Support
+Troubleshoot
Recover & reset Surface Hub 2S
@@ -156,7 +156,8 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
-
USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.
Use USB-C to USB-A to connect to legacy computers.
**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. | -| USB-C
(via compute module) | Video-in
Audio-in | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled | +| USB-C
(via compute module) | Video-in
Audio-in | Single cable needed for A/V
TouchBack and InkBack is supported
HDCP enabled | | HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled | | MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V | diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md index a1bd059ab4..fba71d0e0e 100644 --- a/devices/surface-hub/surface-hub-2s-prepare-environment.md +++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md @@ -9,7 +9,7 @@ ms.author: greglin manager: laurawi audience: Admin ms.topic: article -ms.date: 06/20/2019 +ms.date: 11/21/2019 ms.localizationpriority: Medium --- @@ -45,6 +45,6 @@ If you affiliate Surface Hub 2S with on-premises Active Directory Domain Service ## Azure Active Directory -When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. +When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work. diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md index 5f898a3fb6..4e40f9ae25 100644 --- a/devices/surface-hub/surface-hub-2s-techspecs.md +++ b/devices/surface-hub/surface-hub-2s-techspecs.md @@ -9,7 +9,7 @@ manager: laurawi ms.author: greglin audience: Admin ms.topic: article -ms.date: 06/20/2019 +ms.date: 11/19/2019 ms.localizationpriority: Medium --- @@ -27,10 +27,10 @@ ms.localizationpriority: Medium |**Graphics**| Intel UHD Graphics 620 | |**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology
Miracast display | |**Connections**| USB-A
Mini-DisplayPort 1.2 video output
RJ45 gigabit Ethernet (1000/100/10 BaseT)
HDMI video input (HDMI 2.0, HDCP 2.2 /1.4)
USB-C with DisplayPort input
Four USB-C (on display) | -|**Sensors**| Doppler occupancy sensor
Accelerometer
Gyroscope | +|**Sensors**| Doppler occupancy 2
Accelerometer
Gyroscope | |**Audio/Video**| Full-range, front facing 3-way stereo speakers
Full band 8-element MEMS microphone array
Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV | |**Pen**| Microsoft Surface Hub 2 Pen (active) | -|**Software**| Windows 10
Microsoft Teams for Surface Hub 2
Skype for Business
Microsoft Whiteboard
Microsoft Office (Mobile)
Microsoft Power BI 2 | +|**Software**| Windows 10
Microsoft Teams for Surface Hub 3
Skype for Business
Microsoft Whiteboard
Microsoft Office (Mobile)
Microsoft Power BI 2 | |**Exterior**| Casing: Precision machined aluminum with mineral-composite resin
Color: Platinum
Physical Buttons: Power, Volume, Source | |**What’s in the box**| One Surface Hub 2S
One Surface Hub 2 Pen
One Surface Hub 2 Camera
2.5 m AC Power Cable
Quick Start Guide | |**Warranty**| 1-year limited hardware warranty | @@ -41,4 +41,5 @@ ms.localizationpriority: Medium |**Input Power, standby**| 5 W max | > [!NOTE] -> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details.
2 Software license required for some features. Sold separately.
+> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details.
2 Doppler sensor not available in Hong Kong, India, Kuwait, and Oman due to government regulations. +
3 Software license required for some features. Sold separately.
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index a10cc065ed..bc26815d56 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -17,7 +17,7 @@ ### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md) ### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md) ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) -### [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) +### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) ### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md) ### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) ### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index cf84fec23c..351b6d2449 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -1,5 +1,5 @@ --- -title: Considerations for Surface and System Center Configuration Manager (Surface) +title: Considerations for Surface and Microsoft Endpoint Configuration Manager description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations. keywords: manage, deployment, updates, driver, firmware ms.prod: w10 @@ -11,32 +11,32 @@ ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.audience: itpro -ms.date: 10/24/2019 +ms.date: 11/25/2019 ms.reviewer: manager: dansimp --- -# Considerations for Surface and System Center Configuration Manager +# Considerations for Surface and Microsoft Endpoint Configuration Manager -Fundamentally, management and deployment of Surface devices with System Center Configuration Manager (SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device. +Fundamentally, management and deployment of Surface devices with Endpoint Configuration Manager (formerly known as System Center Configuration Manager or SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device. -You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index). +You can find more information about how to use Configuration Manager to deploy and manage devices in the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/sccm/index). Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well. >[!NOTE] ->For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager. +>For management of Surface devices it is recommended that you use the Current Branch of Endpoint Configuration Manager. ## Support for Surface Pro X -Beginning in version 1802, SCCM includes client management support for Surface Pro X. Note however that running the SCCM agent on Surface Pro X may accelerate battery consumption. In addition, SCCM operating system deployment is not supported on Surface Pro X. For more information, refer to: -- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802) +Beginning in version 1802, Endpoint Configuration Manager includes client management support for Surface Pro X. Note however that running the Endpoint Configuration Manager agent on Surface Pro X may accelerate battery consumption. In addition, operating system deployment using Endpoint Configuration Manager is not supported on Surface Pro X. For more information, refer to: +- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-1802) - [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ## Updating Surface device drivers and firmware For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). -As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). +As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). >[!NOTE] >Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419). @@ -47,25 +47,25 @@ The default mechanism that Configuration Manager uses to identify devices during To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options: -* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. +* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/). -* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. +* Prestage devices by System UUID as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/). -* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post. +* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/). Another consideration for the Surface Ethernet adapter during deployments with Configuration Manager is the driver for the Ethernet controller. Beginning in Windows 10, version 1511, the driver for the Surface Ethernet adapter is included by default in Windows. For organizations that want to deploy the latest version of Windows 10 and use the latest version of WinPE, use of the Surface Ethernet adapter requires no additional actions. -For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, download it from the Microsoft Update Catalog as documented in the [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/) blog post from the Ask The Core Team blog. +For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, refer to [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/). ## Deploy Surface app with Configuration Manager -With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. You can find the PowerShell commands for deployment of Surface app, instructions to download Surface app, and prerequisite frameworks from Microsoft Store for Business in the [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business) article in the TechNet Library. +With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. For more information including PowerShell commands for deploying Surface app, refer to [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business). ## Use prestaged media with Surface clients If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices. -Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post. +To apply prestaged media to UEFI devices, such as Surface devices, refer to [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/). ## Licensing conflicts with OEM Activation 3.0 @@ -77,9 +77,9 @@ However, issues may arise when organizations intend to use versions of Windows t ## Apply an asset tag during deployment -Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. To read more about the Surface Asset Tag function, see the [Asset Tag Tool for Surface Pro 3](https://blogs.technet.microsoft.com/askcore/2014/10/20/asset-tag-tool-for-surface-pro-3/) blog post. +Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. For more information, refer to [Surface Asset Tag Tool](assettag.md). -To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions found in the [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/) blog post. +To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions in [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/). ## Configure push-button reset diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index 026be430c1..fafc824f21 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -37,11 +37,21 @@ "depot_name": "Win.surface", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "externalReference": [], "template": "op.html", "dest": "devices/surface", "markdownEngineName": "markdig" - } +} } diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index ff37d7a72e..af2bc13af9 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -28,7 +28,7 @@ Harness the power of Surface, Windows, and Office connected together through the
Surface Hub 2s Videos
+Surface Hub 2S Videos
+Surface Hub 2S with Microsoft 365
diff --git a/devices/surface-hub/surface-hub-2s-adoption-videos.md b/devices/surface-hub/surface-hub-2s-adoption-videos.md index 67fa4e4570..5e0419624f 100644 --- a/devices/surface-hub/surface-hub-2s-adoption-videos.md +++ b/devices/surface-hub/surface-hub-2s-adoption-videos.md @@ -1,6 +1,6 @@ --- title: "Surface Hub 2S on-demand adoption and training videos" -description: "This page contains comprehensive training for Surface Hub 2S via on-demand streaming" +description: "This page contains on-demand training for Surface Hub 2S." keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md index 7a08a67098..a32df68734 100644 --- a/devices/surface-hub/surface-hub-2s-connect.md +++ b/devices/surface-hub/surface-hub-2s-connect.md @@ -9,7 +9,7 @@ ms.author: greglin manager: laurawi audience: Admin ms.topic: article -ms.date: 06/20/2019 +ms.date: 11/13/2019 ms.localizationpriority: Medium --- @@ -28,7 +28,7 @@ In general, it’s recommended to use native cable connections whenever possible | **Connection** | **Functionality** | **Description**| | --- | --- | ---| | HDMI + USB-C | HDMI-in for audio and videoUSB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.
Use USB-C to USB-A to connect to legacy computers.
**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. | -| USB-C
(via compute module) | Video-in
Audio-in | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled | +| USB-C
(via compute module) | Video-in
Audio-in | Single cable needed for A/V
TouchBack and InkBack is supported
HDCP enabled | | HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled | | MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V | diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md index a1bd059ab4..fba71d0e0e 100644 --- a/devices/surface-hub/surface-hub-2s-prepare-environment.md +++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md @@ -9,7 +9,7 @@ ms.author: greglin manager: laurawi audience: Admin ms.topic: article -ms.date: 06/20/2019 +ms.date: 11/21/2019 ms.localizationpriority: Medium --- @@ -45,6 +45,6 @@ If you affiliate Surface Hub 2S with on-premises Active Directory Domain Service ## Azure Active Directory -When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Alternatively, you can configure the Device Administrator role to sign in to the Settings app. For more information, see [Administrator role permissions in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#device-administrators). Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. +When choosing to affiliate your Surface Hub 2S with Azure AD, any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s Bitlocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work. diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md index 5f898a3fb6..4e40f9ae25 100644 --- a/devices/surface-hub/surface-hub-2s-techspecs.md +++ b/devices/surface-hub/surface-hub-2s-techspecs.md @@ -9,7 +9,7 @@ manager: laurawi ms.author: greglin audience: Admin ms.topic: article -ms.date: 06/20/2019 +ms.date: 11/19/2019 ms.localizationpriority: Medium --- @@ -27,10 +27,10 @@ ms.localizationpriority: Medium |**Graphics**| Intel UHD Graphics 620 | |**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology
Miracast display | |**Connections**| USB-A
Mini-DisplayPort 1.2 video output
RJ45 gigabit Ethernet (1000/100/10 BaseT)
HDMI video input (HDMI 2.0, HDCP 2.2 /1.4)
USB-C with DisplayPort input
Four USB-C (on display) | -|**Sensors**| Doppler occupancy sensor
Accelerometer
Gyroscope | +|**Sensors**| Doppler occupancy 2
Accelerometer
Gyroscope | |**Audio/Video**| Full-range, front facing 3-way stereo speakers
Full band 8-element MEMS microphone array
Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV | |**Pen**| Microsoft Surface Hub 2 Pen (active) | -|**Software**| Windows 10
Microsoft Teams for Surface Hub 2
Skype for Business
Microsoft Whiteboard
Microsoft Office (Mobile)
Microsoft Power BI 2 | +|**Software**| Windows 10
Microsoft Teams for Surface Hub 3
Skype for Business
Microsoft Whiteboard
Microsoft Office (Mobile)
Microsoft Power BI 2 | |**Exterior**| Casing: Precision machined aluminum with mineral-composite resin
Color: Platinum
Physical Buttons: Power, Volume, Source | |**What’s in the box**| One Surface Hub 2S
One Surface Hub 2 Pen
One Surface Hub 2 Camera
2.5 m AC Power Cable
Quick Start Guide | |**Warranty**| 1-year limited hardware warranty | @@ -41,4 +41,5 @@ ms.localizationpriority: Medium |**Input Power, standby**| 5 W max | > [!NOTE] -> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details.
2 Software license required for some features. Sold separately.
+> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details.
2 Doppler sensor not available in Hong Kong, India, Kuwait, and Oman due to government regulations. +
3 Software license required for some features. Sold separately.
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index a10cc065ed..bc26815d56 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -17,7 +17,7 @@ ### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md) ### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md) ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) -### [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) +### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) ### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md) ### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) ### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index cf84fec23c..351b6d2449 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -1,5 +1,5 @@ --- -title: Considerations for Surface and System Center Configuration Manager (Surface) +title: Considerations for Surface and Microsoft Endpoint Configuration Manager description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations. keywords: manage, deployment, updates, driver, firmware ms.prod: w10 @@ -11,32 +11,32 @@ ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.audience: itpro -ms.date: 10/24/2019 +ms.date: 11/25/2019 ms.reviewer: manager: dansimp --- -# Considerations for Surface and System Center Configuration Manager +# Considerations for Surface and Microsoft Endpoint Configuration Manager -Fundamentally, management and deployment of Surface devices with System Center Configuration Manager (SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device. +Fundamentally, management and deployment of Surface devices with Endpoint Configuration Manager (formerly known as System Center Configuration Manager or SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device. -You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index). +You can find more information about how to use Configuration Manager to deploy and manage devices in the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/sccm/index). Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well. >[!NOTE] ->For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager. +>For management of Surface devices it is recommended that you use the Current Branch of Endpoint Configuration Manager. ## Support for Surface Pro X -Beginning in version 1802, SCCM includes client management support for Surface Pro X. Note however that running the SCCM agent on Surface Pro X may accelerate battery consumption. In addition, SCCM operating system deployment is not supported on Surface Pro X. For more information, refer to: -- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802) +Beginning in version 1802, Endpoint Configuration Manager includes client management support for Surface Pro X. Note however that running the Endpoint Configuration Manager agent on Surface Pro X may accelerate battery consumption. In addition, operating system deployment using Endpoint Configuration Manager is not supported on Surface Pro X. For more information, refer to: +- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-1802) - [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ## Updating Surface device drivers and firmware For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). -As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). +As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). >[!NOTE] >Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419). @@ -47,25 +47,25 @@ The default mechanism that Configuration Manager uses to identify devices during To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options: -* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. +* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/). -* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. +* Prestage devices by System UUID as documented in [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/). -* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post. +* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/). Another consideration for the Surface Ethernet adapter during deployments with Configuration Manager is the driver for the Ethernet controller. Beginning in Windows 10, version 1511, the driver for the Surface Ethernet adapter is included by default in Windows. For organizations that want to deploy the latest version of Windows 10 and use the latest version of WinPE, use of the Surface Ethernet adapter requires no additional actions. -For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, download it from the Microsoft Update Catalog as documented in the [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/) blog post from the Ask The Core Team blog. +For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, refer to [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/). ## Deploy Surface app with Configuration Manager -With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. You can find the PowerShell commands for deployment of Surface app, instructions to download Surface app, and prerequisite frameworks from Microsoft Store for Business in the [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business) article in the TechNet Library. +With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. For more information including PowerShell commands for deploying Surface app, refer to [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business). ## Use prestaged media with Surface clients If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices. -Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post. +To apply prestaged media to UEFI devices, such as Surface devices, refer to [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/). ## Licensing conflicts with OEM Activation 3.0 @@ -77,9 +77,9 @@ However, issues may arise when organizations intend to use versions of Windows t ## Apply an asset tag during deployment -Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. To read more about the Surface Asset Tag function, see the [Asset Tag Tool for Surface Pro 3](https://blogs.technet.microsoft.com/askcore/2014/10/20/asset-tag-tool-for-surface-pro-3/) blog post. +Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. For more information, refer to [Surface Asset Tag Tool](assettag.md). -To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions found in the [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/) blog post. +To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions in [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/). ## Configure push-button reset diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index 026be430c1..fafc824f21 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -37,11 +37,21 @@ "depot_name": "Win.surface", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "externalReference": [], "template": "op.html", "dest": "devices/surface", "markdownEngineName": "markdig" - } +} } diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index ff37d7a72e..af2bc13af9 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -28,7 +28,7 @@ Harness the power of Surface, Windows, and Office connected together through the
+Events are logged in the Application Event Log. Note: Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. | Event ID | Event type | | -------- | -------------------------------------------------------------------- | diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index de1879bcba..6281fa157d 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -9,7 +9,7 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/31/2019 +ms.date: 11/20/2019 ms.reviewer: scottmca manager: dansimp ms.localizationpriority: medium @@ -21,8 +21,7 @@ ms.audience: itpro Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal. >[!NOTE] ->SEMM is only available on devices with Surface UEFI firmware. - +>SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU). When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM. @@ -229,8 +228,8 @@ create a reset package using PowerShell to reset SEMM. ## Version History -### Version 2.59.139 -* Support to Surface Pro 7 and Surface Laptop 3 +### Version 2.59. +* Support to Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported. - Support to Wake on Power feature ### Version 2.54.139.0 diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md index 19a91301f7..efb5fa93b5 100644 --- a/devices/surface/surface-manage-dfci-guide.md +++ b/devices/surface/surface-manage-dfci-guide.md @@ -8,7 +8,7 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/20/2019 +ms.date: 11/13/2019 ms.reviewer: jesko manager: dansimp ms.audience: itpro @@ -29,9 +29,11 @@ In contrast to other Windows 10 devices available in the market today, Surface p Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use. -Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console. +Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right). -DFCI leverages the device profiles capability in Intune and is deployed using Windows Autopilot, eliminating the need for manual interaction by IT admins or end users. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain a costly on-premises infrastructure. + + +Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure. ## Supported devices @@ -41,6 +43,9 @@ At this time, DFCI is supported in the following devices: - Surface Pro X - Surface Laptop 3 +> [!NOTE] +> Surface Pro X does not support DFCI settings management for built-in camera, audio, and Wi-Fi/Bluetooth. + ## Prerequisites - Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor. @@ -59,30 +64,33 @@ A DFCI environment requires setting up a DFCI profile that contains the setting Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices. -1. Open Intune select **Device configuration > Profiles > Create profile** and enter a name; for example **My DFCI profile.** -2. Select Windows 10 and later for platform type. -3. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 2 on this page below or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile. +1. Sign into your tenant at devicemanagement.microsoft.com. +2. In the Microsoft Endpoint Manager Admin Center, select **Devices > Configuration profiles > Create profile** and enter a name; for example, **DFCI Configuration Policy.** +3. Select **Windows 10 and later** for platform type. +4. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 1 on this page or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile. ->  +  -4. Click **OK** and then select **Create**. -5. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**. +5. Click **OK** and then select **Create**. +6. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**. - +  ## Create Autopilot profile -1. Go to **Intune > Device enrollment > Windows enrollment** and scroll down to select **Deployment Profiles**. -2. Select **Create profile**, enter a name; for example, My Autopilot profile, and select **Next**. +1. In Endpoint Manager at devicemanagement.microsoft.com, select **devices > Windows enrollment** and scroll down to **Deployment profiles**. +2. Select **Create profile** and enter a name; for example, **My Autopilot profile**, and select **Next**. 3. Select the following settings: -- Deployment mode: **User-Driven**. -- Join type: Azure **AD joined**. + - Deployment mode: **User-Driven**. + - Join type: Azure **AD joined**. -4. Leave the remaining default settings unchanged and select **Next** -5. On the Scope tags page, select **Next**. -6. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**. -7. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group. +4. Leave the remaining default settings unchanged and select **Next**, as shown in the following figure. + +  + +5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**. +6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group. ## Configure Enrollment Status Page @@ -95,13 +103,15 @@ For more information, refer to [Set up an enrollment status page](https://docs.m DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level). -You configure DFCI policy settings by editing the DFCI profile: +You configure DFCI policy settings by editing the DFCI profile from Endpoint Manager, as shown in the figure below. -- **Intune > Device configuration > Profiles > “DFCI profile name” > Properties > Settings** +- In Endpoint Manager at devicemanagement.microsoft.com, select **Devices > Windows > Configuration Profiles > “DFCI profile name” > Properties > Settings**. + +  ### Block user access to UEFI settings -For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in the followng table, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.** +For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in Table 1, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.** The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also. ### Table 1. DFCI scenarios @@ -114,11 +124,11 @@ The rest of the DFCI settings enable you to turn off functionality that would ot | Disable radios (Bluetooth, Wi-Fi) | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**. | | Disable Boot from external media (USB, SD) | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. | +> [!CAUTION] +> The **Disable radios (Bluetooth, Wi-Fi)** setting should only be used on devices that have a wired Ethernet connection. > [!NOTE] -> DFCI in Intune includes two settings that do not currently apply to Surface devices: -- CPU and IO virtualization -- Disable Boot from network adapters +> DFCI in Intune includes two settings that do not currently apply to Surface devices: (1) CPU and IO virtualization and (2) Disable Boot from network adapters. Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). @@ -130,7 +140,7 @@ As stated above, DFCI can only be applied on devices registered in Windows Autop Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices. -- In Intune, go to **Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**. +- In Endpoint Manager at devicemanagement.microsoft.com, go to **Devices > Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**. For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows). @@ -144,12 +154,12 @@ In a test environment, you can verify settings in the Surface UEFI interface. 1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time. 2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure. - +  -Note how: + Note how: -- The settings are greyed out because **Allow local user to change UEFI setting** is set to None. -- Audio is set to off because **Microphones and speakers** are set to **Disabled**. + - The settings are greyed out because **Allow local user to change UEFI setting** is set to None. + - Audio is set to off because **Microphones and speakers** are set to **Disabled**. ## Removing DFCI policy settings @@ -157,14 +167,19 @@ When you create a DFCI profile, all configured settings will remain in effect ac If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate. -## Unregistering devices from DFCI to prepare for resale or recycle +## Removing DFCI management -1. Contact your partner, OEM, or reseller to unregister the device from Autopilot. -2. Remove the device from Intune. -3. Connect a Surface-branded network adapter. -4. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time. -5. Select **Management > Configure > Refresh from Network**. -6. Validate DFCI is removed from the device in the UEFI. +**To remove DFCI management and return device to factory new state:** + +1. Retire the device from Intune: + 1. In Endpoint Manager at devicemanagement.microsoft.com, choose **Groups > All Devices**. Select the devices you want to retire, and then choose **Retire/Wipe.** To learn more refer to [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/remote-actions/devices-wipe). +2. Delete the Autopilot registration from Intune: + 1. Choose **Device enrollment > Windows enrollment > Devices**. + 2. Under Windows Autopilot devices, choose the devices you want to delete, and then choose **Delete**. +3. Connect device to wired internet with Surface-branded ethernet adapter. Restart device and open the UEFI menu (press and hold the volume-up button while also pressing and releasing the power button). +4. Select **Management > Configure > Refresh from Network** and then choose **Opt-out.** + +To keep managing the device with Intune, but without DFCI management, self-register the device to Autopilot and enroll it to Intune. DFCI will not be applied to self-registered devices. ## Learn more - [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 2f8061c0b4..3e867c8f49 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -8,7 +8,7 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/03/2019 +ms.date: 11/20/2019 ms.reviewer: jessko manager: dansimp ms.audience: itpro @@ -36,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti ## Image-based deployment considerations -Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM) operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. +Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. ## Managing Surface Pro X devices @@ -48,7 +48,7 @@ For more information about setting up Intune, refer to the [Intune documentation ### Co-management -Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client. +Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client. ### Third party MDM solutions @@ -69,6 +69,12 @@ Outside of personal devices that rely on Windows Update, servicing devices in mo > [!NOTE] > Surface Pro X supports Windows 10, version 1903 and later. +### Windows Server Update Services +Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. + +For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products). + + ## Running apps on Surface Pro X Most apps run on ARM-based Windows 10 PCs with limited exclusions. @@ -120,7 +126,7 @@ The following tables show the availability of selected key features on Surface P | Support for Network Boot (PXE) | Yes | Yes | | | Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. | | WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. | -| SCCM: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. | +| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. | | MDT | Yes | No | Not supported on Surface Pro X. | @@ -129,7 +135,7 @@ The following tables show the availability of selected key features on Surface P | Intune | Yes | Yes | Manage LTE with eSIM profiles. | | Windows Autopilot | Yes | Yes | | | Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). | -| SCCM | Yes | Yes | | +| Endpoint Configuration Manager | Yes | Yes | | | Power on When AC Restore | Yes | Yes | | | Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | | | Surface Dock Firmware Update | Yes | Yes | | @@ -150,9 +156,9 @@ The following tables show the availability of selected key features on Surface P | Surface Data Eraser (SDE) | Yes | Yes | ## FAQ -### Can I deploy Surface Pro X with MDT or SCCM? +### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager? -The Microsoft Deployment Toolkit and System Center Configuration Manager operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. +The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. ### How can I deploy Surface Pro X? @@ -164,4 +170,4 @@ Yes. ### Is Intune required to manage Surface Pro X? -Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client. +Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client. diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 6c29966521..85b5bfa7d1 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -1,6 +1,6 @@ --- -title: Use System Center Configuration Manager to manage devices with SEMM (Surface) -description: Find out how to use Microsoft Surface UEFI Manager to perform SEMM management with System Center Configuration Manager. +title: Use Microsoft Endpoint Configuration Manager to manage devices with SEMM (Surface) +description: Learn how to manage SEMM with Endpoint Configuration Manager. keywords: enroll, update, scripts, settings ms.prod: w10 ms.mktglfcycl: manage @@ -9,21 +9,21 @@ ms.sitesec: library author: dansimp ms.author: dansimp ms.topic: article -ms.date: 10/31/2019 +ms.date: 11/22/2019 ms.reviewer: manager: dansimp ms.localizationpriority: medium ms.audience: itpro --- -# Use System Center Configuration Manager to manage devices with SEMM +# Use Microsoft Endpoint Configuration Manager to manage devices with SEMM The Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices allows administrators to both manage and secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration. -For organizations with System Center Configuration Manager, there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool. +For organizations with Endpoint Configuration Manager, (formerly known as System Center Configuration Manager or SCCM) there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool. >[!Note] ->Although the process described in this article may work with earlier versions of System Center Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of System Center Configuration Manager. +>Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager. #### Prerequisites @@ -278,7 +278,7 @@ To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 sc The following code fragment, found on lines 380-477, is used to write these registry keys: ``` -380 # For SCCM or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry: +380 # For Endpoint Configuration Manager or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry: 381 $UTCDate = (Get-Date).ToUniversalTime().ToString() 382 $certIssuer = $certPrint.Issuer 383 $certSubject = $certPrint.Subject diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index 00b08cc73a..2be171841b 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -13,7 +13,7 @@ ms.author: dansimp ms.topic: article ms.localizationpriority: medium ms.audience: itpro -ms.date: 10/21/2019 +ms.date: 11/26/2019 --- # Windows Autopilot and Surface devices @@ -35,10 +35,17 @@ Enrolling Surface devices in Windows Autopilot at the time of purchase is a capa When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include: +- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) - [Atea](https://www.atea.com/) +- [Bechtle](https://www.bechtle.com/de-en) +- [Cancom](https://www.cancom.de/) +- [CDW](https://www.cdw.com/) +- [Computacenter](https://www.computacenter.com/uk) - [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) - [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) - [SHI](https://www.shi.com/Surface) +- [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) +- [Techdata](https://www.techdata.com/) ## Learn more For more information about Windows Autopilot, refer to: diff --git a/education/developers.yml b/education/developers.yml index 5c73169853..9e21b6d27f 100644 --- a/education/developers.yml +++ b/education/developers.yml @@ -1,10 +1,10 @@ ### YamlMime:Hub -title: M365 Education Documentation for developers +title: Microsoft 365 Education Documentation for developers summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. metadata: - title: M365 Education Documentation for developers + title: Microsoft 365 Education Documentation for developers description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. ms.service: help ms.topic: hub-page diff --git a/education/docfx.json b/education/docfx.json index 91c875c200..809a2da28f 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -39,11 +39,21 @@ "depot_name": "Win.education", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "externalReference": [], "template": "op.html", "dest": "education", "markdownEngineName": "markdig" - } +} } diff --git a/education/images/EDU-FindHelp.svg b/education/images/EDU-FindHelp.svg new file mode 100644 index 0000000000..fea3109134 --- /dev/null +++ b/education/images/EDU-FindHelp.svg @@ -0,0 +1,32 @@ + + + diff --git a/education/images/EDU-ITJourney.svg b/education/images/EDU-ITJourney.svg new file mode 100644 index 0000000000..e42fe12104 --- /dev/null +++ b/education/images/EDU-ITJourney.svg @@ -0,0 +1,31 @@ + + + diff --git a/education/images/EDU-Teachers.svg b/education/images/EDU-Teachers.svg new file mode 100644 index 0000000000..4cdb2b3e7d --- /dev/null +++ b/education/images/EDU-Teachers.svg @@ -0,0 +1,27 @@ + + + diff --git a/education/index.yml b/education/index.yml index 9d3a74a32c..80796a921a 100644 --- a/education/index.yml +++ b/education/index.yml @@ -1,10 +1,10 @@ ### YamlMime:Hub -title: M365 Education Documentation +title: Microsoft 365 Education Documentation summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. metadata: - title: M365 Education Documentation + title: Microsoft 365 Education Documentation description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. ms.service: help ms.topic: hub-page diff --git a/education/itadmins.yml b/education/itadmins.yml index 25eabd906a..4aa321c59c 100644 --- a/education/itadmins.yml +++ b/education/itadmins.yml @@ -1,10 +1,10 @@ ### YamlMime:Hub -title: M365 Education Documentation for IT admins -summary: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync. +title: Microsoft 365 Education Documentation for IT admins +summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync. metadata: - title: M365 Education Documentation for IT admins + title: Microsoft 365 Education Documentation for IT admins description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync. ms.service: help ms.topic: hub-page @@ -13,7 +13,7 @@ metadata: ms.date: 10/24/2019 productDirectory: - summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. Check out at https://edujourney.microsoft.com/. Find help now at https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help. + summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. items: # Card - title: Phase 1 - Cloud deployment @@ -71,7 +71,7 @@ productDirectory: - url: https://docs.microsoft.com/microsoft-365/education/deploy/deploy-sharepoint-server-hybrid text: Deploy SharePoint Server Hybrid # Card - - title: Security & Compliance + - title: Security & compliance imageSrc: ./images/EDU-Lockbox.svg links: - url: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2 @@ -87,10 +87,34 @@ productDirectory: - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx text: Deploying Lockbox # Card - - title: Analytics & Insights + - title: Analytics & insights imageSrc: ./images/EDU-Education.svg links: - url: https://docs.microsoft.com/en-us/power-bi/service-admin-administering-power-bi-in-your-organization text: Power BI for IT admins - url: https://docs.microsoft.com/en-us/dynamics365/#pivot=get-started - text: Dynamics 365 \ No newline at end of file + text: Dynamics 365 + # Card + - title: Find deployment help + imageSrc: ./images/EDU-FindHelp.svg + links: + - url: https://docs.microsoft.com/microsoft-365/education/deploy/find-deployment-help + text: IT admin help + - url: https://social.technet.microsoft.com/forums/en-us/home + text: TechNet + # Card + - title: Check out our education journey + imageSrc: ./images/EDU-ITJourney.svg + links: + - url: https://edujourney.microsoft.com/k-12/ + text: K-12 + - url: https://edujourney.microsoft.com/hed/ + text: Higher education + # Card + - title: Additional support resources + imageSrc: ./images/EDU-Teachers.svg + links: + - url: https://support.office.com/en-us/education + text: Education help center + - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 + text: Teacher training packs \ No newline at end of file diff --git a/education/partners.yml b/education/partners.yml index 05d585f5f5..42925925f4 100644 --- a/education/partners.yml +++ b/education/partners.yml @@ -1,10 +1,10 @@ ### YamlMime:Hub -title: M365 Education Documentation for partners +title: Microsoft 365 Education Documentation for partners summary: Looking for resources available to Microsoft Education partners? Start here. metadata: - title: M365 Education Documentation for partners + title: Microsoft 365 Education Documentation for partners description: Looking for resources available to Microsoft Education partners? Start here. ms.service: help ms.topic: hub-page diff --git a/mdop/docfx.json b/mdop/docfx.json index 252c242145..c037b4fa3c 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -41,11 +41,21 @@ "depot_name": "Win.mdop", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "externalReference": [], "template": "op.html", "dest": "mdop", "markdownEngineName": "markdig" - } + } } diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md index f42751d4d1..7d1f4c4060 100644 --- a/mdop/mbam-v1/getting-started-with-mbam-10.md +++ b/mdop/mbam-v1/getting-started-with-mbam-10.md @@ -13,9 +13,12 @@ ms.prod: w10 ms.date: 08/30/2016 --- - # Getting Started with MBAM 1.0 +> **IMPORTANT** +> MBAM 1.0 will reach end of support on September 14, 2021. +> See our [lifecycle page](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). + Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership. diff --git a/smb/docfx.json b/smb/docfx.json index 14448aa33c..1c1ce5a53a 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -37,11 +37,21 @@ "depot_name": "TechNet.smb", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "fileMetadata": {}, "template": [], "dest": "smb", "markdownEngineName": "markdig" - } + } } diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index 760a988add..2a30faf3ef 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -47,11 +47,21 @@ "depot_name": "MSDN.store-for-business", "folder_relative_path_in_docset": "./" } - } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "garycentric" + ] }, "fileMetadata": {}, "template": [], "dest": "store-for-business", "markdownEngineName": "markdig" - } + } } diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 79251bed03..5f163fa7a7 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: lomayor -ms.date: 07/25/2019 +ms.date: 11/19/2019 --- # AppLocker CSP @@ -21,10 +21,10 @@ The following diagram shows the AppLocker configuration service provider in tree  -**./Vendor/MSFT/AppLocker** +**./Vendor/MSFT/AppLocker** Defines the root node for the AppLocker configuration service provider. -**ApplicationLaunchRestrictions** +**AppLocker/ApplicationLaunchRestrictions** Defines restrictions for applications. > [!NOTE] @@ -40,7 +40,133 @@ Additional information: - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps. - [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed. -**EnterpriseDataProtection** +**AppLocker/ApplicationLaunchRestrictions/_Grouping_** +Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. +Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE** +Defines restrictions for launching executable applications. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode** +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). + +The data type is a string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement** +The data type is a string. + +Supported operations are Add, Delete, Get, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI** +Defines restrictions for executing Windows Installer files. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode** +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). + +The data type is a string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script** +Defines restrictions for running scripts. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode** +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). + +The data type is a string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps** +Defines restrictions for running apps from the Microsoft Store. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode** +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). + +The data type is a string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL** +Defines restrictions for processing DLL files. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode** +The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). + +The data type is a string. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement** +The data type is a string. + +Supported operations are Add, Delete, Get, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity** +This node is only supported on the desktop. + +Supported operations are Get, Add, Delete, and Replace. + +**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy** +Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. + +Data type is Base64. + +Supported operations are Get, Add, Delete, and Replace. + +> [!NOTE] +> To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](https://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool) and added to the Applocker-CSP. + +**AppLocker/EnterpriseDataProtection** Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md). In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. @@ -61,115 +187,35 @@ Additional information: - [Recommended deny list for Windows Information Protection](#recommended-deny-list-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications. -Each of the previously listed nodes contains a **Grouping** node. +**AppLocker/EnterpriseDataProtection/_Grouping_** +Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. +Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. -
| Term | -Description | -
|---|---|
Grouping |
-Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. -Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time. -Supported operations are Get, Add, Delete, and Replace. |
-
| Term | -Description | -
|---|---|
EXE |
-Defines restrictions for launching executable applications. -Supported operations are Get, Add, Delete, and Replace. |
-
MSI |
-Defines restrictions for executing Windows Installer files. -Supported operations are Get, Add, Delete, and Replace. |
-
Script |
-Defines restrictions for running scripts. -Supported operations are Get, Add, Delete, and Replace. |
-
StoreApps |
-Defines restrictions for running apps from the Microsoft Store. -Supported operations are Get, Add, Delete, and Replace. |
-
DLL |
-Defines restrictions for processing DLL files. -Supported operations are Get, Add, Delete, and Replace. |
-
CodeIntegrity |
-This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace. |
-
| Term | -Description | -
|---|---|
Policy |
-Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy. -For nodes, other than CodeIntegrity, policy leaf data type is string. Supported operations are Get, Add, Delete, and Replace. -For CodeIntegrity/Policy, data type is Base64. Supported operations are Get, Add, Delete, and Replace. |
-
EnforcementMode |
-The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection). -The data type is a string. Supported operations are Get, Add, Delete, and Replace. |
-
NonInteractiveProcessEnforcement |
-The data type is a string. -Supported operations are Add, Delete, Get, and Replace. |
-
windowsPhoneLegacyId
Same value maps to the ProductName and Publisher name
This value will only be present if there is a XAP package associated with the app in the Store.
-If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and anothe one using the windowsPhoneLegacyId value.
If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.
@@ -668,12 +713,12 @@ The following list shows the apps that may be included in the inbox.-[Windows 10, version 1809](windows-10-1809-removed-features.md)
-[Windows 10, version 1803](windows-10-1803-removed-features.md)
-[Windows 10, version 1709](windows-10-1709-removed-features.md)
-[Windows 10, version 1703](windows-10-1703-removed-features.md) - -Also see: [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) - -## Terminology - -The following terms can be used to describe the status that might be assigned to a feature during its lifecycle. - -- **Deprecation**: The stage of the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases of a product or online service. -- **End of support**: The stage of the product lifecycle when support and servicing are no longer available for a product. -- **Retirement**: The stage of the product lifecycle when an online service is shut down so that it is no longer available for use. -- **Remove or retire a feature**: The stage of the product lifecycle when a feature or functionality is removed from an online service after it has been deprecated. -- **Replace a feature**: The stage of the product lifecycle when a feature or functionality in an online service is replaced with a different feature or functionality. +--- +title: Windows 10 features lifecycle +description: Learn about the lifecycle of Windows 10 features +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +manager: laurawi +ms.author: greglin +ms.topic: article +--- +# Windows 10 features lifecycle + +- Applies to: Windows 10 + +Each release of Windows 10 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option. + +## Features no longer being developed + +The following topic lists features that are no longer being developed. These features might be removed in a future release. + +[Windows 10 features we’re no longer developing](windows-10-deprecated-features.md) + +## Features removed + +The following topic has details about features that have been removed from Windows 10. + +[Windows 10 features we removed](windows-10-removed-features.md) + +## Terminology + +The following terms can be used to describe the status that might be assigned to a feature during its lifecycle. + +- **Deprecation**: The stage of the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases of a product or online service. +- **End of support**: The stage of the product lifecycle when support and servicing are no longer available for a product. +- **Retirement**: The stage of the product lifecycle when an service is shut down so that it is no longer available for use. +- **Remove or retire a feature**: The stage of the product lifecycle when a feature or functionality is removed from a service after it has been deprecated. +- **Replace a feature**: The stage of the product lifecycle when a feature or functionality in a service is replaced with a different feature or functionality. + +## Also see + +[Windows 10 release information](https://docs.microsoft.com/windows/release-information/) diff --git a/windows/deployment/planning/windows-10-1703-removed-features.md b/windows/deployment/planning/windows-10-1703-removed-features.md deleted file mode 100644 index 24b5b1b1d9..0000000000 --- a/windows/deployment/planning/windows-10-1703-removed-features.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Windows 10, version 1703 removed features -description: Learn about features that were removed in Windows 10, version 1703 -ms.prod: w10 -manager: laurawi -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -author: greg-lindsay -ms.topic: article ---- -# Features that are removed or deprecated in Windows 10, version 1703 - -> Applies to: Windows 10, version 1703 - -The following features and functionalities in the Windows 10 Creators Update edition (Windows 10, version 1703) have either been removed from the product in the current release (*Removed*) or are not in active development and are planned for potential removal in subsequent releases. - -This list is intended for IT professionals who are updating operating systems in a commercial environment. The plan and list are subject to change and may not include every deprecated feature or functionality. For more details about a listed feature or functionality and its replacement, see the documentation for that feature. - -| Feature | Removed | Not actively developed | -|------------|---------|------------| -|Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | | X | -|Apps Corner| | X | -|By default, Flash autorun in Edge is turned off. Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.)| X | | -|Interactive Service Detection Service| X | | -|Microsoft Paint for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization)| | | -|NPN support in TLS (superseded by ALPN)| X | | -|Reading List | | X | -|Tile Data Layer | | X | -|TLS DHE_DSS ciphers DisabledByDefault| | X | -|Windows Information Protection "AllowUserDecryption" policy | X | | -|WSUS for Windows Mobile, updates are being transitioned to the new Unified Update Platform (UUP) | X | | -|TCPChimney | | X | -|IPsec task offload| | X | diff --git a/windows/deployment/planning/windows-10-1709-removed-features.md b/windows/deployment/planning/windows-10-1709-removed-features.md deleted file mode 100644 index 5a745277d5..0000000000 --- a/windows/deployment/planning/windows-10-1709-removed-features.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Windows 10, version 1709 removed features -description: Learn about features that will be removed in Windows 10, version 1709 -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: ITPro -author: greg-lindsay -manager: laurawi -ms.topic: article ---- -# Features that are removed or deprecated in Windows 10, version 1709 - -> Applies to: Windows 10, version 1709 - -The following features and functionalities in the Windows 10, version 1709 are either removed from the product in the current release (*Removed*) or are not in active development and might be removed in future releases. - -This list is intended to help customers consider these removals and deprecations for their own planning. The list is subject to change and may not include every deprecated feature or functionality. - -For more information about a listed feature or functionality and its replacement, see the documentation for that feature. You can also follow the provided links in this table to see additional resources. - -| Feature | Removed | Not actively developed | --|-|- -|**3D Builder app**
No longer installed by default. Consider using Print 3D and Paint 3D in its place. However, 3D Builder is still available for download from the Windows Store. | X | | -|**Apndatabase.xml**
For more information about the replacement database, see the following Hardware Dev Center articles:
[MO Process to update COSA](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission)
[COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq) | X | | -|**Enhanced Mitigation Experience Toolkit (EMET)**
Use will be blocked. Consider using [Exploit Protection](https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile/#fMH3bUDAb5HEstZ5.97) as a replacement.| X | | -|**IIS 6 Management Compatibility**
We recommend that users use alternative scripting tools and a newer management console. | | X | -|**IIS Digest Authentication**
We recommend that users use alternative authentication methods.| | X | -|**Microsoft Paint**
Will be available through the Windows Store. Functionality integrated into Paint 3D.| | X | -|**Outlook Express**
Removing this non-functional legacy code.| X | | -|**Reader app**
Functionality to be integrated into Microsoft Edge.| X | | -|**Reading List**
Functionality to be integrated into Microsoft Edge.| X | | -|**Resilient File System (ReFS)**
Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability.
(added: August 17, 2017)| | X | -|**RSA/AES Encryption for IIS**
We recommend that users use CNG encryption provider.| | X | -|**Screen saver functionality in Themes**
Disabled in Themes (classified as **Removed** in this table). Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lockscreen features and policies are preferred. | X | X | -|**Sync your settings**
Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The "Sync your settings" options and the Enterprise State Roaming feature will continue to work.
(updated: August 17, 2017) | | X | -|**Syskey.exe**
Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see the following Knowledge Base article: [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window)| X | | -|**System Image Backup (SIB) Solution**
We recommend that users use full-disk backup solutions from other vendors.| | X | -|**TCP Offload Engine**
Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see the following PFE Platform Blog article: [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| X || -|**Tile Data Layer**
To be replaced by the Tile Store.| X || -|**TLS RC4 Ciphers**
To be disabled by default. For more information, see the following Windows IT Center topic: [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)|| X| -|**Trusted Platform Module (TPM) Owner Password Management**
This legacy code to be removed.|| X | -|**Trusted Platform Module (TPM): TPM.msc and TPM Remote Management**
To be replaced by a new user interface in a future release.| | X | -|**Trusted Platform Module (TPM) Remote Management**
This legacy code to be removed in a future release.|| X | -|**Windows Hello for Business deployment that uses System Center Configuration Manager**
Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience.|| X | -|**Windows PowerShell 2.0**
Applications and components should be migrated to PowerShell 5.0+.| | X | diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md deleted file mode 100644 index 562f287c68..0000000000 --- a/windows/deployment/planning/windows-10-1803-removed-features.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Windows 10, version 1803 - Features that have been removed -description: Learn about features that will be removed or deprecated in Windows 10, version 1803, or a future release -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro -author: greg-lindsay -ms.author: greglin -ms.date: 08/16/2018 -ms.reviewer: -manager: laurawi -ms.topic: article ---- -# Features removed or planned for replacement starting with Windows 10, version 1803 - -> Applies to: Windows 10, version 1803 - -Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1803 (also called Windows 10 April 2018 Update). - -> [!TIP] -> - You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes. -- Have questions about other releases? Check out the information for [Features that are removed or deprecated in Windows 10, version 1703](https://docs.microsoft.com/windows/deployment/planning/windows-10-1703-removed-features), [Features that are removed or deprecated in Windows 10, version 1709](https://docs.microsoft.com/windows/deployment/planning/windows-10-1709-removed-features), and [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/en-us/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). - - -**The list is subject to change and might not include every affected feature or functionality.** - -## Features we removed in this release - -We've removed the following features and functionalities from the installed product image in Windows 10, version 1803. Applications or code that depend on these features won't function in this release unless you use an alternate method. - -|Feature |Instead you can use...| -|-----------|-------------------- -|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| -|People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| -|Language control in the Control Panel| Use the Settings app to change your language settings.| -|HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.
When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.
Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10:
- [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10)
- [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | -|**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).| -|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.
However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| - - -## Features we’re no longer developing - -We are no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. - -If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). - -|Feature |Instead you can use...| -|-----------|---------------------| -|[Software Restriction Policies](https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.| -|[Offline symbol packages](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](https://blogs.msdn.microsoft.com/windbg/2017/10/18/update-on-microsofts-symbol-server/). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.| -|Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. If for any reason you see an error message about "help not supported," possibly when using a non-Microsoft application, read [this support article](https://support.microsoft.com/help/917607/error-opening-help-in-windows-based-programs-feature-not-included-or-h) for additional information and any next steps.| -|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.| -|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.| -|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.| -|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.| -|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| diff --git a/windows/deployment/planning/windows-10-1809-removed-features.md b/windows/deployment/planning/windows-10-1809-removed-features.md deleted file mode 100644 index 9a2cb63049..0000000000 --- a/windows/deployment/planning/windows-10-1809-removed-features.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Windows 10, version 1809 - Features that have been removed -description: Learn about features that will be removed or deprecated in Windows 10, version 1809, or a future release -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro -author: greg-lindsay -ms.author: greglin -ms.date: 11/16/2018 -ms.reviewer: -manager: laurawi -ms.topic: article ---- -# Features removed or planned for replacement starting with Windows 10, version 1809 - -> Applies to: Windows 10, version 1809 - -Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1809. - -> [!TIP] -> You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes. -> Have questions about other releases? Check out the information for [Features removed or planned for replacement starting with Windows 10, version 1809](https://docs.microsoft.com/windows/deployment/planning/windows-10-1809-removed-features), [Features removed or planned for replacement starting with Windows Server, version 1709](https://docs.microsoft.com/windows-server/get-started/removed-features-1709), and [Features that are removed or deprecated in Windows 10, version 1703](https://docs.microsoft.com/windows/deployment/planning/windows-10-1703-removed-features). - - -**The list is subject to change and might not include every affected feature or functionality.** - -## Features we removed in this release - -We're removing the following features and functionalities from the installed product image in Windows 10, version 1809. Applications or code that depend on these features won't function in this release unless you use an alternate method. - -|Feature |Instead you can use...| -|-----------|-------------------- -|Business Scanning, also called Distributed Scan Management (DSM)|We're removing this secure scanning and scanner management capability - there are no devices that support this feature.| -|[FontSmoothing setting](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-visualeffects-fontsmoothing) in unattend.xml|The FontSmoothing setting let you specify the font antialiasing strategy to use across the system. We've changed Windows 10 to use [ClearType](https://docs.microsoft.com/typography/cleartype/) by default, so we're removing this setting as it is no longer necessary. If you include this setting in the unattend.xml file, it'll be ignored.| -|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.| -|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| -|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| -|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| - -## Features we’re no longer developing - -We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. - -If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). - -|Feature |Instead you can use...| -|-----------|---------------------| -|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because third party partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| -|OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.| -|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97), that provides the same screen snipping abilities, as well as additional features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the “Screen snip” button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.| - - diff --git a/windows/deployment/planning/windows-10-1903-removed-features.md b/windows/deployment/planning/windows-10-1903-removed-features.md deleted file mode 100644 index 7d8e437274..0000000000 --- a/windows/deployment/planning/windows-10-1903-removed-features.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Windows 10, version 1903 - Features that have been removed -description: Learn about features that will be removed or deprecated in Windows 10, version 1903, or a future release -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro -author: greg-lindsay -manager: laurawi -ms.author: greglin -ms.topic: article ---- -# Features removed or planned for replacement starting with Windows 10, version 1903 - -> Applies to: Windows 10, version 1903 - -Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10, version 1903. **The list below is subject to change and might not include every affected feature or functionality.** - -> [!NOTE] -> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. - -## Features we removed or will remove soon - -The following features and functionalities are removed from the installed product image for Windows 10, version 1903, or are planned for removal in an upcoming release. Applications or code that depend on these features won't function in this release unless you use another method. - - -| Feature | Details | -|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| XDDM-based remote display driver | Starting with this release the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote indirect display driver ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | -| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | - -## Features we’re no longer developing - -We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. - -If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). - -|Feature |Details| -|-----------|---------------------| -| Taskbar settings roaming| Roaming of taskbar settings is no longer being developed and we plan to disable this capability in a future release| -|Wi-Fi WEP and TKIP|In this release a warning message will appear when connecting to Wi-Fi networks secured with WEP or TKIP, which are not as secure as those using WPA2 or WPA3. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | -|Windows To Go|Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| -|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| - diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md new file mode 100644 index 0000000000..7ff8c3069a --- /dev/null +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -0,0 +1,66 @@ +--- +title: Windows 10 features we’re no longer developing +description: Review the list of features that are no longer being developed in Windows 10 +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.topic: article +--- +# Windows 10 features we’re no longer developing + +> Applies to: Windows 10 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md). + +The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources. + +**The following list is subject to change and might not include every affected feature or functionality.** + +>If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). + +|Feature | Details and mitigation | Announced in version | +| ----------- | --------------------- | ---- | +| Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 | +| Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | +| My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | +| TFS1/TFS2 IME | TSF1 and TSF2 IME will be replaced by TSF3 IME in a future release. [Text Services Framework](https://docs.microsoft.com/windows/win32/tsf/what-is-text-services-framework) (TFS) enables language technologies. TSF IME are Windows components that you can add to enable typing text for Japanese, Simplified Chinese, Traditional Chinese, and Korean languages. | 1909 | +| Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | +| XDDM-based remote display driver | Starting with this release, the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use an XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information about implementing a remote indirect display driver, ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | 1903 | +| Taskbar settings roaming | Roaming of taskbar settings is no longer being developed and we plan to remove this capability in a future release. | 1903 | +| Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 | +| Windows To Go | Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| 1903 | +| Print 3D app | Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| 1903 | +|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because third party partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| 1809 | +|OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.| 1809 | +|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97), that provides the same screen snipping abilities, as well as additional features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the “Screen snip” button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.| 1809 | +|[Software Restriction Policies](https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.| 1803 | +|[Offline symbol packages](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](https://blogs.msdn.microsoft.com/windbg/2017/10/18/update-on-microsofts-symbol-server/). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.| 1803 | +|Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. If for any reason you see an error message about "help not supported," possibly when using a non-Microsoft application, read [this support article](https://support.microsoft.com/help/917607/error-opening-help-in-windows-based-programs-feature-not-included-or-h) for additional information and any next steps.| 1803 | +|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.| 1803 | +|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.| 1803 | +|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.| 1803 | +|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers has not been developed since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.| 1803 | +|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**
The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 | +|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 | +|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 | +|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 | +|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 | +|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | +|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 | +|System Image Backup (SIB) Solution | We recommend that users use full-disk backup solutions from other vendors. | 1709 | +|TLS RC4 Ciphers |To be disabled by default. For more information, see the following Windows IT Center topic: [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 | +|Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 | +|Trusted Platform Module (TPM): TPM.msc and TPM Remote Management | To be replaced by a new user interface in a future release. | 1709 | +|Trusted Platform Module (TPM) Remote Management |This functionality within TPM.msc will be migrated to a new user interface. | 1709 | +|Windows Hello for Business deployment that uses System Center Configuration Manager |Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 | +|Windows PowerShell 2.0 | Applications and components should be migrated to PowerShell 5.0+. | 1709 | +|Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 | +|Tile Data Layer | The [Tile Data Layer](https://docs.microsoft.com/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 | +|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | +|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | +|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md new file mode 100644 index 0000000000..3063058112 --- /dev/null +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -0,0 +1,61 @@ +--- +title: Windows 10 - Features that have been removed +description: Learn about features and functionality that has been removed or replaced in Windows 10 +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.topic: article +--- + +# Features and functionality removed in Windows 10 + +> Applies to: Windows 10 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.** + +For information about features that might be removed in a future release, see [Windows 10 features we’re no longer developing](windows-10-deprecated-features.md) + +> [!NOTE] +> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. + +The following features and functionalities have been removed from the installed product image for Windows 10. Applications or code that depend on these features won't function in the release when it was removed, or in later releases. + +|Feature | Details and mitigation | Removed in version | +| ----------- | --------------------- | ------ | +| PNRP APIs| The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | +| Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 | +| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | 1903 | +|Business Scanning, also called Distributed Scan Management (DSM)|We're removing this secure scanning and scanner management capability - there are no devices that support this feature.| 1809 | +|[FontSmoothing setting](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-visualeffects-fontsmoothing) in unattend.xml|The FontSmoothing setting let you specify the font antialiasing strategy to use across the system. We've changed Windows 10 to use [ClearType](https://docs.microsoft.com/typography/cleartype/) by default, so we're removing this setting as it is no longer necessary. If you include this setting in the unattend.xml file, it'll be ignored.| 1809 | +|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.| 1809 | +|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 | +|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 | +|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 | +|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 | +|People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 | +|Language control in the Control Panel| Use the Settings app to change your language settings.| 1803 | +|HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.
When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.
Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10:
- [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10)
- [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | 1803 | +|**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).| 1803 | +|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.
However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| 1803 | +|3D Builder app | No longer installed by default. Consider using Print 3D and Paint 3D in its place. However, 3D Builder is still available for download from the Windows Store.| 1709 | +|Apndatabase.xml | For more information about the replacement database, see the following Hardware Dev Center articles:
[MO Process to update COSA](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission)
[COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq) | 1709 | +|Enhanced Mitigation Experience Toolkit (EMET) |Use of this feature will be blocked. Consider using [Exploit Protection](https://blogs.windows.com/windowsexperience/2017/06/28/) as a replacement. | 1709 | +|Outlook Express | This legacy application will be removed due to lack of functionality. | 1709 | +|Reader app | Functionality to be integrated into Microsoft Edge. | 1709 | +|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 | +|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | +|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 | +|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 | +|Tile Data Layer |To be replaced by the Tile Store.| 1709 | +|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 | +|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 | +|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 | +|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 | +|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 | +|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 | +|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 | \ No newline at end of file diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index b13b1e355c..8751735da2 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -33,7 +33,7 @@ Servicing stack updates improve the reliability of the update process to mitigat Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical." >[!NOTE] ->You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). +>You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). ## What's the difference between a servicing stack update and a cumulative update? diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index d3aee0caf9..d4e43924fb 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -58,7 +58,7 @@ You can control when updates are applied, for example by deferring when an updat Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates. - Drivers (on/off): **Computer configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** -- Microsoft product updates (on/off): **Computer configuration > Administrative Templates > Windows Components > Windows Update > Get updates for other Microsoft Products** +- Microsoft product updates (on/off): **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates > Install updates for other Microsoft products** We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. We also recommend that you leave the "Microsoft product updates" setting on. diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md index 0de74e46b1..b64c35b077 100644 --- a/windows/deployment/windows-autopilot/TOC.md +++ b/windows/deployment/windows-autopilot/TOC.md @@ -19,6 +19,7 @@ ## [Configuring device profiles](profiles.md) ## [Enrollment Status Page](enrollment-status.md) ## [BitLocker encryption](bitlocker.md) +## [DFCI management](dfci-management.md) ## [Troubleshooting](troubleshooting.md) ## [Known issues](known-issues.md) diff --git a/windows/deployment/windows-autopilot/dfci-management.md b/windows/deployment/windows-autopilot/dfci-management.md new file mode 100644 index 0000000000..550420a264 --- /dev/null +++ b/windows/deployment/windows-autopilot/dfci-management.md @@ -0,0 +1,70 @@ +--- +title: DFCI Management +ms.reviewer: +manager: laurawi +description: With Windows Autopilot Deployment and Intune, you can manage UEFI (BIOS) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI) +keywords: Autopilot, DFCI, UEFI, Windows 10 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +ms.localizationpriority: medium +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# DFCI Management + +**Applies to** + +- Windows 10 + +With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI). DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot deployed devices. This allows you to limit end user's control over BIOS settings. For example, you can lock down the boot options to prevent users from booting up another OS, such as one that doesn't have the same security features. + +If a user reinstalls a previous Windows version, install a separate OS, or format the hard drive, they can't override DFCI management. This feature can also prevent malware from communicating with OS processes, including elevated OS processes. DFCI’s trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the device’s UEFI menus. + +For an overview of DFCI benefits, scenarios, and prerequisites, see [Device Firmware Configuration Interface (DFCI) Introduction](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/). + +## DFCI management lifecycle + +The DFCI management lifecycle can be viewed as UEFI integration, device registration, profile creation, enrollment, management, retirement, and recovery. See the following figure. + +  + +## Requirements + +- Windows 10, version 1809 or later and a supported UEFI is required. +- The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](#oems-that-support-dfci), or the firmware version needed to use DFCI. +- The device must be managed with Microsoft Intune. For more information, see [Enroll Windows devices in Intune using Windows Autopilot](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). +- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM. + +>[!IMPORTANT] +>Devices manually registered for Autopilot (such as by [importing from a csv file](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot#add-devices)) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device’s commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot. When your device is registered, its serial number is displayed in the list of Windows Autopilot devices. + +## Managing DFCI profile with Windows Autopilot + +There are four basic steps in managing DFCI profile with Windows Autopilot: + +1. Create an Autopilot Profile +2. Create an Enrollment status page profile +3. Create a DFCI profile +4. Assign the profiles + +See [Create the profiles](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-the-profiles) and [Assign the profiles, and reboot](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#assign-the-profiles-and-reboot) for details. + +You can also [change existing DFCI settings](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#update-existing-dfci-settings) on devices that are in use. In your existing DFCI profile, change the settings and save your changes. Since the profile is already assigned, the new DFCI settings take effect when next time the device syncs or the device reboots. + +## OEMs that support DFCI + +- [Microsoft Surface](https://docs.microsoft.com/surface/surface-manage-dfci-guide) + +Additional OEMs are pending. + +## See also + +[Microsoft DFCI Scenarios](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Scenarios/DfciScenarios/)
+[Windows Autopilot and Surface devices](https://docs.microsoft.com/surface/windows-autopilot-and-surface-devices)
\ No newline at end of file diff --git a/windows/deployment/windows-autopilot/images/dfci.png b/windows/deployment/windows-autopilot/images/dfci.png new file mode 100644 index 0000000000..6c68ed8b80 Binary files /dev/null and b/windows/deployment/windows-autopilot/images/dfci.png differ diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md index efeffc2e04..ae223e3032 100644 --- a/windows/deployment/windows-autopilot/index.md +++ b/windows/deployment/windows-autopilot/index.md @@ -30,14 +30,14 @@ This guide is intended for use by an IT-specialist, system architect, or busines ## In this guide
| What's new | Windows Autopilot is always being updated with new features! Check this topic to read about the latests capabilities. + |
| What's new | Windows Autopilot is always being updated with new features! Check this topic to read about the latest capabilities. |
| Overview of Windows Autopilot | A review of Windows Autopilot is provided with a video walkthrough. Benefits and general requirements are discussed. - |
| Requirements | Detailed software, network, licensiing, and configuration requirments are provided. + |
| Requirements | Detailed software, network, licensing, and configuration requirements are provided. |
| Scenarios and Capabilities | A summary of Windows Autopilot deployment scenarios and capabilities. |
| Get started | Interested in trying out Autopilot? See this step-by-step walkthrough to test Windows Autopilot on a virtual machine or physical device with a free 30-day trial premium Intune account. |
| Registering devices | The process of registering a device with the Windows Autopilot deployment service is described. - |
| Configuring device profiles | The device profile settings that specifie its behavior when it is deployed are described. + |
| Configuring device profiles | The device profile settings that specific its behavior when it is deployed are described. |
| Enrollment status page | Settings that are available on the Enrollment Status Page are described. |
| BitLocker encryption | Available options for configuring BitLocker on Windows Autopilot devices are described. - |
| Troubleshooting Windows Autopilot | Diagnotic event information and troubleshooting procedures are provided. + |
| DFCI management | Manage UEFI settings using the Device Firmware Configuration Interface (DFCI) with Windows Autopilot and Intune. + |
| Troubleshooting Windows Autopilot | Diagnostic event information and troubleshooting procedures are provided. |
| Known issues | A list of current known issues and solutions is provided. |
-
+
What's New? |
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index 01c084966d..67ba2be075 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -50,7 +50,9 @@ The following methodology was used to derive these network endpoints:
|Area|Description|Protocol|Destination|
|----------------|----------|----------|------------|
-|Apps|The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
+|||HTTP|tile-service.weather.microsoft.com
|||HTTP|tile-service.weather.microsoft.com
||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
@@ -65,8 +67,10 @@ The following methodology was used to derive these network endpoints:
|Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
|||HTTPS|ris-prod-atm.trafficmanager.net|
|||HTTPS|validation-v2.sls.trafficmanager.net|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.|HTTP|ctldl.windowsupdate.com|
-|Cortana and Search|The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions. |HTTPS|store-images.*microsoft.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+|||HTTP|ctldl.windowsupdate.com|
+|Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions.|HTTPS|store-images.*microsoft.com|
||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
|||HTTPS|www.bing.com|
|||HTTPS|www.bing.com/proactive|
@@ -76,10 +80,12 @@ The following methodology was used to derive these network endpoints:
|||HTTP|fp-vp.azureedge.net|
|||HTTP|odinvzc.azureedge.net|
|||HTTP|spo-ring.msedge.net|
-|Device authentication|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|HTTP|v10.events.data.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||HTTP|v10.events.data.microsoft.com|
|||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
|||HTTP|www.microsoft.com|
||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
@@ -87,16 +93,21 @@ The following methodology was used to derive these network endpoints:
|||HTTPS|cs1137.wpc.gammacdn.net|
|||TLS v1.2|modern.watson.data.microsoft.com*|
|||HTTPS|watson.telemetry.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|HTTPS|*licensing.mp.microsoft.com*|
-|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data.|HTTPS|inference.location.live.net|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+|||HTTPS|*licensing.mp.microsoft.com*|
+|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
+|||HTTPS|inference.location.live.net|
|||HTTP|location-inference-westus.cloudapp.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
|||HTTP|*maps.windows.com*|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
|||HTTP|us.configsvc1.live.com.akadns.net|
|Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|
|||HTTPS|store-images.microsoft.com|
@@ -106,9 +117,10 @@ The following methodology was used to derive these network endpoints:
|||HTTP|storeedgefd.dsx.mp.microsoft.com|
|||HTTP|markets.books.microsoft.com|
|||HTTP |share.microsoft.com|
-|Network Connection Status Indicator (NCSI)|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|||HTTP|*.c-msedge.net|
|||HTTPS|*.e-msedge.net|
|||HTTPS|*.s-msedge.net|
|||HTTPS|nexusrules.officeapps.live.com|
@@ -120,29 +132,35 @@ Office|The following endpoints are used to connect to the Office 365 portal's sh
|||HTTPS|onecollector.cloudapp.aria|
|||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
|||HTTPS|self.events.data.microsoft.com|
-||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
+||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com|
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+|||HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
|||HTTP|msagfx.live.com|
|||HTTPS|oneclient.sfx.ms|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|HTTPS|cy2.settings.data.microsoft.com.akadns.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||HTTPS|cy2.settings.data.microsoft.com.akadns.net|
|||HTTPS|settings.data.microsoft.com|
|||HTTPS|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|browser.pipe.aria.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|||HTTPS|browser.pipe.aria.microsoft.com|
|||HTTP|config.edge.skype.com|
|||HTTP|s2s.config.skype.com|
|||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.|HTTPS|wdcp.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+|||HTTPS|wdcp.microsoft.com|
|||HTTPS|definitionupdates.microsoft.com|
|||HTTPS|go.microsoft.com|
||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications will not appear.|HTTPS|*smartscreen.microsoft.com|
|||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
|||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.|TLS v1.2|*.search.msn.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+|||TLS v1.2|*.search.msn.com|
|||HTTPS|arc.msn.com|
|||HTTPS|g.msn.com*|
|||HTTPS|query.prod.cms.rt.microsoft.com|
|||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.|HTTPS|*.prod.do.dsp.mp.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+|||HTTPS|*.prod.do.dsp.mp.microsoft.com|
|||HTTP|cs9.wac.phicdn.net|
|||HTTP|emdl.ws.microsoft.com|
||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md
index 41ca5d90c0..f0457af621 100644
--- a/windows/release-information/TOC.md
+++ b/windows/release-information/TOC.md
@@ -1,5 +1,8 @@
# [Windows 10 release information](index.md)
# [Message center](windows-message-center.yml)
+# Version 1909
+## [Known issues and notifications](status-windows-10-1909.yml)
+## [Resolved issues](resolved-issues-windows-10-1909.yml)
# Version 1903
## [Known issues and notifications](status-windows-10-1903.yml)
## [Resolved issues](resolved-issues-windows-10-1903.yml)
@@ -12,9 +15,6 @@
# Version 1709
## [Known issues and notifications](status-windows-10-1709.yml)
## [Resolved issues](resolved-issues-windows-10-1709.yml)
-# Version 1703
-## [Known issues and notifications](status-windows-10-1703.yml)
-## [Resolved issues](resolved-issues-windows-10-1703.yml)
# Version 1607 and Windows Server 2016
## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
## [Resolved issues](resolved-issues-windows-10-1607.yml)
diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml
index 50c83837eb..d782b8d33e 100644
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@@ -36,7 +36,6 @@ sections:
|||
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error. See details > | OS Build 10240.18305 August 13, 2019 KB4512497 | Resolved KB4517276 | August 17, 2019 02:00 PM PT |
| MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices. See details > | OS Build 10240.18244 June 11, 2019 KB4503291 | Resolved External | August 09, 2019 07:03 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close. See details > | OS Build 10240.18244 June 11, 2019 KB4503291 | Resolved KB4507458 | July 09, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 10240.18215 May 14, 2019 KB4499154 | Resolved KB4505051 | May 19, 2019 02:00 PM PT |
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms:
- Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4507458.
Back to top
June 11, 2019
KB4503291
KB4507458
July 09, 2019
10:00 AM PT
Opened:
June 12, 2019
11:11 AM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505051) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505051 from Windows Update and then restarting your device. This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505051, search for it in the Microsoft Update Catalog. Back to top | OS Build 10240.18215 May 14, 2019 KB4499154 | Resolved KB4505051 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
June 11, 2019
KB4503267
KB4503294
02:00 PM PT
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details >
May 23, 2019
KB4499177
KB4503267
10:00 AM PT
There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.
See details >
March 12, 2019
KB4489882
KB4503267
10:00 AM PT
Update not showing as applicable through WSUS or SCCM or when manually installed
See details >
May 14, 2019
KB4494440
KB4498947
10:00 AM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
May 14, 2019
KB4494440
KB4505052
02:00 PM PT
When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider.
See details >
April 25, 2019
KB4493473
KB4494440
10:00 AM PT
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.
See details >
April 25, 2019
KB4493473
KB4494440
10:00 AM PT
| Details | Originating update | Status | History |
| Devices with Hyper-V enabled may receive BitLocker error 0xC0210000 Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting. Affected platforms:
Resolution: This issue was resolved in KB4507460. Back to top | OS Build 14393.2969 May 14, 2019 KB4494440 | Resolved KB4507460 | Resolved: July 09, 2019 10:00 AM PT Opened: May 21, 2019 08:50 AM PT |
| Update not showing as applicable through WSUS or SCCM or when manually installed KB4494440 or later updates may not show as applicable through WSUS or SCCM to the affected platforms. When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\" Affected platforms:
Resolution: The servicing stack update (SSU) (KB4498947) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates. Back to top | OS Build 14393.2969 May 14, 2019 KB4494440 | Resolved KB4498947 | Resolved: May 14, 2019 10:00 AM PT Opened: May 24, 2019 04:20 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505052) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505052 from Windows Update and then restarting your device. This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505052, search for it in the Microsoft Update Catalog. Back to top | OS Build 14393.2969 May 14, 2019 KB4494440 | Resolved KB4505052 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | OS Build 14393.2941 April 25, 2019 KB4493473 | Resolved KB4494440 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473. Affected platforms:
Resolution: This issue was resolved in KB4494440. Back to top | OS Build 14393.2941 April 25, 2019 KB4493473 | Resolved KB4494440 | Resolved: May 14, 2019 10:00 AM PT Opened: April 25, 2019 02:00 PM PT |
- " - -- title: Resolved issues -- items: - - type: markdown - text: " -
| Summary | Originating update | Status | Date resolved |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 15063.2046 September 23, 2019 KB4522011 | Resolved KB4520010 | October 08, 2019 10:00 AM PT |
| IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage. See details > | OS Build 15063.2045 September 10, 2019 KB4516068 | Resolved | September 17, 2019 04:47 PM PT |
| Domain connected devices that use MIT Kerberos realms will not start up Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms. See details > | OS Build 15063.1955 July 16, 2019 KB4507467 | Resolved KB4512507 | August 13, 2019 10:00 AM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error. See details > | OS Build 15063.1988 August 13, 2019 KB4512507 | Resolved KB4512474 | August 17, 2019 02:00 PM PT |
| MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices. See details > | OS Build 15063.1868 June 11, 2019 KB4503279 | Resolved External | August 09, 2019 07:03 PM PT |
| Devices with Hyper-V enabled may receive BitLocker error 0xC0210000 Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000. See details > | OS Build 15063.1805 May 14, 2019 KB4499181 | Resolved KB4507450 | July 09, 2019 10:00 AM PT |
| Difficulty connecting to some iSCSI-based SANs Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI. See details > | OS Build 15063.1839 May 28, 2019 KB4499162 | Resolved KB4509476 | June 26, 2019 04:00 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close. See details > | OS Build 15063.1868 June 11, 2019 KB4503279 | Resolved KB4503289 | June 18, 2019 02:00 PM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed. See details > | OS Build 15063.1839 May 28, 2019 KB4499162 | Resolved KB4503279 | June 11, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 15063.1805 May 14, 2019 KB4499181 | Resolved KB4505055 | May 19, 2019 02:00 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider. See details > | OS Build 15063.1784 April 25, 2019 KB4493436 | Resolved KB4499181 | May 14, 2019 10:00 AM PT |
-
- "
-- title: September 2019
-- items:
- - type: markdown
- text: "
- | Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4520010. Back to top | OS Build 15063.2046 September 23, 2019 KB4522011 | Resolved KB4520010 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard. Affected platforms:
Resolution: After investigation, we have found that this issue does not affect this version of Windows. Back to top | OS Build 15063.2045 September 10, 2019 KB4516068 | Resolved | Resolved: September 17, 2019 04:47 PM PT Opened: September 13, 2019 05:25 PM PT |
| Details | Originating update | Status | History |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error After installing KB4512507, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\" Affected platforms:
Resolution: This issue was resolved in KB4512474. This ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512474 and install. For instructions, see Update Windows 10. Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS). Back to top | OS Build 15063.1988 August 13, 2019 KB4512507 | Resolved KB4512474 | Resolved: August 17, 2019 02:00 PM PT Opened: August 14, 2019 03:34 PM PT |
| MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503279) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.” Affected platforms:
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue. Back to top | OS Build 15063.1868 June 11, 2019 KB4503279 | Resolved External | Last updated: August 09, 2019 07:03 PM PT Opened: August 09, 2019 04:25 PM PT |
| Details | Originating update | Status | History |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507467. Devices that are domain controllers or domain members are both affected. To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903. Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms - Affected platforms:
Resolution: This issue was resolved in KB4512507 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 15063.1955 July 16, 2019 KB4507467 | Resolved KB4512507 | Resolved: August 13, 2019 10:00 AM PT Opened: July 25, 2019 06:10 PM PT |
| Details | Originating update | Status | History |
| Difficulty connecting to some iSCSI-based SANs Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.” Affected platforms:
Resolution: This issue was resolved in KB4509476. Back to top | OS Build 15063.1839 May 28, 2019 KB4499162 | Resolved KB4509476 | Resolved: June 26, 2019 04:00 PM PT Opened: June 20, 2019 04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected. Affected platforms:
Resolution: This issue was resolved in KB4503289. Back to top | OS Build 15063.1868 June 11, 2019 KB4503279 | Resolved KB4503289 | Resolved: June 18, 2019 02:00 PM PT Opened: June 12, 2019 11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed. Affected platforms:
Resolution: This issue was resolved in KB4503279. Back to top | OS Build 15063.1839 May 28, 2019 KB4499162 | Resolved KB4503279 | Resolved: June 11, 2019 10:00 AM PT Opened: June 05, 2019 05:49 PM PT |
| Details | Originating update | Status | History |
| Devices with Hyper-V enabled may receive BitLocker error 0xC0210000 Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting. Affected platforms:
Resolution: This issue was resolved in KB4507450. Back to top | OS Build 15063.1805 May 14, 2019 KB4499181 | Resolved KB4507450 | Resolved: July 09, 2019 10:00 AM PT Opened: May 21, 2019 08:50 AM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505055) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505055 from Windows Update and then restarting your device. This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505055, search for it in the Microsoft Update Catalog. Back to top | OS Build 15063.1805 May 14, 2019 KB4499181 | Resolved KB4505055 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | OS Build 15063.1784 April 25, 2019 KB4493436 | Resolved KB4499181 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details >
May 28, 2019
KB4499147
KB4509477
04:00 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
June 11, 2019
KB4503284
KB4503281
02:00 PM PT
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details >
May 28, 2019
KB4499147
KB4503284
10:00 AM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
May 14, 2019
KB4498946
KB4505062
02:00 PM PT
When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider.
See details >
April 25, 2019
KB4493440
KB4499179
10:00 AM PT
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.
See details >
April 25, 2019
KB4493440
KB4499179
10:00 AM PT
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms:
- Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503284.
Back to top
May 28, 2019
KB4499147
KB4503284
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505062) to resolve this issue.
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505062, search for it in the Microsoft Update Catalog. Back to top | OS Build 16299.1143 May 14, 2019 KB4498946 | Resolved KB4505062 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | OS Build 16299.1127 April 25, 2019 KB4493440 | Resolved KB4499179 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440. Affected platforms:
Resolution: This issue was resolved in KB4499179. Back to top | OS Build 16299.1127 April 25, 2019 KB4493440 | Resolved KB4499179 | Resolved: May 14, 2019 10:00 AM PT Opened: April 25, 2019 02:00 PM PT |
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details >
May 21, 2019
KB4499183
KB4509478
04:00 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
June 11, 2019
KB4503286
KB4503288
02:00 PM PT
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details >
May 21, 2019
KB4499183
KB4503286
10:00 AM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
May 14, 2019
KB4499167
KB4505064
02:00 PM PT
When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider.
See details >
April 25, 2019
KB4493437
KB4499167
10:00 AM PT
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.
See details >
April 25, 2019
KB4493437
KB4499167
10:00 AM PT
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms:
- Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503286.
Back to top
May 21, 2019
KB4499183
KB4503286
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505064) to resolve this issue.
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505064, search for it in the Microsoft Update Catalog. Back to top | OS Build 17134.765 May 14, 2019 KB4499167 | Resolved KB4505064 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | OS Build 17134.753 April 25, 2019 KB4493437 | Resolved KB4499167 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437. Affected platforms:
Resolution: This issue was resolved in KB4499167. Back to top | OS Build 17134.753 April 25, 2019 KB4493437 | Resolved KB4499167 | Resolved: May 14, 2019 10:00 AM PT Opened: April 25, 2019 02:00 PM PT |
| Summary | Originating update | Status | Date resolved |
| Microsoft Defender Advanced Threat Protection might stop running The Microsoft Defender ATP service might stop running and might fail to send reporting data. See details > | OS Build 17763.832 October 15, 2019 KB4520062 | Resolved KB4523205 | November 12, 2019 10:00 AM PT |
| Windows Mixed Reality Portal users may intermittently receive a 15-5 error code You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep. See details > | OS Build 17763.678 August 13, 2019 KB4511553 | Resolved KB4520062 | October 15, 2019 10:00 AM PT |
| Startup to a black screen after installing updates Your device may startup to a black screen during the first logon after installing updates. See details > | OS Build 17763.557 June 11, 2019 KB4503327 | Resolved KB4520062 | October 15, 2019 10:00 AM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 17763.740 September 23, 2019 KB4522015 | Resolved KB4519338 | October 08, 2019 10:00 AM PT |
| Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007 Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error. See details > | OS Build 17763.379 March 12, 2019 KB4489899 | Resolved KB4501371 | June 18, 2019 02:00 PM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed. See details > | OS Build 17763.529 May 21, 2019 KB4497934 | Resolved KB4503327 | June 11, 2019 10:00 AM PT |
| Issue using PXE to start a device from WDS Using PXE to start a device from a WDS server configured to use Variable Window Extension may terminate the connection. See details > | OS Build 17763.379 March 12, 2019 KB4489899 | Resolved KB4503327 | June 11, 2019 10:00 AM PT |
| Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows. See details > | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved | May 21, 2019 07:42 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 17763.503 May 14, 2019 KB4494441 | Resolved KB4505056 | May 19, 2019 02:00 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider. See details > | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved KB4494441 | May 14, 2019 10:00 AM PT |
| Windows 10, version 1809 update history may show an update installed twice Some customers are reporting that KB4494441 installed twice on their device See details > | OS Build 17763.503 May 14, 2019 KB4494441 | Resolved | May 16, 2019 02:37 PM PT |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail. See details > | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved KB4494441 | May 14, 2019 10:00 AM PT |
| Latest cumulative update (KB 4495667) installs automatically Reports that the optional cumulative update (KB 4495667) installs automatically. See details > | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved | May 08, 2019 03:37 PM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 See details > | OS Build 17763.437 April 09, 2019 KB4493509 | Resolved | May 08, 2019 03:30 PM PT |
| Details | Originating update | Status | History |
| Microsoft Defender Advanced Threat Protection might stop running After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe. Note Microsoft Windows Defender Antivirus is not affected by this issue. Affected platforms:
Resolution: This issue was resolved in KB4523205. Back to top | OS Build 17763.832 October 15, 2019 KB4520062 | Resolved KB4523205 | Resolved: November 12, 2019 10:00 AM PT Opened: October 17, 2019 05:14 PM PT |
| Details | Originating update | Status | History |
| Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007 When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\" Affected platforms:
Resolution: This issue was resolved in KB4501371. Back to top | OS Build 17763.379 March 12, 2019 KB4489899 | Resolved KB4501371 | Resolved: June 18, 2019 02:00 PM PT Opened: May 02, 2019 04:47 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"out-of-band\" update for Windows 10 (KB4505056) to resolve this issue.
To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505056, search for it in the Microsoft Update Catalog. Back to top | OS Build 17763.503 May 14, 2019 KB4494441 | Resolved KB4505056 | Resolved: May 19, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved KB4494441 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Windows 10, version 1809 update history may show an update installed twice Affected platforms:
Cause: In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the View your Update history page will report that installation completed successfully twice. Resolution: No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the Update history correctly reflects the installation of the latest cumulative update (LCU). Back to top | OS Build 17763.503 May 14, 2019 KB4494441 | Resolved | Resolved: May 16, 2019 02:37 PM PT Opened: May 14, 2019 02:56 PM PT |
| Zone transfers over TCP may fail Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4495667. Affected platforms:
Resolution: This issue was resolved in KB4494441. Back to top | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved KB4494441 | Resolved: May 14, 2019 10:00 AM PT Opened: May 14, 2019 01:19 PM PT |
| Latest cumulative update (KB 4495667) installs automatically Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated. Affected platforms:
Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action. Back to top | OS Build 17763.475 May 03, 2019 KB4495667 | Resolved | Resolved: May 08, 2019 03:37 PM PT Opened: May 05, 2019 12:01 PM PT |
| Details | Originating update | Status | History |
| System may be unresponsive after restart if ArcaBit antivirus software installed ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server). Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart. Affected platforms:
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article. Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server). Back to top | OS Build 17763.437 April 09, 2019 KB4493509 | Resolved | Resolved: May 08, 2019 03:30 PM PT Opened: April 09, 2019 10:00 AM PT |
After installing KB4489899, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Affected platforms:
- Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4503327.
Back to top
March 12, 2019
KB4489899
KB4503327
June 11, 2019
10:00 AM PT
Opened:
March 12, 2019
10:00 AM PT
| Details | Originating update | Status | History |
| Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers. Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented. Affected platforms:
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article. Resolution: Microsoft has removed the safeguard hold. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved | Resolved: May 21, 2019 07:42 AM PT Opened: November 13, 2018 10:00 AM PT |
| Summary | Originating update | Status | Date resolved |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 22, 2019 04:10 PM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 15, 2019 05:59 PM PT |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive error code 0x80073701. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | November 12, 2019 08:11 AM PT |
| Intel Audio displays an intcdaud.sys notification Devices with a range of Intel Display Audio device drivers may experience battery drain. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 12, 2019 08:04 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | July 26, 2019 02:00 PM PT |
| Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4501375 | June 27, 2019 10:00 AM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers. See details > | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4517389 | October 08, 2019 10:00 AM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4517389 | October 08, 2019 10:00 AM PT |
| Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues. See details > | N/A | Resolved KB4522355 | October 24, 2019 10:00 AM PT |
| dGPU occasionally disappear from device manager on Surface Book 2 Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | October 18, 2019 04:33 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 18362.357 September 23, 2019 KB4522016 | Resolved KB4517389 | October 08, 2019 10:00 AM PT |
| Issues updating when certain versions of Intel storage drivers are installed Windows 10, version 1903 update may fail with certain versions of Intel Rapid Storage Technology (Intel RST) drivers. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error. See details > | OS Build 18362.295 August 13, 2019 KB4512508 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Initiating a Remote Desktop connection may result in black screen When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start on devices in which the operating system language was changed between updates. See details > | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start on devices in which the operating system language was changed between updates. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\" See details > | OS Build 18362.175 June 11, 2019 KB4503293 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices. See details > | OS Build 18362.175 June 11, 2019 KB4503293 | Resolved External | August 09, 2019 07:03 PM PT |
| Display brightness may not respond to adjustments Devices configured with certain Intel display drivers may experience a driver compatibility issue. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | July 26, 2019 02:00 PM PT |
| RASMAN service may stop working and result in the error “0xc0000005” The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved KB4505903 | July 26, 2019 02:00 PM PT |
| Loss of functionality in Dynabook Smartphone Link app Users who update to Windows 10, version 1903 may experience a loss of functionality with Dynabook Smartphone Link. See details > | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved | July 11, 2019 01:54 PM PT |
| Loss of functionality in Dynabook Smartphone Link app Users who update to Windows 10, version 1903 may experience a loss of functionality with Dynabook Smartphone Link. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | July 11, 2019 01:54 PM PT |
| Error attempting to update with external USB device or memory card attached PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\" See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | July 11, 2019 01:53 PM PT |
| Audio not working with Dolby Atmos headphones and home theater Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | July 11, 2019 01:53 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close. See details > | OS Build 18362.175 June 11, 2019 KB4503293 | Resolved KB4501375 | June 27, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4517389 | Resolved: October 08, 2019 10:00 AM PT Opened: October 25, 2019 04:21 PM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4517389 | Resolved: October 08, 2019 10:00 AM PT Opened: October 25, 2019 04:21 PM PT |
| Details | Originating update | Status | History |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history. Affected platforms:
Resolution: This issue has been resolved for most users. If you are still having issues, please see KB4528159. Back to top | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | Resolved: November 12, 2019 08:11 AM PT Opened: August 16, 2019 01:41 PM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error After installing KB4512508, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\" Affected platforms:
Resolution: This issue was resolved in KB4512941. The ‘optional’ update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to Check for updates to receive KB4512941 and install. For instructions, see Update Windows 10. Note Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS). Back to top | OS Build 18362.295 August 13, 2019 KB4512508 | Resolved KB4512941 | Resolved: August 30, 2019 10:00 AM PT Opened: August 14, 2019 03:34 PM PT |
| MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on your Apple MacOS device when trying to access network shares via CIFS or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (KB4503293) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.” Affected platforms:
Resolution: For guidance on this issue, see the Apple support article If your Mac can't use NTLM to connect to a Windows server. There is no update for Windows needed for this issue. Back to top | OS Build 18362.175 June 11, 2019 KB4503293 | Resolved External | Last updated: August 09, 2019 07:03 PM PT Opened: August 09, 2019 04:25 PM PT |
| Details | Originating update | Status | History |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM). To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed. Affected platforms:
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 22, 2019 04:10 PM PT Opened: May 21, 2019 07:13 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 15, 2019 05:59 PM PT Opened: May 21, 2019 07:29 AM PT |
| Intel Audio displays an intcdaud.sys notification Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8). To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed. Affected platforms:
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed. Note If you are still experiencing the issue described, please contact your device manufacturer (OEM). Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 12, 2019 08:04 AM PT Opened: May 21, 2019 07:22 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
Affected platforms:
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | Resolved: July 26, 2019 02:00 PM PT Opened: May 21, 2019 07:28 AM PT |
| Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating: \"Close other apps, error code: 0XA00F4243.” To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue was resolved in KB4501375 and the safeguard hold has been removed. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4501375 | Resolved: June 27, 2019 10:00 AM PT Opened: May 21, 2019 07:20 AM PT |
| Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. Affected platforms:
Resolution: This issue was resolved in KB4512941. Back to top | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4512941 | Resolved: August 30, 2019 10:00 AM PT Opened: May 24, 2019 04:20 PM PT |
| Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. Affected platforms:
Resolution: This issue was resolved in KB4512941. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4512941 | Resolved: August 30, 2019 10:00 AM PT Opened: May 24, 2019 04:20 PM PT |
| Display brightness may not respond to adjustments Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change. To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | Resolved: July 26, 2019 02:00 PM PT Opened: May 21, 2019 07:56 AM PT |
| Loss of functionality in Dynabook Smartphone Link app Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC. To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903. Back to top | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved | Resolved: July 11, 2019 01:54 PM PT Opened: May 24, 2019 03:10 PM PT |
| Loss of functionality in Dynabook Smartphone Link app Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC. To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | Resolved: July 11, 2019 01:54 PM PT Opened: May 24, 2019 03:10 PM PT |
| Error attempting to update with external USB device or memory card attached If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation. Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H). Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected. To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms:
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | Resolved: July 11, 2019 01:53 PM PT Opened: May 21, 2019 07:38 AM PT |
| Audio not working with Dolby Atmos headphones and home theater After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error. This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions. To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved. Affected platforms:
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved | Resolved: July 11, 2019 01:53 PM PT Opened: May 21, 2019 07:16 AM PT |
| Duplicate folders and documents showing in user profile directory If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ?This issue does not cause any user files to be deleted and a solution is in progress. To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903. (Posted June 11, 2019) Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4497935 | Resolved: May 29, 2019 02:00 PM PT Opened: May 21, 2019 07:16 AM PT |
| Summary | Originating update | Status | Date resolved |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. See details > | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | November 22, 2019 04:10 PM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers. See details > | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | November 15, 2019 05:59 PM PT |
+
+ "
+- title: May 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM). To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed. Affected platforms:
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | Last updated: November 22, 2019 04:10 PM PT Opened: May 21, 2019 07:13 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | Last updated: November 15, 2019 05:59 PM PT Opened: May 21, 2019 07:29 AM PT |
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details >
KB4503292
07:03 PM PT
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.
See details >
KB4499164
KB4503277
02:00 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
KB4503292
KB4503277
02:00 PM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
KB4499164
KB4505050
02:00 PM PT
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details >
KB4493472
01:23 PM PT
Devices with Sophos Endpoint Protection, managed by Sophos Central or Sophos Enterprise Console, may be unresponsive.
See details >
KB4493472
01:22 PM PT
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details >
KB4493472
01:21 PM PT
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
See details >
KB4489878
KB4499164
10:00 AM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device. To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website. Back to top | May 14, 2019 KB4499164 | Resolved KB4505050 | Resolved: May 18, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Details | Originating update | Status | History |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. Affected platforms:
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:
Back to top | April 09, 2019 KB4493472 | Resolved External | Last updated: August 13, 2019 06:59 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article. Back to top | April 09, 2019 KB4493472 | Resolved | Resolved: May 14, 2019 01:23 PM PT Opened: April 09, 2019 10:00 AM PT |
| System unresponsive after restart if Sophos Endpoint Protection installed Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article. Back to top | April 09, 2019 KB4493472 | Resolved | Resolved: May 14, 2019 01:22 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if Avira antivirus software installed Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article. Back to top | April 09, 2019 KB4493472 | Resolved | Resolved: May 14, 2019 01:21 PM PT Opened: April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Authentication may fail for services after the Kerberos ticket expires After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails. Affected platforms:
Resolution: This issue was resolved in KB4499164. Back to top | March 12, 2019 KB4489878 | Resolved KB4499164 | Resolved: May 14, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.
See details >
KB4499151
KB4503283
02:00 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
KB4503276
KB4503283
02:00 PM PT
There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.
See details >
KB4489881
KB4503276
10:00 AM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
KB4499151
KB4505050
02:00 PM PT
When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider.
See details >
KB4493443
KB4499151
10:00 AM PT
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
See details >
KB4493446
01:22 PM PT
Devices with Sophos Endpoint Protection, managed by Sophos Central or Sophos Enterprise Console, may be unresponsive.
See details >
KB4493446
01:22 PM PT
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details >
KB4493446
01:21 PM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device. To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website. Back to top | May 14, 2019 KB4499151 | Resolved KB4505050 | Resolved: May 18, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | April 25, 2019 KB4493443 | Resolved KB4499151 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. Affected platforms:
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:
Back to top | April 09, 2019 KB4493446 | Resolved External | Last updated: August 13, 2019 06:59 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if ArcaBit antivirus software installed Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article. Back to top | April 09, 2019 KB4493446 | Resolved | Resolved: May 14, 2019 01:22 PM PT Opened: April 09, 2019 10:00 AM PT |
| System unresponsive after restart if Sophos Endpoint Protection installed Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article. Back to top | April 09, 2019 KB4493446 | Resolved | Resolved: May 14, 2019 01:22 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if Avira antivirus software installed Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article. Back to top | April 09, 2019 KB4493446 | Resolved | Resolved: May 14, 2019 01:21 PM PT Opened: April 09, 2019 10:00 AM PT |
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
KB4512476
KB4517301
02:00 PM PT
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details >
KB4503273
07:03 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
KB4503273
KB4503271
02:00 PM PT
Devices with Sophos Endpoint Protection, managed by Sophos Central or Sophos Enterprise Console, may be unresponsive.
See details >
KB4493471
01:21 PM PT
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details >
KB4493471
01:19 PM PT
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
See details >
KB4489880
KB4499149
10:00 AM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms:
- Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503271. If you are using Security Only updates, see KB4508640 for resolving KB for your platform.
Back to top
KB4503273
KB4503271
June 20, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT
| Details | Originating update | Status | History |
| System unresponsive after restart if Sophos Endpoint Protection installed Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article. Back to top | April 09, 2019 KB4493471 | Resolved | Resolved: May 14, 2019 01:21 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if Avira antivirus software installed Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article. Back to top | April 09, 2019 KB4493471 | Resolved | Resolved: May 14, 2019 01:19 PM PT Opened: April 09, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Authentication may fail for services after the Kerberos ticket expires After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails. Affected platforms:
Resolution: This issue was resolved in KB4499149. Back to top | March 12, 2019 KB4489880 | Resolved KB4499149 | Resolved: May 14, 2019 10:00 AM PT Opened: March 12, 2019 10:00 AM PT |
Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.
See details >
KB4499171
KB4503295
02:00 PM PT
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details >
KB4503285
KB4503295
02:00 PM PT
There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.
See details >
KB4489891
KB4503285
10:00 AM PT
gov.uk websites that don’t support “HSTS” may not be accessible
See details >
KB4499171
KB4505050
02:00 PM PT
When using MS UI Gothic or MS PGothic in Excel, the text, layout, or cell size may become narrower or wider.
See details >
KB4493462
KB4499171
10:00 AM PT
Devices with Sophos Endpoint Protection, managed by Sophos Central or Sophos Enterprise Console, may be unresponsive.
See details >
KB4493451
01:21 PM PT
Devices with Avira antivirus software installed may become unresponsive upon restart.
See details >
KB4493451
01:19 PM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Resolved: We have released an \"optional\" update for Internet Explorer 11 (KB4505050) to resolve this issue. We recommend you apply this update by installing KB4505050 from Windows Update and then restarting your device. To download and install this update, see How to get an update through Windows Update. This update is also available through the Microsoft Update Catalog website. Back to top | May 14, 2019 KB4499171 | Resolved KB4505050 | Resolved: May 18, 2019 02:00 PM PT Opened: May 16, 2019 01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic. Affected platforms:
Resolution: This issue has been resolved. Back to top | April 25, 2019 KB4493462 | Resolved KB4499171 | Resolved: May 14, 2019 10:00 AM PT Opened: May 10, 2019 10:35 AM PT |
| Details | Originating update | Status | History |
| System unresponsive after restart if Sophos Endpoint Protection installed Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article. Back to top | April 09, 2019 KB4493451 | Resolved | Resolved: May 14, 2019 01:21 PM PT Opened: April 09, 2019 10:00 AM PT |
| System may be unresponsive after restart if Avira antivirus software installed Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451. Affected platforms:
Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article. Back to top | April 09, 2019 KB4493451 | Resolved | Resolved: May 14, 2019 01:19 PM PT Opened: April 09, 2019 10:00 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 10240.18368 October 08, 2019 KB4520011 | Mitigated External | November 05, 2019 03:36 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 10240.18334 September 23, 2019 KB4522009 | Resolved KB4520011 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 10240.18215 May 14, 2019 KB4499154 | Investigating KB4505051 | May 16, 2019 06:41 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 10240.18094 January 08, 2019 KB4480962 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4520011. Back to top | OS Build 10240.18334 September 23, 2019 KB4522009 | Resolved KB4520011 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | OS Build 10240.18215 May 14, 2019 KB4499154 | Investigating KB4505051 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 14393.3274 October 08, 2019 KB4519998 | Mitigated External | November 05, 2019 03:36 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 14393.3206 September 23, 2019 KB4522010 | Resolved KB4519998 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 14393.2969 May 14, 2019 KB4494440 | Investigating KB4505052 | May 16, 2019 06:41 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 14393.2724 January 08, 2019 KB4480961 | Mitigated | April 25, 2019 02:00 PM PT |
| Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM. See details > | OS Build 14393.2608 November 13, 2018 KB4467691 | Mitigated | February 19, 2019 10:00 AM PT |
| Cluster service may fail if the minimum password length is set to greater than 14 The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters. See details > | OS Build 14393.2639 November 27, 2018 KB4467684 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4519998. Back to top | OS Build 14393.3206 September 23, 2019 KB4522010 | Resolved KB4519998 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | OS Build 14393.2969 May 14, 2019 KB4494440 | Investigating KB4505052 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
Windows 10, version 1703 has reached end of service Consumer and commercial editions of Windows 10, version 1703 have reached end of service. Devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats. We recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates currently supported versions of Windows 10, see the Windows lifecycle fact sheet. Note This page will be retired on Tuesday, November 12, 2019.
- |
- " - -- title: Known issues -- items: - - type: markdown - text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
-
| Summary | Originating update | Status | Last updated |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 15063.2046 September 23, 2019 KB4522011 | Resolved KB4520010 | October 08, 2019 10:00 AM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 15063.1563 January 08, 2019 KB4480973 | Mitigated | April 25, 2019 02:00 PM PT |
-
- "
-- title: September 2019
-- items:
- - type: markdown
- text: "
- | Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4520010. Back to top | OS Build 15063.2046 September 23, 2019 KB4522011 | Resolved KB4520010 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Certain operations performed on a Cluster Shared Volume may fail Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Affected platforms:
Workaround: Do one of the following:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 15063.1563 January 08, 2019 KB4480973 | Mitigated | Last updated: April 25, 2019 02:00 PM PT Opened: January 08, 2019 10:00 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 16299.1387 September 10, 2019 KB4516066 | Mitigated | November 12, 2019 08:05 AM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 16299.1451 October 08, 2019 KB4520004 | Mitigated External | November 05, 2019 03:36 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 16299.1387 September 10, 2019 KB4516066 | Mitigated | October 29, 2019 05:15 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 16299.1392 September 23, 2019 KB4522012 | Resolved KB4520004 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 16299.1143 May 14, 2019 KB4498946 | Investigating KB4505062 | May 16, 2019 06:41 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 16299.904 January 08, 2019 KB4480978 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and estimate a solution will be available in late November. Back to top | OS Build 16299.1387 September 10, 2019 KB4516066 | Mitigated | Last updated: October 29, 2019 05:15 PM PT Opened: October 29, 2019 05:15 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 16299.1387 September 10, 2019 KB4516066 | Mitigated | Last updated: November 12, 2019 08:05 AM PT Opened: October 29, 2019 05:15 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4520004. Back to top | OS Build 16299.1392 September 23, 2019 KB4522012 | Resolved KB4520004 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | OS Build 16299.1143 May 14, 2019 KB4498946 | Investigating KB4505062 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
Current status as of August 7, 2019: Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the release information dashboard.
+ | Current status as of November 12, 2019: Windows 10, version 1803 (the April 2018 Update) Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health.
|
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17134.1006 September 10, 2019 KB4516058 | Mitigated | November 12, 2019 08:05 AM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 17134.1069 October 08, 2019 KB4520008 | Mitigated External | November 05, 2019 03:36 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17134.1006 September 10, 2019 KB4516058 | Mitigated | October 29, 2019 05:15 PM PT |
| Windows Mixed Reality Portal users may intermittently receive a 15-5 error code You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep. See details > | OS Build 17134.950 August 13, 2019 KB4512501 | Resolved KB4519978 | October 15, 2019 10:00 AM PT |
| Startup to a black screen after installing updates Your device may startup to a black screen during the first logon after installing updates. See details > | OS Build 17134.829 June 11, 2019 KB4503286 | Resolved KB4519978 | October 15, 2019 10:00 AM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 17134.1009 September 23, 2019 KB4522014 | Resolved KB4520008 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 17134.765 May 14, 2019 KB4499167 | Investigating KB4505064 | May 16, 2019 06:41 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 17134.523 January 08, 2019 KB4480966 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and estimate a solution will be available in late November. Back to top | OS Build 17134.1006 September 10, 2019 KB4516058 | Mitigated | Last updated: October 29, 2019 05:15 PM PT Opened: October 29, 2019 05:15 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17134.1006 September 10, 2019 KB4516058 | Mitigated | Last updated: November 12, 2019 08:05 AM PT Opened: October 29, 2019 05:15 PM PT |
| Details | Originating update | Status | History |
| Windows Mixed Reality Portal users may intermittently receive a 15-5 error code After installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action. Affected platforms:
Resolution: This issue was resolved in KB4519978. Back to top | OS Build 17134.950 August 13, 2019 KB4512501 | Resolved KB4519978 | Resolved: October 15, 2019 10:00 AM PT Opened: September 11, 2019 05:32 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4520008. Back to top | OS Build 17134.1009 September 23, 2019 KB4522014 | Resolved KB4520008 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Startup to a black screen after installing updates We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates. Affected platforms:
Resolution: This issue was resolved in KB4519978. Back to top | OS Build 17134.829 June 11, 2019 KB4503286 | Resolved KB4519978 | Resolved: October 15, 2019 10:00 AM PT Opened: June 14, 2019 04:41 PM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | OS Build 17134.765 May 14, 2019 KB4499167 | Investigating KB4505064 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
Current status: Windows 10, version 1809 is designated for broad deployment and available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
+ | Current status as of November 12, 2019: Windows 10, version 1809 is designated for broad deployment. The recommended servicing status is Semi-Annual Channel.
|
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| Microsoft Defender Advanced Threat Protection might stop running The Microsoft Defender ATP service might stop running and might fail to send reporting data. See details > | OS Build 17763.832 October 15, 2019 KB4520062 | Resolved KB4523205 | November 12, 2019 10:00 AM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17763.737 September 10, 2019 KB4512578 | Mitigated | November 12, 2019 08:05 AM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 17763.805 October 08, 2019 KB4519338 | Mitigated External | November 05, 2019 03:36 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17763.737 September 10, 2019 KB4512578 | Mitigated | October 29, 2019 05:15 PM PT |
| Microsoft Defender Advanced Threat Protection might stop running The Microsoft Defender ATP service might stop running and might fail to send reporting data. See details > | OS Build 17763.832 October 15, 2019 KB4520062 | Investigating | October 18, 2019 04:23 PM PT |
| Windows Mixed Reality Portal users may intermittently receive a 15-5 error code You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep. See details > | OS Build 17763.678 August 13, 2019 KB4511553 | Resolved KB4520062 | October 15, 2019 10:00 AM PT |
| Startup to a black screen after installing updates Your device may startup to a black screen during the first logon after installing updates. See details > | OS Build 17763.557 June 11, 2019 KB4503327 | Resolved KB4520062 | October 15, 2019 10:00 AM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 17763.740 September 23, 2019 KB4522015 | Resolved KB4519338 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | OS Build 17763.503 May 14, 2019 KB4494441 | Investigating KB4505056 | May 16, 2019 06:41 PM PT |
| Devices with some Asian language packs installed may receive an error Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\" See details > | OS Build 17763.437 April 09, 2019 KB4493509 | Mitigated | May 03, 2019 10:59 AM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 17763.253 January 08, 2019 KB4480116 | Mitigated | April 09, 2019 10:00 AM PT |
| Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows. See details > | OS Build 17763.134 November 13, 2018 KB4467708 | Mitigated | March 15, 2019 12:00 PM PT |
| Details | Originating update | Status | History |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and estimate a solution will be available in late November. Back to top | OS Build 17763.737 September 10, 2019 KB4512578 | Mitigated | Last updated: October 29, 2019 05:15 PM PT Opened: October 29, 2019 05:15 PM PT |
| Microsoft Defender Advanced Threat Protection might stop running After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe. Note Microsoft Windows Defender Antivirus is not affected by this issue. Affected platforms:
Next steps: At this time, we suggest that devices in an affected environment do not install the optional non-security update, KB4520062. We are working on a resolution and estimate a solution will be available in mid-November. Back to top | OS Build 17763.832 October 15, 2019 KB4520062 | Investigating | Last updated: October 18, 2019 04:23 PM PT Opened: October 17, 2019 05:14 PM PT |
| Details | Originating update | Status | History |
| Windows Mixed Reality Portal users may intermittently receive a 15-5 error code After installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action. Affected platforms:
Resolution: This issue was resolved in KB4520062. Back to top | OS Build 17763.678 August 13, 2019 KB4511553 | Resolved KB4520062 | Resolved: October 15, 2019 10:00 AM PT Opened: September 11, 2019 05:32 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4519338. Back to top | OS Build 17763.740 September 23, 2019 KB4522015 | Resolved KB4519338 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Startup to a black screen after installing updates We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates. Affected platforms:
Resolution: This issue was resolved in KB4520062. Back to top | OS Build 17763.557 June 11, 2019 KB4503327 | Resolved KB4520062 | Resolved: October 15, 2019 10:00 AM PT Opened: June 14, 2019 04:41 PM PT |
| Microsoft Defender Advanced Threat Protection might stop running After installing the optional non-security update (KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe. Note Microsoft Windows Defender Antivirus is not affected by this issue. Affected platforms:
Resolution: This issue was resolved in KB4523205. Back to top | OS Build 17763.832 October 15, 2019 KB4520062 | Resolved KB4523205 | Resolved: November 12, 2019 10:00 AM PT Opened: October 17, 2019 05:14 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17763.737 September 10, 2019 KB4512578 | Mitigated | Last updated: November 12, 2019 08:05 AM PT Opened: October 29, 2019 05:15 PM PT |
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | OS Build 17763.503 May 14, 2019 KB4494441 | Investigating KB4505056 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
| Devices with some Asian language packs installed may receive an error After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\" Affected platforms:
Workaround:
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 17763.437 April 09, 2019 KB4493509 | Mitigated | Last updated: May 03, 2019 10:59 AM PT Opened: May 02, 2019 04:36 PM PT |
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.
Affected platforms:
- Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
- Perform the operation from a process that has administrator privilege.
- Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top
January 08, 2019
KB4480116
April 09, 2019
10:00 AM PT
Opened:
January 08, 2019
10:00 AM PT
| Details | Originating update | Status | History |
| Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers. Affected platforms:
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article. Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Mitigated | Last updated: March 15, 2019 12:00 PM PT Opened: November 13, 2018 10:00 AM PT |
Current status as of September 26, 2019: Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update. As devices running the Home, Pro, and Pro for Workstation editions of Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019, we are broadly updating these devices, as well as those running earlier versions of Windows 10 that are past end of service, to keep these devices both supported and receiving monthly updates. If you are not offered the Windows 10, version 1903 feature update, please check below for known issues and safeguard holds that may affect your device. We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations. Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
+ | Current status as of November 12, 2019: Windows 10, version 1903 (the May 2019 Update) is designated ready for broad deployment for all users via Windows Update. We recommend commercial customers running earlier versions of Windows 10 begin broad deployments of Windows 10, version 1903 in their organizations. Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
|
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus. See details > | N/A | Mitigated External | November 25, 2019 05:25 PM PT |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 22, 2019 04:10 PM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 15, 2019 05:59 PM PT |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive error code 0x80073701. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | November 12, 2019 08:11 AM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 18362.356 September 10, 2019 KB4515384 | Mitigated | November 12, 2019 08:05 AM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 18362.418 October 08, 2019 KB4517389 | Mitigated External | November 05, 2019 03:36 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 18362.356 September 10, 2019 KB4515384 | Mitigated | October 29, 2019 05:15 PM PT |
| Intel Audio displays an intcdaud.sys notification Devices with a range of Intel Display Audio device drivers may experience battery drain. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | November 12, 2019 08:04 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | July 26, 2019 02:00 PM PT |
| Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4501375 | June 27, 2019 10:00 AM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers. See details > | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4517389 | October 08, 2019 10:00 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated | October 25, 2019 04:21 PM PT |
| Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues. See details > | N/A | Resolved KB4522355 | October 24, 2019 10:00 AM PT |
| dGPU occasionally disappear from device manager on Surface Book 2 Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | October 18, 2019 04:33 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | OS Build 18362.357 September 23, 2019 KB4522016 | Resolved KB4517389 | October 08, 2019 10:00 AM PT |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive error code 0x80073701. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Investigating | August 16, 2019 04:28 PM PT |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated External | August 01, 2019 08:44 PM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated KB4505903 | August 01, 2019 06:27 PM PT |
| Intel Audio displays an intcdaud.sys notification Devices with a range of Intel Display Audio device drivers may experience battery drain. See details > | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated | May 21, 2019 04:47 PM PT |
| Details | Originating update | Status | History |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected. To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated. Affected platforms:
Workaround: Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles: Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you. Back to top | N/A | Mitigated External | Last updated: November 25, 2019 05:25 PM PT Opened: November 22, 2019 04:10 PM PT |
| TLS connections might fail or timeout Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
Affected platforms:
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489. Back to top | OS Build 18362.418 October 08, 2019 KB4517389 | Mitigated External | Last updated: November 05, 2019 03:36 PM PT Opened: November 05, 2019 03:36 PM PT |
| Details | Originating update | Status | History |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and estimate a solution will be available in late November. Back to top | OS Build 18362.356 September 10, 2019 KB4515384 | Mitigated | Last updated: October 29, 2019 05:15 PM PT Opened: October 29, 2019 05:15 PM PT |
| Unable to discover or connect to Bluetooth devices using some Qualcomm adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 18362.116 May 20, 2019 KB4505057 | Resolved KB4517389 | Resolved: October 08, 2019 10:00 AM PT Opened: October 25, 2019 04:21 PM PT |
| Details | Originating update | Status | History |
| Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks. To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903. Affected platforms:
Resolution: This issue was resolved in KB4522355. The safeguard hold is estimated to be removed in mid-November. Back to top | N/A | Resolved KB4522355 | Resolved: October 24, 2019 10:00 AM PT Opened: September 13, 2019 05:25 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Affected platforms:
Resolution: This issue was resolved in KB4517389. Back to top | OS Build 18362.357 September 23, 2019 KB4522016 | Resolved KB4517389 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 18362.356 September 10, 2019 KB4515384 | Mitigated | Last updated: November 12, 2019 08:05 AM PT Opened: October 29, 2019 05:15 PM PT |
| Details | Originating update | Status | History |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history. Affected platforms:
Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 18362.145 May 29, 2019 KB4497935 | Investigating | Last updated: August 16, 2019 04:28 PM PT Opened: August 16, 2019 01:41 PM PT |
| Details | Originating update | Status | History |
| dGPU occasionally disappear from device manager on Surface Book 2 Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open. To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms:
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history page for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue. The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903. Back to top | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | Resolved: October 18, 2019 04:33 PM PT Opened: July 12, 2019 04:20 PM PT |
| Updates may fail to install and you may receive Error 0x80073701 Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the Windows Update dialog or within Update history. Affected platforms:
Resolution: This issue has been resolved for most users. If you are still having issues, please see KB4528159. Back to top | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved | Resolved: November 12, 2019 08:11 AM PT Opened: August 16, 2019 01:41 PM PT |
| Details | Originating update | Status | History |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM). To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed. Affected platforms:
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 22, 2019 04:10 PM PT Opened: May 21, 2019 07:13 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 15, 2019 05:59 PM PT Opened: May 21, 2019 07:29 AM PT |
| Intel Audio displays an intcdaud.sys notification Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8). To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed. Affected platforms:
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed. Note If you are still experiencing the issue described, please contact your device manufacturer (OEM). Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved External | Last updated: November 12, 2019 08:04 AM PT Opened: May 21, 2019 07:22 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
Affected platforms:
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4505903 | Resolved: July 26, 2019 02:00 PM PT Opened: May 21, 2019 07:28 AM PT |
| Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating: \"Close other apps, error code: 0XA00F4243.” To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved. Affected platforms:
Resolution: This issue was resolved in KB4501375 and the safeguard hold has been removed. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Resolved KB4501375 | Resolved: June 27, 2019 10:00 AM PT Opened: May 21, 2019 07:20 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You will need to install a Realtek driver version greater than 1.5.1011.0. Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. Next steps: Microsoft is working with Realtek to release new drivers for all affected system via Windows Update. October 25, 2019 note This issue was previously grouped with the Qualcomm radio issue, which is now resolved. There is no change to this issue except to remove reference to Qualcomm. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated | Last updated: October 25, 2019 04:21 PM PT Opened: May 21, 2019 07:29 AM PT |
| Intermittent loss of Wi-Fi connectivity Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM). To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed. Affected platforms:
Workaround: Before updating to Windows 10, version 1903, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM). Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated External | Last updated: August 01, 2019 08:44 PM PT Opened: May 21, 2019 07:13 AM PT |
| Gamma ramps, color profiles, and night light settings do not apply in some cases Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working. Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
Affected platforms:
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue. Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated KB4505903 | Last updated: August 01, 2019 06:27 PM PT Opened: May 21, 2019 07:28 AM PT |
| Intel Audio displays an intcdaud.sys notification Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8). To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed. Affected platforms:
Workaround: On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration. For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877. Note We recommend you do not attempt to update your devices until newer device drivers are installed. Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures. Back to top | OS Build 18362.116 May 21, 2019 KB4505057 | Mitigated | Last updated: May 21, 2019 04:47 PM PT Opened: May 21, 2019 07:22 AM PT |
Current status as of November 12, 2019: Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel. For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post. Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.
+ |
+ " + +- title: Known issues +- items: + - type: markdown + text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
+
| Summary | Originating update | Status | Last updated |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus. See details > | N/A | Mitigated External | November 25, 2019 05:25 PM PT |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. See details > | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | November 22, 2019 04:10 PM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers. See details > | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | November 15, 2019 05:59 PM PT |
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 18363.476 November 12, 2019 KB4524570 | Mitigated | November 12, 2019 08:05 AM PT |
+
+ "
+- title: November 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected. To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until the application is updated. Affected platforms:
Workaround: Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles: Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you. Back to top | N/A | Mitigated External | Last updated: November 25, 2019 05:25 PM PT Opened: November 22, 2019 04:10 PM PT |
| Details | Originating update | Status | History |
| Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Note This issue does not affect using a Microsoft Account during OOBE. Affected platforms:
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923. Next steps: We are working on a resolution and will provide an update in an upcoming release. Back to top | OS Build 18363.476 November 12, 2019 KB4524570 | Mitigated | Last updated: November 12, 2019 08:05 AM PT Opened: October 29, 2019 05:15 PM PT |
| Details | Originating update | Status | History |
| Intermittent loss of Wi-Fi connectivity Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM). To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed. Affected platforms:
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | Last updated: November 22, 2019 04:10 PM PT Opened: May 21, 2019 07:13 AM PT |
| Unable to discover or connect to Bluetooth devices using some Realtek adapters Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated. Affected platforms:
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903. Back to top | OS Build 18363.476 November 12, 2019 KB4524570 | Resolved External | Last updated: November 15, 2019 05:59 PM PT Opened: May 21, 2019 07:29 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Mitigated | November 15, 2019 05:59 PM PT | |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4519976 | Mitigated External | November 05, 2019 03:36 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516048 | Resolved KB4519976 | October 08, 2019 10:00 AM PT |
| IA64 and x64 devices may fail to start after installing updates After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start. See details > | August 13, 2019 KB4512506 | Mitigated | August 17, 2019 12:59 PM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | May 14, 2019 KB4499164 | Investigating KB4505050 | May 16, 2019 06:41 PM PT |
| Details | Originating update | Status | History |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager. Affected platforms:
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here. Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT). Back to top | Mitigated | Last updated: November 15, 2019 05:59 PM PT Opened: November 15, 2019 05:59 PM PT | |
| TLS connections might fail or timeout Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
Affected platforms:
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489. Back to top | October 08, 2019 KB4519976 | Mitigated External | Last updated: November 05, 2019 03:36 PM PT Opened: November 05, 2019 03:36 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4519976. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516048 | Resolved KB4519976 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"
Affected platforms:
- Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.
Back to top
KB4512506
August 17, 2019
12:59 PM PT
Opened:
August 13, 2019
08:34 AM PT
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | May 14, 2019 KB4499164 | Investigating KB4505050 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520005 | Mitigated External | November 05, 2019 03:36 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516041 | Resolved KB4520005 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | May 14, 2019 KB4499151 | Investigating KB4505050 | May 16, 2019 06:41 PM PT |
| Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option. See details > | April 25, 2019 KB4493443 | Mitigated | May 15, 2019 05:53 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | January 08, 2019 KB4480963 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520005. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516041 | Resolved KB4520005 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | May 14, 2019 KB4499151 | Investigating KB4505050 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
| Japanese IME doesn't show the new Japanese Era name as a text input option If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option. Affected platforms:
Workaround: If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
Back to top | April 25, 2019 KB4493443 | Mitigated | Last updated: May 15, 2019 05:53 PM PT Opened: May 15, 2019 05:53 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Mitigated | November 15, 2019 05:59 PM PT | |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520002 | Mitigated External | November 05, 2019 03:36 PM PT |
| Issues manually installing updates by double-clicking the .msu file You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error. See details > | September 10, 2019 KB4474419 | Resolved KB4474419 | September 23, 2019 10:00 AM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516030 | Resolved KB4520002 | October 08, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager. Affected platforms:
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here. Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT). Back to top | Mitigated | Last updated: November 15, 2019 05:59 PM PT Opened: November 15, 2019 05:59 PM PT | |
| TLS connections might fail or timeout Updates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events:
Affected platforms:
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489. Back to top | October 08, 2019 KB4520002 | Mitigated External | Last updated: November 05, 2019 03:36 PM PT Opened: November 05, 2019 03:36 PM PT |
| Details | Originating update | Status | History |
| Issues manually installing updates by double-clicking the .msu file After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\" Affected platforms:
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above. Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall. Back to top | September 10, 2019 KB4474419 | Resolved KB4474419 | Resolved: September 23, 2019 10:00 AM PT Opened: September 20, 2019 04:57 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516030 | Resolved KB4520002 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520007 | Mitigated External | November 05, 2019 03:36 PM PT |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516069 | Resolved KB4520007 | October 08, 2019 10:00 AM PT |
| Unable to access some gov.uk websites gov.uk websites that don’t support “HSTS” may not be accessible See details > | May 14, 2019 KB4499171 | Investigating KB4505050 | May 16, 2019 06:41 PM PT |
| Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option. See details > | April 25, 2019 KB4493462 | Mitigated | May 15, 2019 05:53 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | January 08, 2019 KB4480975 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520007. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516069 | Resolved KB4520007 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge. Affected platforms:
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible. Back to top | May 14, 2019 KB4499171 | Investigating KB4505050 | Last updated: May 16, 2019 06:41 PM PT Opened: May 16, 2019 01:57 PM PT |
| Japanese IME doesn't show the new Japanese Era name as a text input option If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option. Affected platforms:
Workaround: If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
Back to top | April 25, 2019 KB4493462 | Mitigated | Last updated: May 15, 2019 05:53 PM PT Opened: May 15, 2019 05:53 PM PT |
| Message | Date | |||||||||||||||||||||||||||
| Windows 10, version 1909 now available Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update. | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| Windows 10, version 1909 delivery options Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime. | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| What’s new for IT pros in Windows 10, version 1909 Explore the latest features for IT, get information about media availability and related tools, and find answers to frequently asked questions. | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| Take action: November 2019 security update available for all supported versions of Windows The November 2019 security update release, referred to as our “B” release, is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate. | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| Timing of Windows 10 optional update releases (November/December 2019) For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. Note There will be a December Security Update Tuesday release, as usual. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| Windows 10, version 1803 Home and Pro editions have reached end of service Windows 10, version 1803 (the April 2018 Update) Home and Pro editions have reached end of service. For Windows 10 devices that are at, or within several months of reaching end of service, Windows Update will automatically initiate a feature update (with users having the ability to choose a convenient time); keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet. | November 12, 2019 10:00 AM PT | |||||||||||||||||||||||||||
| October 2019 Windows 10, version 1903 \"D\" optional release is available. The October 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release. | October 24, 2019 08:00 AM PT | |||||||||||||||||||||||||||
| October 2019 Windows \"C\" optional release is available. The October 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release. | October 15, 2019 09:59 AM PT | |||||||||||||||||||||||||||
| Windows 10, version 1703 has reached end of service Consumer and commercial editions of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates currently supported versions of Windows 10, see the Windows lifecycle fact sheet. | October 09, 2019 12:00 PM PT | |||||||||||||||||||||||||||
| Windows 10, version 1703 has reached end of service Consumer and commercial editions of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet. Note The Windows 10, version 1703 section will be removed from this dashboard on November 12, 2019. | October 09, 2019 12:00 PM PT | |||||||||||||||||||||||||||
| Take Action: October 2019 security update available for all supported versions of Windows The October 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate. | October 08, 2019 08:00 AM PT | |||||||||||||||||||||||||||
| Take action: Security update available for all supported versions of Windows On October 3, 2019, Microsoft expanded delivery of the out-of-band Internet Explorer scripting engine security vulnerability (CVE-2019-1367) update released on September 23, 2019 to Windows Update and Windows Server Update Services (WSUS). This is now a required security update for all supported versions of Windows as it includes the Internet Explorer scripting engine vulnerability mitigation and corrects a recent printing issue some users have experienced. All customers using Windows Update or WSUS will be offered this update automatically. We recommend that you install this update as soon as a possible, then restart your PC to fully apply the mitigations and help secure your devices. As with all cumulative updates, this update supersedes any preceding update. Note: This update does not replace the standard October 2019 monthly security update release, which is scheduled for October 8, 2019. | October 03, 2019 08:00 AM PT | |||||||||||||||||||||||||||
| September 2019 Windows 10, version 1903 \"D\" optional release is available The September 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release. | September 26, 2019 02:00 PM PT | |||||||||||||||||||||||||||
| * (asterisk) | Replaces any number of characters. Only applies to files in the last folder defined in the argument. |
- Replaces a single folder. Use multiple * with folder slashes \ to indicate multiple, nested folders. After matching the number of wilcarded and named folders, all subfolders will also be included. |
+ Replaces a single folder. Use multiple * with folder slashes \ to indicate multiple, nested folders. After matching the number of wild carded and named folders, all subfolders will also be included. |
|
Replaces a single character in a folder name. - After matching the number of wilcarded and named folders, all subfolders will also be included. + After matching the number of wild carded and named folders, all subfolders will also be included. |
`*.wdcpalt.microsoft.com` `*.wd.microsoft.com`| +| Microsoft Update Service (MU)| Security intelligence and product updates |`*.update.microsoft.com`| +|Security intelligence updates Alternate Download Location (ADL)| Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)| `*.download.microsoft.com`| +| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission | `ussus1eastprod.blob.core.windows.net` `ussus1westprod.blob.core.windows.net` `usseu1northprod.blob.core.windows.net` `usseu1westprod.blob.core.windows.net` `ussuk1southprod.blob.core.windows.net` `ussuk1westprod.blob.core.windows.net` `ussas1eastprod.blob.core.windows.net` `ussas1southeastprod.blob.core.windows.net` `ussau1eastprod.blob.core.windows.net` `ussau1southeastprod.blob.core.windows.net` | +| Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL | `https://www.microsoft.com/pkiops/crl/` `https://www.microsoft.com/pkiops/certs` `https://crl.microsoft.com/pki/crl/products` `https://www.microsoft.com/pki/certs` | +| Symbol Store|Used by Windows Defender Antivirus to restore certain critical files during remediation flows | `https://msdl.microsoft.com/download/symbols` | +| Universal Telemetry Client| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes | This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints: `vortex-win.data.microsoft.com` `settings-win.data.microsoft.com`| ## Validate connections between your network and the cloud @@ -66,7 +67,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t **Use the cmdline tool to validate cloud-delivered protection:** -Use the following argument with the Windows Defender Antivirus command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender Antivirus cloud service: +Use the following argument with the Windows Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Windows Defender Antivirus cloud service: ```DOS "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection @@ -75,7 +76,7 @@ Use the following argument with the Windows Defender Antivirus command line util > [!NOTE] > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703 or higher. -See [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the *mpcmdrun.exe* utility. +For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-windows-defender-antivirus.md). **Attempt to download a fake malware file from Microsoft:** @@ -112,16 +113,19 @@ You will also see a detection under **Quarantined threats** in the **Scan histor  >[!NOTE] ->Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md) for more information about the differences between versions, and instructions on how to perform common tasks in the different interfaces. +>Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md). The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-windows-defender-antivirus.md). >[!IMPORTANT] >You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity. -## Related topics +## Related articles - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) + - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) + - [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-windows-defender-antivirus.md) and [Command line arguments](command-line-arguments-windows-defender-antivirus.md) -- [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) + +- [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md index 61c02f6a88..6bd6aeb7b2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 09/03/2018 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md index d2191e0488..36714d75c3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md @@ -9,8 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen ms.date: 12/10/2018 ms.reviewer: manager: dansimp @@ -52,15 +53,15 @@ You can [configure how locally and globally defined exclusions lists are merged] -**Use Microsoft Intune to exclude files that have been opened by specified processes from scans:** +### Use Microsoft Intune to exclude files that have been opened by specified processes from scans See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details. -**Use System Center Configuration Manager to exclude files that have been opened by specified processes from scans:** +### Use System Center Configuration Manager to exclude files that have been opened by specified processes from scans See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring System Center Configuration Manager (current branch). -**Use Group Policy to exclude files that have been opened by specified processes from scans:** +### Use Group Policy to exclude files that have been opened by specified processes from scans 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. @@ -80,7 +81,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https:// -**Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans:** +### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender). @@ -109,7 +110,7 @@ Add-MpPreference -ExclusionProcess "c:\internal\test.exe" See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Windows Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. -**Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans:** +### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: @@ -125,7 +126,7 @@ See the following for more information and allowed parameters: -**Use the Windows Security app to exclude files that have been opened by specified processes from scans:** +### Use the Windows Security app to exclude files that have been opened by specified processes from scans See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions. @@ -156,7 +157,7 @@ If you use PowerShell, you can retrieve the list in two ways: - Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. -**Validate the exclusion list by using MpCmdRun:** +### Validate the exclusion list by using MpCmdRun To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: @@ -168,7 +169,7 @@ MpCmdRun.exe -CheckExclusion -path
| ||||||||||||||||||||||