuring MTP integration and API support was missing and has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4569 * Resolves #4620 - typo in command line Issue #4620 Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode should be Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode * HTML to MarkDown in hello-hybrid-aadj-sso-cert.md This is a combined effort to alleviate a translation bug as well as improving the MarkDown codestyle in this document, both for the English (en-us) version of the document as well as the translated versions. This change should in theory close the issue tickets #3451 and #3453 after the scripted translation process has been re-run on this document. This solution is based on a user discussion in issue ticket #4589 . * Update windows/deployment/windows-autopilot/self-deploying.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update index.md * Update waas-configure-wufb.md * Update hello-features.md Removes \ typo * Update windows-analytics-get-started.md adding IE site discovery to GDPR blurb * Update sideload-apps-in-windows-10.md * Update upgrade-readiness-deployment-script.md replacing support email with official support channels * missing bold on GUI element * formatting again - italicize typed word * fixing warnings * restored missing art, somehow * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019080917545405 (#881) * CAT Auto Publish for Windows Release Messages - CAT_AutoPublish Windows Release Changes - CAT_AutoPublish_2019081317494921 (#897) (#898) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081415474726 (#904) (#906) * publish an announcement message (#917) * update troubleshooting topic * CAT Auto Pulish for Windows Release Messages - 20190815200606 (#916) * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_2019081517515100 * manual fix * change order of message * change again * checkin for new issues (#924) (#925) * Merge changes from master to live branch (#929) * enterprise get started * navigation * toc * devices and accessories * devices and accessories * fixing build warnings * links * Reviewed A couple of format edits only. Looks good. * Review Metadata edit. Rest is good. * Review Metadata edit. Rest is good. * Review Made a few edits. Rest is good. * Review Edits. * checkin for new issues (#924) * New Announcement added (#927) --- .../resolved-issues-windows-10-1507.yml | 2 ++ .../resolved-issues-windows-10-1607.yml | 2 ++ .../resolved-issues-windows-10-1703.yml | 2 ++ ...ved-issues-windows-10-1809-and-windows-server-2019.yml | 2 ++ ...ed-issues-windows-7-and-windows-server-2008-r2-sp1.yml | 8 -------- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml index 798d3fa659..efd586d8b9 100644 --- a/windows/release-information/resolved-issues-windows-10-1507.yml +++ b/windows/release-information/resolved-issues-windows-10-1507.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		August 17, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved
KB4507458		July 09, 2019
10:00 AM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Resolved
KB4505051		May 19, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index e8b0598941..bf1e899bff 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -71,6 +72,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 0786837bf2..89d2b4a9f4 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -63,6 +64,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 15063.1805

May 14, 2019
KB4499181		Resolved
KB4507450		July 09, 2019
10:00 AM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index 2dd93de94b..dc24852730 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -76,6 +77,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 17763.529

May 21, 2019
KB4497934		Resolved
KB4509479		June 26, 2019
04:00 PM PT
+
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 83c3088ff9..0a53f8c2eb 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,16 +32,8 @@ sections: - type: markdown text: " - - - - - - - - From 9a00110a6333a195c93b207b0359bfaa9cd713d4 Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Sat, 17 Aug 2019 20:40:32 -0700 Subject: [PATCH 395/395] Publish new issues on 17 August 2019 (#940) --- .../resolved-issues-windows-10-1709.yml | 4 ++-- ...sues-windows-7-and-windows-server-2008-r2-sp1.yml | 10 ++++++++-- ...issues-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../resolved-issues-windows-server-2008-sp2.yml | 4 ++-- .../resolved-issues-windows-server-2012.yml | 4 ++-- .../release-information/status-windows-10-1507.yml | 4 ++-- ...tatus-windows-10-1607-and-windows-server-2016.yml | 4 ++-- .../release-information/status-windows-10-1703.yml | 4 ++-- .../release-information/status-windows-10-1709.yml | 4 ++-- .../release-information/status-windows-10-1803.yml | 4 ++-- ...tatus-windows-10-1809-and-windows-server-2019.yml | 4 ++-- .../release-information/status-windows-10-1903.yml | 8 ++++---- ...atus-windows-7-and-windows-server-2008-r2-sp1.yml | 12 ++++++------ ...status-windows-8.1-and-windows-server-2012-r2.yml | 4 ++-- .../status-windows-server-2008-sp2.yml | 4 ++-- .../status-windows-server-2012.yml | 4 ++-- 16 files changed, 44 insertions(+), 38 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index be99ac3e4c..876d623cf2 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499164		Resolved
KB4505050		May 18, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:23 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:22 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:21 PM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489878		Resolved
KB4499164		May 14, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4486563		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493472		Resolved
April 25, 2019
02:00 PM PT
- + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 16299.1182

May 28, 2019
KB4499147		Resolved
KB4509477		June 26, 2019
04:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index 0a53f8c2eb..8ff857cf53 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,8 +32,15 @@ sections: - type: markdown text: " + + + + + + + @@ -60,8 +67,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499164		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503292		Resolved
KB4503277		June 20, 2019
02:00 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499164		Resolved
KB4505050		May 18, 2019
02:00 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:23 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:22 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Resolved
May 14, 2019
01:21 PM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489878		Resolved
KB4499164		May 14, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4486563		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493472		Resolved
April 25, 2019
02:00 PM PT
- - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index f18cadfa85..3c832e536c 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -68,7 +68,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499151		Resolved
KB4503283		June 20, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index ab89868649..8ca80054e9 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -58,7 +58,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		June 11, 2019
KB4503273		Resolved
KB4503271		June 20, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493471		Resolved
May 14, 2019
01:21 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 804f0e47c1..7725b0bf92 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,7 +32,7 @@ sections: - type: markdown text: " - + @@ -65,7 +65,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Some devices and generation 2 Hyper-V VMs may have issues installing updates
Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing some updates when Secure Boot is enabled.

See details >		June 11, 2019
KB4503285		Resolved
KB4503295		June 21, 2019
02:00 PM PT
IE11 may stop working when loading or interacting with Power BI reports
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.

See details >		May 14, 2019
KB4499171		Resolved
KB4503295		June 21, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 4b64489ae0..9a8ebe8053 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		August 17, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512497, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517276. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4517276 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 10240.18305

August 13, 2019
KB4512497		Resolved
KB4517276		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503291) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 10240.18244

June 11, 2019
KB4503291		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 3bb897d5ae..4a6c046585 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -85,7 +85,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 14393.3115

July 16, 2019
KB4507459		Resolved
KB4512517		August 13, 2019
10:00 AM PT
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.

See details >		OS Build 14393.3085

July 09, 2019
KB4507460		Resolved
KB4512517		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
August 09, 2019
07:03 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512517, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512495. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512495 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 14393.3144

August 13, 2019
KB4512517		Resolved
KB4512495		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503267) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.3053

June 18, 2019
KB4503294		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 09c2eca790..0e11306afb 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 15063.1955

July 16, 2019
KB4507467		Resolved
KB4512507		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
August 09, 2019
07:03 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 15063.1988

August 13, 2019
KB4512507		Resolved
KB4512474		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 15063.1868

June 11, 2019
KB4503279		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 70644fcb70..22dc09d48a 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		August 16, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 16299.1296

July 16, 2019
KB4507465		Resolved
KB4512516		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 16299.1217

June 11, 2019
KB4503284		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512516, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512494. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512494 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 16299.1331

August 13, 2019
KB4512516		Resolved
KB4512494		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503284) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 16299.1217

June 11, 2019
KB4503284		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3e96064949..a0e9fb7109 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,7 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -86,7 +86,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
August 17, 2019
01:37 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512501, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Investigating
Last updated:
August 17, 2019
01:37 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503286) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17134.829

June 11, 2019
KB4503286		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 0f1d82271e..9be5808d94 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,7 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -87,7 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
August 16, 2019
02:11 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		August 17, 2019
02:00 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
August 09, 2019
07:03 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.

See details >		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
August 01, 2019
05:00 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available over the coming days.

The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive this update once it is released and install it.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Investigating
Last updated:
August 16, 2019
02:11 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4511553, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4512534. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512534 and install. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		Resolved:
August 17, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503327) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 17763.557

June 11, 2019
KB4503327		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
Apps and scripts using the NetQueryDisplayInformation API may fail with error
 Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

Affected platforms:
  • Server: Windows Server 2019; Windows Server 2016
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.55

October 09, 2018
KB4464330		Investigating
Last updated:
August 01, 2019
05:00 PM PT

Opened:
August 01, 2019
05:00 PM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 7b9a5a06e0..1039a0f7f1 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,8 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - + + @@ -96,8 +96,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 16, 2019
01:30 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
August 17, 2019
01:38 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 16, 2019
04:28 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
August 09, 2019
07:03 PM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Mitigated External
August 09, 2019
07:03 PM PT
- - + +
DetailsOriginating updateStatusHistory
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
01:41 PM PT

Opened:
August 16, 2019
01:41 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 16, 2019
01:30 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next steps: Microsoft is working on a resolution and estimates a solution will be available late August. The ‘optional’ update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).

Back to top		OS Build 18362.295

August 13, 2019
KB4512508		Investigating
Last updated:
August 17, 2019
01:38 PM PT

Opened:
August 14, 2019
03:34 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
August 16, 2019
04:28 PM PT

Opened:
August 16, 2019
01:41 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 120e6354b3..32a79ba231 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - - + + + @@ -81,9 +81,9 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
02:04 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64-based devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64-based devices may fail to start.

See details >		August 13, 2019
KB4512506		Resolved
KB4474419		August 13, 2019
10:00 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows udates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Investigating
August 16, 2019
04:28 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503292		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Mitigated
July 10, 2019
02:59 PM PT
- - - + + +
DetailsOriginating updateStatusHistory
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
02:04 PM PT

Opened:
August 13, 2019
10:05 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64-based devices may fail to start after installing updates
After installing KB4512506, IA64-based devices may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Resolution: This issue has been resolved in the latest version of KB4474419 (released on or after August 13, 2019).Please verify that KB4474419 is installed and restart your machine before installing KB4512506 released August 13th, 2019 or later.

 

Back to top		August 13, 2019
KB4512506		Resolved
KB4474419		Resolved:
August 13, 2019
10:00 AM PT

Opened:
August 13, 2019
08:34 AM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512506, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517297. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512506		Resolved
KB4517297		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Back to top		August 13, 2019
KB4512506		Mitigated
Last updated:
August 17, 2019
12:59 PM PT

Opened:
August 13, 2019
08:34 AM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Symantec has identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: Guidance for Symantec customers can be found in the Symantec support article and the Norton support article.

Next steps: To safeguard your update experience, Microsoft and Symantec have partnered to place a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available. Please reach out to Symantec or Norton support for further guidance.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
August 16, 2019
04:28 PM PT

Opened:
August 13, 2019
10:05 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503292) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503292		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index eb9d2ad3a4..9d7b7f6c5a 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512488		Resolved
KB4517298		August 16, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Resolved External
August 13, 2019
06:59 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503276		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503276		Mitigated
July 10, 2019
07:09 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512488, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517298. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512488		Resolved
KB4517298		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503276) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503276		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 04ed0fc40d..b8b9bb20a0 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- +
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512476		Resolved
KB4517301		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503273		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503273		Mitigated
July 10, 2019
02:59 PM PT
@@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512476, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517301. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512476		Resolved
KB4517301		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503273) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503273		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 9fd8685619..df2dfdfbe6 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -80,7 +80,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512518		Resolved
KB4517302		August 16, 2019
02:00 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.

See details >		June 11, 2019
KB4503285		Resolved External
August 09, 2019
07:03 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503285		Mitigated
July 10, 2019
07:09 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
- +
DetailsOriginating updateStatusHistory
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
After installing KB4512518, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517302. The ‘optional’ update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

Back to top		August 13, 2019
KB4512518		Resolved
KB4517302		Resolved:
August 16, 2019
02:00 PM PT

Opened:
August 14, 2019
03:34 PM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503285) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue.

Back to top		June 11, 2019
KB4503285		Resolved External
Last updated:
August 09, 2019
07:03 PM PT

Opened:
August 09, 2019
04:25 PM PT
"