From d10c63485879251010c97ce7b81526bd85e2e294 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 17 Jan 2018 11:13:12 -0800 Subject: [PATCH 1/3] removed the embed tags based on recent VCMS changes --- bcs/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bcs/index.md b/bcs/index.md index 7ff0ce3d73..37096ad62b 100644 --- a/bcs/index.md +++ b/bcs/index.md @@ -733,7 +733,7 @@ ms.date: 11/01/2017
  • - +
    @@ -752,7 +752,7 @@ ms.date: 11/01/2017
  • - +
    @@ -771,7 +771,7 @@ ms.date: 11/01/2017
  • - +
    @@ -1704,7 +1704,7 @@ ms.date: 11/01/2017
  • - +
    @@ -1723,7 +1723,7 @@ ms.date: 11/01/2017
  • - +
    @@ -1742,7 +1742,7 @@ ms.date: 11/01/2017
  • - +
    From 1d33c060284d913409d845ff90924c7bc3d542d9 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 17 Jan 2018 20:40:12 +0000 Subject: [PATCH 2/3] Merged PR 5327: New topic for Jan KB release --- devices/surface-hub/TOC.md | 1 + .../surface-hub/change-history-surface-hub.md | 3 +- ...anage-settings-with-mdm-for-surface-hub.md | 7 +- devices/surface-hub/manage-surface-hub.md | 3 +- devices/surface-hub/surface-hub-start-menu.md | 179 ++++++++++++++++++ .../policy-configuration-service-provider.md | 1 + 6 files changed, 191 insertions(+), 3 deletions(-) create mode 100644 devices/surface-hub/surface-hub-start-menu.md diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 69c603b84d..beb434c374 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -31,6 +31,7 @@ #### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) #### [Wireless network management](wireless-network-management-for-surface-hub.md) ### [Install apps on your Surface Hub](install-apps-on-surface-hub.md) +### [Configure Surface Hub Start menu](surface-hub-start-menu.md) ### [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) ### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md) ### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 60946feede..595a61e131 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 01/10/2018 +ms.date: 01/17/2018 ms.localizationpriority: medium --- @@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac New or changed topic | Description --- | --- +[Configure Surface Hub Start menu](surface-hub-start-menu.md) | New [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Added prerequisites for running the scripts ## November 2017 diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index de55967ca5..23eb0e418f 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub, mobility author: jdeckerms ms.author: jdecker -ms.date: 11/29/2017 +ms.date: 01/17/2018 ms.localizationpriority: medium --- @@ -185,7 +185,12 @@ The following tables include info on Windows 10 settings that have been validate | Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes
    [Use a custom policy.](#example-intune) | Yes.
    [Use a custom setting.](#example-sccm) | Yes | \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. +#### Configure Start menu +| Setting | Details | CSP reference | Supported with
    Intune? | Supported with
    Configuration Manager? | Supported with
    SyncML*? | +| --- | ---- | --- |---- | --- | --- | +| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes
    [Use a custom policy.](#example-intune) | Yes.
    [Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. ### Generate OMA URIs for settings You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager. diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index b0a1d8662e..612bdeb704 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 11/15/2017 +ms.date: 01/17/2018 ms.localizationpriority: medium --- @@ -32,6 +32,7 @@ Learn about managing and updating Surface Hub. | [Remote Surface Hub management](remote-surface-hub-management.md) |Topics related to managing your Surface Hub remotely. Include install apps, managing settings with MDM and monitoring with Operations Management Suite. | | [Manage Surface Hub settings](manage-surface-hub-settings.md) |Topics related to managing Surface Hub settings: accessibility, device account, device reset, fully qualified domain name, Windows Update settings, and wireless network | | [Install apps on your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/install-apps-on-surface-hub) | Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.| +[Configure Surface Hub Start menu](surface-hub-start-menu.md) | Use MDM to customize the Start menu for Surface Hub. | [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. | | [End a meeting with End session](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting.| | [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) | You can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS. | diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md new file mode 100644 index 0000000000..0f3defa248 --- /dev/null +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -0,0 +1,179 @@ +--- +title: Configure Surface Hub Start menu +description: Use MDM to customize the Start menu on Surface Hub. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +ms.author: jdecker +ms.date: 01/17/2018 +ms.localizationpriority: medium +--- + +# Configure Surface Hub Start menu + +The [January 17, 2018 update to Windows 10](https://support.microsoft.com/help/4057144) (build 15063.877) enables customized Start menus on Surface Hub devices. You apply the customized Start menu layout using mobile device management (MDM). + +When you apply a customized Start menu layout to Surface Hub, users cannot pin, unpin, or uninstall apps from Start. + +## How to apply a customized Start menu to Surface Hub + +The customized Start menu is defined in a Start layout XML file. You have two options for creating your Start layout XML file: + +- Edit the [default Surface Hub Start XML](#default) + + -or- + +- Configure the desired Start menu on a desktop (pinning only apps that are available on Surface Hub), and then [export the layout](https://docs.microsoft.com/windows/configuration/customize-and-export-start-layout#export-the-start-layout). + +>[!TIP] +>To add a tile with a web link to your desktop start menu, go the the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML. + +To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences) + +When you have your Start menu defined in a Start layout XML, [create an MDM policy to apply the layout.](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management#a-href-idbkmk-domaingpodeploymentacreate-a-policy-for-your-customized-start-layout) + + +## Differences between Surface Hub and desktop Start menu + +There are a few key differences between Start menu customization for Surface Hub and a Windows 10 desktop: + +- You cannot use **DesktopApplicationTile** (https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop#startdesktopapplicationtile) in your Start layout XML because Windows desktop applications (Win32) are not supported on Surface Hub. +- You cannot use the Start layout XML to configure the taskbar or the Welcome screen for Surface Hub. +- Surface Hub supports a maximum of 6 columns (6 1x1 tiles), however, you **must** define `GroupCellWidth=8` even though Surface Hub will only display tiles in columns 0-5, not columns 6 and 7. +- Surface Hub supports a maximum 6 rows (6 1x1 tiles) +- `SecondaryTile`, which is used for links, will open the link in Microsoft Edge. + + + +## Example: Default Surface Hub Start layout + +```xml + + + + + + + + + + + + + + + + + + + + +``` + + +## Example: Start layout that includes a Microsoft Edge link + +This example shows a link to a website and a link to a .pdf file. + +```xml + + + + + + + + + + + + + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 8a191d28c1..4a50c52186 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3797,6 +3797,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Privacy/PublishUserActivities](#privacy-publishuseractivities) - [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature) - [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot) +- [Start/StartLayout](#start-startlayout) - [System/AllowFontProviders](#system-allowfontproviders) - [System/AllowLocation](#system-allowlocation) - [System/AllowTelemetry](#system-allowtelemetry) From 7a7704285c2b6d85b96dc10097bceb1aabefa608 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 17 Jan 2018 21:43:03 +0000 Subject: [PATCH 3/3] Merged PR 5329: Add support for Hololens to PassportForWork CSP --- ...onfiguration-service-provider-reference.md | 41 ++++++++++--------- .../mdm/passportforwork-csp.md | 15 +++++++ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index ddad72d945..a72cf5ff8f 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2441,27 +2441,28 @@ You can download the DDF files for various CSPs from the links below: The following list shows the configuration service providers supported in Windows Holographic editions. -| Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | -|-------------------------------------------------------------------------------------------------------|-------------------------------------|-------------------------------------------| -| [Application CSP](application-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [DevDetail CSP](devdetail-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [DeveloperSetup CSP](developersetup-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)2 (Provisioning only)| -| [DeviceStatus CSP](devicestatus-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [DevInfo CSP](devinfo-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [DiagnosticLog CSP](diagnosticlog-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [DMAcc CSP](dmacc-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [DMClient CSP](dmclient-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | +|--------|--------|------------| +| [Application CSP](application-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)| +| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [DevDetail CSP](devdetail-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| [DeveloperSetup CSP](developersetup-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)2 (Provisioning only)| +| [DeviceStatus CSP](devicestatus-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [DevInfo CSP](devinfo-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| [DiagnosticLog CSP](diagnosticlog-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [DMAcc CSP](dmacc-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| [DMClient CSP](dmclient-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [NodeCache CSP](nodecache-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | -| [Policy CSP](policy-configuration-service-provider.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [Update CSP](update-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [VPN2 CSP](vpnv2-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [WiFi CSP](wifi-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | -| [WindowsLicensing CSP](windowslicensing-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +| [NodeCache CSP](nodecache-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | +[PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [Policy CSP](policy-configuration-service-provider.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [Update CSP](update-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [VPN2 CSP](vpnv2-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [WiFi CSP](wifi-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [WindowsLicensing CSP](windowslicensing-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | Footnotes: - 2 - Added in Windows 10, version 1703 diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 1e72d18b9d..ab3145df41 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -54,6 +54,7 @@ The following diagram shows the PassportForWork configuration service provider i     ***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT)

    Added in Windows 10, version 1703. Root node for excluded security devices. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* ***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)

    Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). @@ -178,27 +179,37 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl ***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)

    Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* ***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT)

    Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511.

    Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled. + +

    Supported operations are Add, Get, Delete, and Replace. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* + **UseBiometrics**

    This node is deprecated. Use **Biometrics/UseBiometrics** node instead. **Biometrics** (only for ./Device/Vendor/MSFT)

    Node for defining biometric settings. This node was added in Windows 10, version 1511. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* **Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)

    Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.

    Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. + +

    Supported operations are Add, Get, Delete, and Replace. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* + **Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)

    Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511. @@ -208,8 +219,12 @@ This cloud service encrypts a recovery secret, which is stored locally on the cl

    Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. + +

    Supported operations are Add, Get, Delete, and Replace. +

    *Not supported on Windows Holographic and Windows Holographic for Business.* + ## Examples

    Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.