From 32b3c96ccb5839f9bd522619ffecfeb23444cb5f Mon Sep 17 00:00:00 2001 From: "H. Poulsen" Date: Mon, 9 Apr 2018 12:56:31 -0700 Subject: [PATCH 01/24] Update index.md Updated "Windows as a Service" to "Windows as a service" (small "s") per branding guidelines and updated "Windows TechCenter" to "Windows IT Pro Center" as that is what the site is called now. --- windows/hub/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/hub/index.md b/windows/hub/index.md index 40d4c2db5e..056ac3785d 100644 --- a/windows/hub/index.md +++ b/windows/hub/index.md @@ -60,18 +60,18 @@ Find the latest how to and support content that IT pros need to evaluate, plan, >[!TIP] > Looking for information about older versions of Windows? Check out our other [Windows libraries](/previous-versions/windows/) on docs.microsoft.com. You can also search this site to find specific information, like this [Windows 8.1 content](https://docs.microsoft.com/search/index?search=Windows+8.1&dataSource=previousVersions). -## Get to know Windows as a Service (WaaS) +## Get to know Windows as a service -![Get to know Windows as a Service (WaaS)](images/w10-WaaS-poster.png) +![Get to know Windows as a service](images/w10-WaaS-poster.png) The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. -- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) +- [Read more about Windows as a service](/windows/deployment/update/waas-overview) ## Related topics -[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009) +[Windows 10 IT Pro Center](https://go.microsoft.com/fwlink/?LinkId=620009)   From d84ba1e55545e1c09ecf18b354a68b9eb3e8833f Mon Sep 17 00:00:00 2001 From: Jonathan Herlin Date: Tue, 10 Apr 2018 11:03:29 +0200 Subject: [PATCH 02/24] Typo in BitLocker Network Unlock section Typo in BitLocker Network Unlock section --- .../bitlocker/bitlocker-frequently-asked-questions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index b56af7542a..267a2e2428 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -336,7 +336,7 @@ To use Network Unlock you must also have a PIN configured for your computer. Whe BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it. Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is -not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network. +not available you will need to use the recovery key to unlock the computer if it can not be connected to the network. For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md). From 7437215d639a55add42476c1915d060536a7a90b Mon Sep 17 00:00:00 2001 From: Marc Shepard <37675325+marcshep-msft@users.noreply.github.com> Date: Tue, 10 Apr 2018 11:45:27 -0700 Subject: [PATCH 03/24] Update windows-analytics-get-started.md Added instructions on how to initiate a full scan without the deployment script. --- .../deployment/update/windows-analytics-get-started.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 3775d77bac..87dfb6337b 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -127,7 +127,6 @@ Use a software distribution system such as System Center Configuration Manager t ### Distributing policies at scale There are a number of policies that can be centrally managed to control Windows Analytics device configuration. All of these policies have *preference* registry key equivalents that can be set by using the deployment script. Policy settings override preference settings if both are set. - >[!NOTE] >You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary for using Device Health. @@ -155,4 +154,10 @@ For more information about Internet Explorer Security Zones, see [About URL Secu ### Distribution at scale without using the deployment script -We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan. +We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from it's error checking and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan. + +Note that it is possible to intiate a full inventory scan on a device by calling these commands: +- CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun +- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent + +For details on how to run these and how to check results, see the deployment script. From f3e9e1df9903abd3c87c6a75f3a0997084026258 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 10 Apr 2018 13:05:53 -0700 Subject: [PATCH 04/24] Update TOC.md --- windows/configuration/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 9768a7eb0b..94d5785c9f 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -3,9 +3,9 @@ ## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) ## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) -## [Windows 10, version 1709 diagnostic data for the Full telemetry level](windows-diagnostic-data.md) -## [Windows 10, version 1703 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md) +## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) +## [Windows 10, version 1709 diagnostic data for the Full level](windows-diagnostic-data.md) +## [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md) ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) ## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) From f43750513eb609099ba294db76f243452feec5d6 Mon Sep 17 00:00:00 2001 From: Andrew Svoboda Date: Tue, 10 Apr 2018 17:11:00 -0400 Subject: [PATCH 05/24] Fix WDATP API Documentation * Fix format of sinceTimeUtc param for GET /alerts endpoint * Fix parameter value for resource * Fix minor inconsistencies with json format of access token response --- ...-api-windows-defender-advanced-threat-protection.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 82d802c5f9..412d63e5fe 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -67,18 +67,18 @@ POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/token HTTP/1.1 Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded -resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials +resource=https%3A%2F%2Fgraph.windows.net&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials ``` The response will include an access token and expiry information. ```json { - "token type": "Bearer", - "expires in": "3599" + "token_type": "Bearer", + "expires_in": "3599", "ext_expires_in": "0", "expires_on": "1488720683", "not_before": "1488720683", - "resource": "https://WDATPAlertExport.Seville.onmicrosoft.com", + "resource": "https://graph.windows.net", "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..." } ``` @@ -117,7 +117,7 @@ Authorization: Bearer The following example demonstrates a request to get the last 20 alerts since 2016-09-12 00:00:00. ```syntax -GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc="2016-09-12 00:00:00" +GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc=2016-09-12T00:00:00.000 Authorization: Bearer ``` From 5a51181c75aafc19ee66ba46e00e4396080bfc1f Mon Sep 17 00:00:00 2001 From: qrscharmed <38082753+qrscharmed@users.noreply.github.com> Date: Tue, 10 Apr 2018 15:00:11 -0700 Subject: [PATCH 06/24] Update wd-app-guard-overview.md --- .../wd-app-guard-overview.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index a9148f2252..7e437ce4b1 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -13,7 +13,8 @@ ms.date: 10/23/2017 # Windows Defender Application Guard overview **Applies to:** -- Windows 10 Enterprise edition, version 1709 +- Windows 10 Enterprise edition, version 1709 or higher +- Windows 10 Professional edition, version 1803 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. @@ -27,7 +28,7 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern ![Hardware isolation diagram](images/appguard-hardware-isolation.png) ### What types of devices should use Application Guard? -Application Guard has been created to target 3 types of enterprise systems: +Application Guard has been created to target several types of systems: - **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network. @@ -35,6 +36,8 @@ Application Guard has been created to target 3 types of enterprise systems: - **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools like Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home. +- **Personal devices.** These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside. + ## In this section |Topic |Description | |------|------------| @@ -42,4 +45,4 @@ Application Guard has been created to target 3 types of enterprise systems: |[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.| |[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.| |[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.| -|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.| \ No newline at end of file +|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.| From 870e16f9c201cf4a00afd5e042cef8adbe75d4d3 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 11 Apr 2018 00:06:12 +0000 Subject: [PATCH 07/24] Merged PR 7060: Fix typo (issue #691) --- windows/configuration/ue-v/uev-getting-started.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md index 5ec8571305..301f4a7b07 100644 --- a/windows/configuration/ue-v/uev-getting-started.md +++ b/windows/configuration/ue-v/uev-getting-started.md @@ -16,8 +16,8 @@ ms.date: 03/08/2018 Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise. ->**Note** -The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md). +>[!NOTE] +>The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md). The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access. @@ -94,13 +94,13 @@ A storage path must be configured on the client-side to tell where the personali 4. Select **Enabled**, fill in the **Settings storage path**, and click **OK**. - - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder. + - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder. **To set the storage path for UE-V with PowerShell** 1. In a PowerShell window, type **Set-uevConfiguration -SettingsStoragePath [StoragePath]** where **[StoragePath]** is the path to the location created in step 2 followed by **\%username%**. - - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder. + - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder. With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell. From 7c1a333041824869a37c7593246556da4ba25ec5 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 10 Apr 2018 17:31:52 -0700 Subject: [PATCH 08/24] clarified SSO is blocked --- .../credential-guard/credential-guard-considerations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md index 01dbef4001..8457313a96 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md @@ -24,7 +24,7 @@ Passwords are still weak. We recommend that in addition to deploying Windows Def Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported. ## Wi-fi and VPN Considerations -When you enable Windows Defender Credential Guard, you can no longer use NTLM classic deployment model authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. +When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. ## Kerberos Considerations From f031d81925bb3e1e2237056670fa840955bcd84c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 10 Apr 2018 17:40:29 -0700 Subject: [PATCH 09/24] fixed link text --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 75dda71497..8e5b6d0232 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -175,7 +175,7 @@ To gain the most value out of the baseline subscription we recommend to have the - Enable disabled event channels and set the minimum size for modern event files. - Currently, there is no GPO template for enabling or setting the maximum size for the modern event files. This must be done by using a GPO. For more info, see [Appendix C – Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc). -The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Baseline Subscription Event Query](#bkmk-appendixf). +The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf). - Anti-malware events from Microsoft Antimalware or Windows Defender. This can be configured for any given anti-malware product easily if it writes to the Windows event log. - Security event log Process Create events. From 75bdad3f0a60f865d0b9918628cefe218fab7d78 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 10 Apr 2018 17:54:55 -0700 Subject: [PATCH 10/24] fixed quotes --- .../bitlocker/bitlocker-management-for-enterprises.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index d5952e711b..961c0d224c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -108,7 +108,7 @@ For Azure AD-joined computers, including virtual machines, the recovery password ``` PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector -PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:” +PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:" PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId ``` @@ -118,7 +118,7 @@ For domain-joined computers, including servers, the recovery password should be ``` PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector -PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:” +PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:" PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId ``` From ab97ca2ebd3e7c98cf48993dd0051c057a549ff3 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 11 Apr 2018 10:28:39 -0700 Subject: [PATCH 11/24] Added notes that you can't uninstall the WDSC app. --- ...ws-defender-antivirus-on-windows-server-2016.md | 9 ++++++--- .../windows-defender-security-center.md | 14 ++++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 3ccb022cec..f8fb6d41ba 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 10/12/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 04/11/2018 --- @@ -59,6 +59,9 @@ This topic includes the following instructions for setting up and running Window ## Enable or disable the interface on Windows Server 2016 By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required. +>[!NOTE] +>You can't uninstall the Windows Defender Security Center app, but you can disable the interface with these instructions. + If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option. ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png) diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md index 8c998be64f..75d70268f2 100644 --- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 10/17/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 04/11/2018 --- @@ -39,12 +39,18 @@ In Windows 10, version 1709, we increased the scope of the app to also show info >[!NOTE] >The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection). -This library describes the Windows defender Security Center app, and provides information on configuring certain features, inlcuding: +This library describes the Windows Defender Security Center app, and provides information on configuring certain features, including: - [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md) - [Hiding notifications](wdsc-hide-notifications.md) +You can't uninstall the Windows Defender Security Center app, but you can do one of the following: + +- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016). +- Hide all of the sections on client computers (see below). +- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). + You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics: From 3daf38674ff3d5a2cb43ae12b82dfc7c82e447ea Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 11 Apr 2018 17:47:55 +0000 Subject: [PATCH 12/24] Merged PR 7089: Typo Typo --- windows/deployment/upgrade/setupdiag.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index a460f3c8b5..32859c06fe 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.date: 03/30/2018 +ms.date: 04/11/2018 ms.localizationpriority: high --- @@ -103,7 +103,7 @@ SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /Mode:Offline /LogsPath:D:\Dump ## Known issues -1. Some rules can take a long time to process if the log files involved as large. +1. Some rules can take a long time to process if the log files involved are large. 2. SetupDiag only outputs data in a text format. If another format is desired, please provide this [feedback](#feedback). 3. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode. From f960bb993edc8e7e6498e8890b9f0eeb5791e509 Mon Sep 17 00:00:00 2001 From: Jon Payne <32474739+jonmpayne@users.noreply.github.com> Date: Wed, 11 Apr 2018 12:58:09 -0500 Subject: [PATCH 13/24] Corrected broken link Corrected the broken link for "Customizing the Windows Defender Security Center app for your organization" --- .../configure-notifications-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md index 8bfa75ff42..39660adda8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md @@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir > [!NOTE] > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection). -See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines. +See the [Customize the Windows Defender Security Center app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md) topic for instructions to add custom contact information to the notifications that users see on their machines. **Use Group Policy to hide notifications:** From 252ec0f18b0bd622432f13a2b05632abe7fae3ad Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 11 Apr 2018 19:12:45 +0000 Subject: [PATCH 14/24] Merged PR 7093: issue 681 (clarify ports) --- .../prepare-your-environment-for-surface-hub.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 077e16a6a5..cef7042de1 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -36,9 +36,10 @@ Additionally, note that Surface Hub requires the following open ports: - HTTP: 80 - NTP: 123 -Depending on your environment, access to additional ports may be needed: -- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). -- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). +If you are using Surface Hub with Skype for Business, you will need to open additional ports. Please follow the guidance below: +- If you use Skype for Business Online, see [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). +- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list: - Diagnostic data client endpoint: `https://vortex.data.microsoft.com/` From a3583948725802bd6a3414e2baba202510a8d79f Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Wed, 11 Apr 2018 14:15:36 -0700 Subject: [PATCH 15/24] Update update-compliance-delivery-optimization.md Added known issues section. --- .../update/update-compliance-delivery-optimization.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index 92c577feea..dce1b56274 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -13,6 +13,10 @@ ms.date: 03/27/2018 # Delivery Optimization in Update Compliance The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days. +>[!Note] +>Delivery Optimization Status is currently in development. See the [Known Issues](#known-issues) section for issues we are aware of and potential workarounds. + + ## Delivery Optimization Status The Delivery Optimization Status section includes three blades: @@ -40,3 +44,8 @@ The download sources that could be included are: - Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used) - HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates. +## Known Issues +Delivery Optimization is currently in development. The following issues are known: + +- DO Download Mode is not accurately portrayed in the Device Configuration blade. There is no workaround at this time. + From 5a561f171107c040f919ca09ccec92d069387aa5 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 11 Apr 2018 14:27:50 -0700 Subject: [PATCH 16/24] Fixed typo --- windows/deployment/update/windows-analytics-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 87dfb6337b..cec30d4e05 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -154,7 +154,7 @@ For more information about Internet Explorer Security Zones, see [About URL Secu ### Distribution at scale without using the deployment script -We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from it's error checking and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan. +We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from its error checking, and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan. Note that it is possible to intiate a full inventory scan on a device by calling these commands: - CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun From 2695f09fa0d2f5135a274b78554d033b7505b92a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 11 Apr 2018 14:34:14 -0700 Subject: [PATCH 17/24] removed unclear clause about file protection --- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index bb2ff3ed96..bdeb514ae1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -18,7 +18,7 @@ This topic explains how BitLocker Device Encryption can help protect data on de For an architectural overview about how BitLocker Device Encryption works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview). For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). -When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies. +When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies. Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7. From b0dc7dd5985425668b32220f266669d2c92f5b61 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 11 Apr 2018 14:58:03 -0700 Subject: [PATCH 18/24] cropped image --- .../images/robocopy-s-mode.png | Bin 0 -> 10147 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png diff --git a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png new file mode 100644 index 0000000000000000000000000000000000000000..19fd27b480e09310fcba2dc82358573041f70e69 GIT binary patch literal 10147 zcmb_?1yEdFw`IrB27*f<1ozFnag$kNj0e+X(C>HDF(C3INbZ%1Vf;yXzljqB`Tur)`(b zRy4S$7gc*i&T4dan@IaJ#SuP$W2krtp}l-gJYlEqO8E)U(@(7fEvJz_#8nOgyrXZc zqiG`8Lf;*uXUv`kx{Ej-+vq%s-Az>FMd= z;o-g2-8tf+$xJ%tcNH~n4Q2>{QhbQy_?}{iK3(UTD{lhd#QhS<8W856?x1z+%#eP* zWF9`s$eQ~A3>EA0m%#%q%_SXdt4Aj3ECo%<&S>)08UZ5l^UeAgI>gthqIsQVq{6WV z%(aHKwc=lQef84J7AAOr?edOnD`7z7ElCH39C;sm*pIFio1UCMKPH?XrFjtgbPYb} zI&ydBk1n0zgwa8YY8&)>fx*@DsI)kM4dk&AqU&ebDvO%rxJe$fY3$=g?GTy@{sZK< zj}4>ag1%J5b{*h9gj$?TjjsBeT_5rfjw<`uryyGw z==^#RIDr7b+z#$oVKQd2V{+Eku$)`nHNxl1w^buo&|}mVgf}C0X}5=c?Dhr%8+gYT z?3xJn>2dAPxePqNvXheN;!A1|D{PCktaA-)j?}beLBHg(#k>PKYylpJ*4@>QtrrC7Ci!|i`s$B%<7Fm3@zPSQ-@-BX3Z-=Na*Qehr-KL*i$H( zI>;Cnj||2#%q3d2Ntr>dgSoayz5}+{VFYWpDu}cjtG(1g7scvTlqvA->p~TJyM`sz z7br87|3Qdw&p_Hc&j zh>zwgt-ZDnPpGA%7sD&bB}6G$~{Oa7Tx8F^^jF){X@T#`P+|E(>n zAe}6)T8UG0D1fuHMn8yT{QKrXMg)GPev{*0V~Di0pXT+Sf|1N^X5EWh#aiOq^^F*G z4vqus<>#)heqkTypQq;&!or@l@a3ke&j!s0*Y|;4hO{{066Alsx>Hu&Fs?|Igf*j- zxJSeU6P2DxE}zKuvFaIUYpAKDK(AuB6|F{O2r?W}FI4-_&j{n7P5Cl*tNBf+c&1wl zj!i47=`;k<7x(x4l~?)?g)7Gx7zhQv9UOl!T->g8n`chpDMjFz24BbGU6GBaz^HrS z`wLiBmR&Pi#6jnGTKxmuoS6Yx+gBz7C-6v(bj>Q)o5w(yxo$)G&Xw6n%9{SgVfT`q zPR&JqKz9LZYXpo&38Tmi`1Xz9;~PCeAHlY^6~VT{Ly}BA!LHcEtTeBUhYv9%mhE3p za|c69rS9MY&yyyV`i7dyrL2~BX48DQrm=VV9IjX_C6@Zhh~DG|on<#U6K5G^hQzmAsB*MI)>$-$>3y&2ZMs-2`Lxv4tqlBDKI^ zhAi$+-M1LR%MJEx_a9@npYEUcz9GudD5OiM*foUCMOc0wI?Tm|fW6iXJ;7k9X8w_c ztfap~LoyRXa@pxA{E(~2cjsH5=>`qj59*to%(pkUf&;!)R<2r37Y<8OhECPta<;%f zj2!joWYNN<_SRBv15+PLix`Mv?sk%=Jhj?G-iP*|@hQI5`tyi*Bax1afEhNF* zo^HnH{BAGdBbrCrb)`Rk{8?^t8i*#zO9O+`Gk)xnJd4wPN52ljQhUt zZm+r*sbf&@fmBRm{Uek|6ZX%pgtC`Bt|PP8LxTk7poH=7Ep{_$KRJn|`lyw44u%)M zVF;CaZTwn#cGyXn5VErsblnINCCRl7S8A@ zXqwu2{;X-Qgb`+F_`{8bKt}2MYgK++N1<-%N^6tGREf69;YVMZb#5(Jr4eQ=`q|jM z(*-iNncDWesIxpYaJHEPpL~St^XFKGytj-<=Fy^j>Iju*~#Eq+8iqA`jDc95n%@%bwrD z;IL61%dsD~xd)FYlLfBZjHjj2Dxo8dD=(fGteuRSc7B1zQyxUOqM@nM6NLeSH}@5G zvw(-QnRN`%PCr=M2*q$1OsbSr&AzPKRyxz0>-fvN$)oLYb`- z0i}rWZ(9xd7*^Tt5eN>ZLA)|VRpY_)p1I}YUCO~0F2neP=U%p(i|fTNdNyWmSR3p) zn*ZpeQO|~pS~AP;ex%^M(06+AKKnRTI&E549+P$VB>1R%(L+6U?bz=e<9M0H{>mj` zT1fcnQhd!%`7?Rguf?@Cjm+DrNv8;(`MZYHTtbKJU(Hiq7rU5MpK~W>irM@7s3LGG zuC&C!a(;*7;{tl@cAhZm^TEeQ4+HeOz`!?wIlulSF$m_oui&A`e0+r^1-9hM+8G?W zfFA55a59od=<+yTWE|mNXRaG$puH2%F=Xk4K%P9Dwuf(Nu+zP)NniV`4!d>=<3$UOj^afafLIoPjE79_phR68HNbsAR&r(m5)Y(4mD-Ux!PRTj}0t8 z0;SNQN3FhKMa7UJ`2NuwNagU_&2~86s_&n&ghQW9AIbnzbi_cicv#mT5j(p|+E2VE z$DO~Hb)IyQDG68Gh_BinDM#Hv4N<#LlgJ1V9v%45q4UVt>AvH!YN=iCVu(foWUQas8W0F3{A8m2}yKul8k;16WI1B*z8;Le(-C4W2Zpk^B znJEsB59c<0u~)Kpb8DaszPq~@{Kzfo>-E>=eu+=Wrp5IZTo6gEr+I(5(^ED4$g}gMe%ZcWK|b3shd`g zzDF?OA|fKv!1FPH7Z7vPsn$vw%EvRrhUXqPRCYnTD@G>r$+f8hr{|-O$28lX!^xxC z?O*RMppkj_UeA}E!P%>AJUj%s!2A2hrX~+^F93jmupZ7B&qV;7ni<7KM?`pobAs4| zh<+gKaW>M0TJ$>e@LQMY6q_T^i75g1FvOB~UxQJL!wHMf2`2EY)x4Plj}XJ8W8wKE z+x4}V-4bh4zCdVe+MRFCXMu!-VW1kKecHbDgM#Z^MWQSTywjLy_i8qnplr{-y0;P< z+#T1|DH2Ob55+U?SOI48FFiKIBr2sPU+y9vAFrG)ar>Tk7ug@Qdf)gz?_U$^+L2is1 zznPO`SWy?RzK>0)W`IyiKRvyQ8Ig<_6X_IY`6KMxdRSI9o)5Y5d2xI?gdcZ=+myfD zY5K+eMIqsLHhj+d&F%KooO9Ix$q?G%ame3)NE0!@2+QDe09`lA;KL120if21h@`dI zy2BE^X0r&&_HT;PcWVOvWN|^vss3SMhl_-3APTHPx)cU}8vD6&?U4vgoRo*6>Gsv< z)2ZjjF?$0)-|6Rv&AdYGX}#-5c*Dnsqf9u)N{1tyWO26=1X+qEc7I;cbZvcpcID`J zo-1KS*W>Yk(&_Ngp+Zd_b{5ex^J)bI1g`N?qIeDKZPX-Mv;ExyYf&| z8c2Z^g&ei)U%BkJKX<;lW`YX0G;BP?#R#PeKld|a`tUZ%-fF>4Pu5dzV+{5g7GDBg zx0OB0EB>0hu@5QX*#l?Chp~aihQjZ|gn!T2ST2;_mflL>n}*b@RbFM(_eV+34|BmG z0pKM4WGgh`yMOM#XUbo0iDUg1mqQTiErYV!v?f^^i?ZK$E1?mWD0`e2IiK{gbhI)f z`lBXfXO2x1xr9ce3fpXLY=AS5!-|~XHckoyYw(;X?dHrnCUfp-^NLkKAy(-K@$?rSMQHI?(X(U zG%JIa7sqJENp5a>GyERbljc{S3=K9G69!-ckAA-U-Ju`B?0!!Vt;>X&npNS;(m^%f z!W^owz~!?$2t-cGrv7M?H%n>7i!}xo(zd83jDtAMf+HW-Q(2Y_`WpG8&~u2K(M}gr z-B_{FPyaCDd8K8z2Go>NSY0qQ`d7I)TnV)1$?9=c zUc%&hdDMRF7RRf$V`29#kikeCv+r}iAES27=C<(jZAHT>5%BHY#_#g-R?}eVarmhD5iur{$6+@wCYtyux2dem z`U=XMNdF$`1S?+bLZ9lOghfGq0i&X>Ps~xKmJUT>H@@Zzx@OefT+dlSk4CoiHBgk( zhFqggK7B5+hRwT_L;KPQN;&imIi$PMUKHDJo{mN3Cj*4te02FD!r$V9_e!mC-0>-P1o-_ zKLz%h@o@%&Y~i&@huiUW{pr6ej{YJg=l*monkqM}M}wN@ERa8#L12 zp8Dmn*rA$0)NnF%;6G>cjogR?MZPn+#ZW_QG^4z~BBTbKv@qde$?m4TI``gpP zeLl-{OX*BMQAre-?->3+nHHqZje|%YUR|TDz4&C3KE{?iXt{+!;kMxFjVY-RrEK zjMS;J*KDg&9B0vonmcS6%nM$=nOYCSWmga@W zF>|q1-}}QRr|o!w$r8%P;ju9V5NQA402nNWLk%a7qF~BkGaD`drC5BEoszPHy-btC zGM=vwq_Pt~@WeFa&-VgB@F18#9NA({hipdXip#uSzV>vHQZ|<@SVIF3K3+eL6iR1B zA1V<=8JV1nipQwc=E>PKmd3u_yk7}&Vajuee$;_tRM1xM&jis}!r0U9?mW|-;$-4- z3yO*`fWWtbqUkAm?cQm>@T;gi77AWH|(F9!GD`B z`G3o5{432YW@W#&<9U{f^a`LFHHf-~m4mqvv|=GU9=|{V@MooH!e@5Pdk5e_`OoCc zzegKSfZfTZNSU?$Oc%{!Xs8bhJpIugpR`u*Qcz4CY+S1FMZKG%%64jr{{dK`Q)*r9 z&qz%ZzugIf##T;zPEoA_Dig?~ZfoAU&fbO&U=5QCV{7 zoSLtL6R6rqAZsC+oiD~LwBftc21C`QqK)LnuTOF5F-kX9;9vDFJ|k)+bmroer3D2_ z>f9eH54y!lT&s>G=8h{%ii_VPnurWxRUwt6&P}IJ*|zUt1)9R`-Ai-7)iLVZl?X-- zywNTwKeeSxUOePZv8+H*p^Y`E=3xVz}eQyS+B|x5s7i@i{=S8u~{8S}{K3NOSz-6HJ9TOfClb z-U#_V?;5Ewrd3sGbl_sIp{(i5IQ?pkWF+F>ep~TFIzc?g!uKwUi4?AQ@bezQI<+!F zv@EbpmurZrT4@d{b$%szvp^P@p-&3!%LTHDZtfY!rm1Bj2*PEgJ_#YfmeeA^UXY-_ zleVs78PvDxTtLPt0BiBouhq(%je6HUm~% zCt{L?YSfNUQFResL=nfg%UjK8yX@}F)S%8`w=9r8@%lzK$Ejrea4DJ_ zgli3-1!k``d{0kNKi*W*Q_m}bEUo?y2`{>cfgC`J1#wH(R&*bO+UiVv;DuED+%h5C za9{=}WiM>JhRC73hjLiiNsS^&pB&s}b6}tdtwGw?I!{inWQqjquq`-73X7Dj>3$(t zQjfNzk)eW@HTBi5wSwfVhHFE;lZ$2p7Ch-+=LqpdNb1#cse5R9wS5V8*>e(}UN#P` zmXYxpqK7z{5+UZWGK5TN_7K(5C(tPQ?iQrz`@P`0zL!G1vOoHej7p7J;!h?>sjFo% zie@VuPCtis`$b9fYe)TD52d~wgibc1VUVOJ>m9LO!MR2=(^MyRG{Wr%*YHz&L|4y* z@bsKU;LEAB!V9FrJZR!UQ|UQBBb%&uF-z;UFFW{1A_=7pvDEB6%)TM)uLzR_?G9Il zw{5_yKBrh+Kc-@b+g`9!{7q^l@$;42S3G{3A3kX8CSX8bl4CEK#hB&6D|lp|=n zv@noGQA3=xc5(;TcCur&(lI_M+z(NQcp&EgH2Mu;JFYehyRQ^K- zDpkRgbGTLFQc5pr57xuyfylxvXR@Rj3EA*Rpodk7>-iRVXth)30@;6z=nhP@Spp~v zvr%P?(dd&^i>b0BR(vr{c#CO<7>vDo8kP0BF3 zXNgjwX+fR*M~-ET$(%qsM!bbWjWB4qbuRS_hd6O9b#XYCIk=F_nFig)tb!hgUpdQj zxBE8*S6d)ZTRjkKZYe}EAm;Vvt-p8v7;r{wYbe`?jpLH@lyXq}lfWT_mS&DrN4%+Y zv4rX*zu9%MG-tinin67IH&vR@%I*aRCVg-WN0m>FhvbcsYf2HrLo0EZ^egIZ)b-R` zRz*vogL0$=3{sr^jo4DzJMt1J6}fkwR$miVbK&n3j5rD_wvyswYWGT9e#v1XBv8L! zF8#8U`o*R~tKIY2XmSV>aWZmE`V||vV>d%~Zap03blCuAP5Q1llatGlD_Yqr7a<5m zGSb~JlD?3$!DgHQ^U}imb;7czVyZ^W)ejPTUiMJ1Ae#cws}eGZ^9Sh8JUl3ooh3T* z=?4iK?}y>4*PXGJCZvlV)+6u<#8)z}RNa3?d*Aop$<4pyDe|t7%>;h>PypzLdzafC z)H`fn0RXOD#@PRpM2J1B62c?{h?IWg=6wYaVH~=neTjUj-~K13`fp-@_(r9(#%x4_ z_OpV50{L5jj05rg5cQC@SV_&s8-NV%$&fklA*F%MVYMXLbWcJ5Pd|NpFHtIP-1~Dr zAOpjfX?%z%6`pizyO`W?B|cxjOulf=X87f@(IyC z`XrkoDIzvC!IF@-6DqsFIwa0dp;2|5xk?OBty8`{*5dOhxynUjv=iWGws}TJ6dz&&g80 zAexzLtf?psA#=pZ)Vqwl){&{3qo>pc5iq728ce-zf6+_HWQ{^1tF`lPWel!V-OyfF zoo4lra;-I={JjL(C14lCo5wcUwltYa=3&LmPOQ33yNKnWn1BLjUiHIyR!F4Zs-lWI zj4 zd8}CWfR)$Q!_FqTw)=Cbr$*k)Mh__?Uf%vI zSdrsAK`guCE?2V$cgmzsH0&SFPz2O)TS~<`zwIX8d_4Rw&d@eH8PA)y(|PhwRgPOk zgcen`=CiZ`u$ee=_NR;_E`8NyKhWK^`rl-t2~>QcvO+u5rp)9T**sy`C1T9<{gQly zCpC`(pO(SQ3{L43&NdK>DwxRz+#4SA%=Tx&CW-)+?T|Y#1Afxz+Ew)$KtNAPnUQ?c zzqxNxt7UHRop^OR+!`s~JPHfxdxrHe9w1N~LZYvGX! zL#4e5?I@4eE#Gke1qHEiAnA*ug!unEP53W|`v0ug_f=@^o|mP>FDbx8lf9Xe3;Y-N z{y&r-|7Sh?UkvtdQ?7YMBDLq;RwTVL-N!{;%@-Ljsy&9$H&1BE|eTMd#uCXb?oMK#Imb>f;h-j zLjNxQ_d=Ee#$&-Ik-uI`O2`zjQt6_4Kl`o#nzaNB=sWxL$jVb$v9(Za!WE>idmbOj zV_`EvQfCwu69@cbiw))z^c$Dgs|jUS<%@22!7Y8&CWfl@!`G?HSJOp)RBc{|`a_b& zzyq(sOH3r9O-3r-y2n1feb?5j9kJW5fAcy#r953Td^x76p1<3t( z_k_r}Y6AH&Ii@P_CO_Tl38At`TWRAd*Zvje6SMhUl6}{-ozPgtA9F5~D_l;sp8|o3mG8Jllx3vztd7W08Rj;x- zncwH1t(jLSDEDTr>*-cYezU)9q{QrJv`czsPxDZMmhs;FLt<7zFVhqr>hP?RO?+Ox z-ZOBd(ot^y)69^D0*}PxcZg>;+sW7ZXU{NQ z%T@|};``=s;!{IummdRaTE7xFF1buND%!3o{!M5XKf6ezYaup5(CjI8!S?$8(NnaD?Ca~Eskl5*icR>IfMi}hdkJ2Y!AYYthF*c2rVzzx@Z?5&fIEzRlEG26 zGEDvko?lAmqKp@KK$hZwG_=0nni+z(tlxtugN7=K8IiKS?^yppjHL>nI|>X z8BMgH(t~qQjEQ(q{NlAx|F?>-*FuZ(MDCZ!LW>;lvTgdwnzC)g#^Vt-fy{+4@^)z0 zuR4?$#RP!kr0oSN^8T;S|NpACc=3#0N~|g6?(-WU6rrZ%M}XTuEwYk|5|v_x0sjL` CJ)IN) literal 0 HcmV?d00001 From 03bf246f85342bd090fd0455289cca576f1a38b3 Mon Sep 17 00:00:00 2001 From: Marc Shepard <37675325+marcshep-msft@users.noreply.github.com> Date: Wed, 11 Apr 2018 18:12:04 -0700 Subject: [PATCH 19/24] Update windows-analytics-FAQ-troubleshooting.md Added reference to technical community at top of page --- .../deployment/update/windows-analytics-FAQ-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 6719b903ce..31159b1808 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -13,7 +13,7 @@ ms.date: 04/03/2018 # Frequently asked questions and troubleshooting Windows Analytics -This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. +This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support. ## Troubleshooting common problems From a52412b9e32db9d546cc53fe81d94f716daa4639 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 12 Apr 2018 16:33:49 +0000 Subject: [PATCH 20/24] Merged PR 7111: Updates for issue #616 --- .../surface-hub/change-history-surface-hub.md | 6 ++++ ...-deployment-surface-hub-device-accounts.md | 28 ++++++++----------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index d0cb5eb932..c3ab437724 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -16,6 +16,12 @@ ms.localizationpriority: medium This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). +## April 2018 + +New or changed topic | Description +--- | --- +[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions for Skype for Business Hybrid. + ## March 2018 New or changed topic | Description diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index de3ffd59ee..b464e456dc 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -9,13 +9,17 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 02/21/2018 +ms.date: 04/12/2018 ms.localizationpriority: medium --- # Hybrid deployment (Surface Hub) A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).) +>[!NOTE] +>In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet. + + ## Exchange on-premises Use this procedure if you use Exchange on-premises. @@ -210,15 +214,10 @@ If your organization has set up [hybrid connectivity between Skype for Business The Surface Hub requires a Skype account of the type `meetingroom`, while a normal user would use a user type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account. -In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet, unfortunately this will not work between the on-preisesm Skype server and Office 365 - it only works across on-premises Skype pools. +In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet. -To have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. Enable the account on the on-premises Skype server first: - -``` -Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName -``` - -After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365.](https://technet.microsoft.com/library/jj204969.aspx) +>[!NOTE] +>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p). ## Exchange online @@ -406,13 +405,8 @@ If your organization has set up [hybrid connectivity between Skype for Business The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account. -In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&MSPPError=-2147217396) cmdlet, unfortunately this will not work between the on-premises Skype server and Office 365 - it only works across on-premises Skype pools. - -In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server: +In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet. -```PowerShell -Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName -``` - -After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365](https://technet.microsoft.com/library/jj204969.aspx). +>[!NOTE] +>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p). From 1e2d11979b6077b884398009106793c0a3aae8a0 Mon Sep 17 00:00:00 2001 From: chintanpatel Date: Thu, 12 Apr 2018 09:54:05 -0700 Subject: [PATCH 21/24] Update configure-wd-app-guard.md --- .../configure-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 5ed68d6744..5f5563cbb6 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -30,7 +30,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net |-----------|------------------|-----------| |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. | -|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| +|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| ### Application-specific settings These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard. From e06b32a1dc4fc77aa372d4fe5fad6646d1ab442d Mon Sep 17 00:00:00 2001 From: Zach Dvorak Date: Thu, 12 Apr 2018 11:01:42 -0700 Subject: [PATCH 22/24] Update upgrade-readiness-requirements.md Added a note that we support updates from LTSC to SAC. --- windows/deployment/upgrade/upgrade-readiness-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 252ed481b1..2c73760c08 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1 Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates. The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). -Windows 10 LTSB is not supported by Upgrade Readiness. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSB. +While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC. ## Operations Management Suite From ec270d9bed78327067afa779514dbd61682a3d27 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 12 Apr 2018 14:12:39 -0700 Subject: [PATCH 23/24] Revert "Update index.md" --- windows/hub/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/hub/index.md b/windows/hub/index.md index 056ac3785d..40d4c2db5e 100644 --- a/windows/hub/index.md +++ b/windows/hub/index.md @@ -60,18 +60,18 @@ Find the latest how to and support content that IT pros need to evaluate, plan, >[!TIP] > Looking for information about older versions of Windows? Check out our other [Windows libraries](/previous-versions/windows/) on docs.microsoft.com. You can also search this site to find specific information, like this [Windows 8.1 content](https://docs.microsoft.com/search/index?search=Windows+8.1&dataSource=previousVersions). -## Get to know Windows as a service +## Get to know Windows as a Service (WaaS) -![Get to know Windows as a service](images/w10-WaaS-poster.png) +![Get to know Windows as a Service (WaaS)](images/w10-WaaS-poster.png) The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. -- [Read more about Windows as a service](/windows/deployment/update/waas-overview) +- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) ## Related topics -[Windows 10 IT Pro Center](https://go.microsoft.com/fwlink/?LinkId=620009) +[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)   From b984d85a1c4019ac29a04fb2e3a9f34dd04a4b1e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 12 Apr 2018 16:28:47 -0700 Subject: [PATCH 24/24] clarified ambiguous sentence --- ...nistrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md index 18be63b57f..b0d0ef4e43 100644 --- a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md +++ b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md @@ -94,7 +94,7 @@ Restoring a user’s device restores the currently registered Template’s setti - **Manual Restore** - If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the user’s current settings become the current state on the Settings Storage Location. + If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command causes the user’s settings to be downloaded from the Settings Storage Location. ## Restore Application and Windows Settings to Original State