From a18d660dad9529b8a140bde619cc7147b44312d4 Mon Sep 17 00:00:00 2001 From: mapalko <20977663+mapalko@users.noreply.github.com> Date: Fri, 21 Mar 2025 15:47:00 -0700 Subject: [PATCH 01/17] Update deprecated-features-resources.md Added a note about NTLMv1 removal including limitations around removal related to other capabilities using the same primitives (i.e. MSCHAPv2). --- windows/whats-new/deprecated-features-resources.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 87ff332844..a276519e51 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -36,6 +36,8 @@ In many cases, applications should be able to replace NTLM with Negotiate using Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). +NTLM v1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. Some situations still use NTLMv1 primitives for legacy reasons. MSCHAPv2 uses the same response function as NTLMv1 and is vulnerable to the same attacks against the weak crypto. MSCHAPv2 is only disabled by enabling Credential Guard. + ## WordPad WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: From 03c3ae8305055eb5d1ae68e6d217651bcad11612 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:34:29 -0600 Subject: [PATCH 02/17] Update policy-csp-accounts.md --- windows/client-management/mdm/policy-csp-accounts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index c7a8579e25..119876597c 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -143,6 +143,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant +If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail. From aa0b71dd9aa7f5b389984ccef61e7f2e8cf6d66d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:44:16 -0600 Subject: [PATCH 03/17] Update policy-csp-accounts.md --- windows/client-management/mdm/policy-csp-accounts.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 119876597c..517a88f6b3 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -143,7 +143,8 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant -If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail. +> [!CAUTION] +> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail. From cca5e98f8a1430fffc4d0612ab1f66bb93a4e1b2 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 24 Mar 2025 12:10:01 -0600 Subject: [PATCH 04/17] Update policy-csp-accounts.md --- windows/client-management/mdm/policy-csp-accounts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 517a88f6b3..2c00a22b4a 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -144,7 +144,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant > [!CAUTION] -> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a MAK key will fail. +> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a Multiple Activation Key (MAK) will fail. From 6a4025841d5b2e65519e9aa6bab675d58c96fb56 Mon Sep 17 00:00:00 2001 From: Markus Sarcletti <56821677+msarcletti@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:59:31 +0100 Subject: [PATCH 05/17] Learn Editor: Update rules.md --- .../network-security/windows-firewall/rules.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 64b6580098..3e4efcc4cd 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -11,7 +11,7 @@ In many cases, a first step for administrators is to customize the firewall prof This article describes the concepts and recommendations for creating and managing firewall rules. -## Rule precedence for inbound rules +## Rule precedence for inbound and outbound rules In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions: @@ -19,7 +19,9 @@ In many cases, allowing specific types of inbound traffic is required for applic 1. Explicit block rules take precedence over any conflicting allow rules 1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence -Because of 1 and 2, when designing a set of policies you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow. +Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow. + +Outbound rules follow the same precedence behaviors. > [!NOTE] > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described. From 275db1c3fe20e1a895c5f45f497f5ffd005ee3c7 Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Wed, 26 Mar 2025 12:02:30 -0700 Subject: [PATCH 06/17] Add check to run only if triggered from MicrosoftDocs repo --- .github/workflows/AutoLabelAssign.yml | 10 +++------- .github/workflows/BackgroundTasks.yml | 3 ++- .github/workflows/BuildValidation.yml | 4 +--- .github/workflows/LiveMergeCheck.yml | 6 ++---- .github/workflows/PrFileCount.yml | 6 ++---- .github/workflows/ProtectedFiles.yml | 6 ++---- .github/workflows/Stale.yml | 3 ++- .github/workflows/StaleBranch.yml | 3 ++- .github/workflows/TierManagement.yml | 6 +++--- 9 files changed, 19 insertions(+), 28 deletions(-) diff --git a/.github/workflows/AutoLabelAssign.yml b/.github/workflows/AutoLabelAssign.yml index 8247aa8e9c..65e87b3d4b 100644 --- a/.github/workflows/AutoLabelAssign.yml +++ b/.github/workflows/AutoLabelAssign.yml @@ -14,6 +14,7 @@ on: jobs: download-payload: name: Download and extract payload artifact + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod with: WorkflowId: ${{ github.event.workflow_run.id }} @@ -23,6 +24,7 @@ jobs: label-assign: name: Run assign and label + if: github.repository_owner == 'MicrosoftDocs' needs: [download-payload] uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod with: @@ -32,10 +34,4 @@ jobs: ExcludedUserList: '["user1", "user2"]' ExcludedBranchList: '["branch1", "branch2"]' secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - - - - + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/BackgroundTasks.yml b/.github/workflows/BackgroundTasks.yml index c0389bb252..8dc3ceae0a 100644 --- a/.github/workflows/BackgroundTasks.yml +++ b/.github/workflows/BackgroundTasks.yml @@ -9,6 +9,7 @@ on: jobs: upload: + if: github.repository_owner == 'MicrosoftDocs' runs-on: ubuntu-latest steps: @@ -23,4 +24,4 @@ jobs: - uses: actions/upload-artifact@v4 with: name: PayloadJson - path: pr/ + path: pr/ \ No newline at end of file diff --git a/.github/workflows/BuildValidation.yml b/.github/workflows/BuildValidation.yml index e57844b453..dadccacbef 100644 --- a/.github/workflows/BuildValidation.yml +++ b/.github/workflows/BuildValidation.yml @@ -11,11 +11,9 @@ on: jobs: build-status: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-BuildValidation.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - diff --git a/.github/workflows/LiveMergeCheck.yml b/.github/workflows/LiveMergeCheck.yml index faeb2a0ef4..7db35548e9 100644 --- a/.github/workflows/LiveMergeCheck.yml +++ b/.github/workflows/LiveMergeCheck.yml @@ -12,11 +12,9 @@ on: jobs: live-merge: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - \ No newline at end of file + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/PrFileCount.yml b/.github/workflows/PrFileCount.yml index 40f7d61629..17faf7a211 100644 --- a/.github/workflows/PrFileCount.yml +++ b/.github/workflows/PrFileCount.yml @@ -12,11 +12,9 @@ on: jobs: file-count: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/ProtectedFiles.yml b/.github/workflows/ProtectedFiles.yml index 007f8f04b1..bbdbbe2e40 100644 --- a/.github/workflows/ProtectedFiles.yml +++ b/.github/workflows/ProtectedFiles.yml @@ -10,11 +10,9 @@ on: [pull_request_target] jobs: protected-files: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - \ No newline at end of file + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/Stale.yml b/.github/workflows/Stale.yml index 82b6875e28..7f262d325a 100644 --- a/.github/workflows/Stale.yml +++ b/.github/workflows/Stale.yml @@ -11,9 +11,10 @@ on: jobs: stale: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod with: RunDebug: false RepoVisibility: ${{ github.repository_visibility }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/StaleBranch.yml b/.github/workflows/StaleBranch.yml index 470eadbd32..f55d979291 100644 --- a/.github/workflows/StaleBranch.yml +++ b/.github/workflows/StaleBranch.yml @@ -13,6 +13,7 @@ on: jobs: stale-branch: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-StaleBranch.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} @@ -22,4 +23,4 @@ jobs: ]' ReportOnly: true secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/TierManagement.yml b/.github/workflows/TierManagement.yml index 4078a48fda..47baf0be65 100644 --- a/.github/workflows/TierManagement.yml +++ b/.github/workflows/TierManagement.yml @@ -11,11 +11,11 @@ on: jobs: tier-mgmt: - if: github.repository_visibility == 'private' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'private' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-TierManagement.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} EnableWriteSignOff: 1 - EnableReadOnlySignoff: 0 + EnableReadOnlySignoff: 1 secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 1f3ac852c76e68b96de58faf4fec74d099521b82 Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Wed, 26 Mar 2025 13:48:07 -0700 Subject: [PATCH 07/17] Add check to run only if triggered from MicrosoftDocs repo --- .github/workflows/AutoLabelMsftContributor.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/AutoLabelMsftContributor.yml b/.github/workflows/AutoLabelMsftContributor.yml index c41825acc8..6fcfb6e43e 100644 --- a/.github/workflows/AutoLabelMsftContributor.yml +++ b/.github/workflows/AutoLabelMsftContributor.yml @@ -13,7 +13,7 @@ on: jobs: download-payload: - if: github.repository_visibility == 'public' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' name: Download and extract payload artifact uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod with: @@ -24,7 +24,7 @@ jobs: label-msft: name: Label Microsoft contributors - if: github.repository_visibility == 'public' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' needs: [download-payload] uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod with: @@ -32,4 +32,4 @@ jobs: secrets: AccessToken: ${{ secrets.GITHUB_TOKEN }} ClientId: ${{ secrets.M365_APP_CLIENT_ID }} - PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} + PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} \ No newline at end of file From fd11a4b010b88beba0e7da2834838605d9c8e08d Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:18:35 -0700 Subject: [PATCH 08/17] Learn Editor: Update policy-csp-windowsai.md --- windows/client-management/mdm/policy-csp-windowsai.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index caf72cbace..cf72ce10b9 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -363,9 +363,15 @@ This policy setting allows you to control whether Image Creator functionality is This policy setting determines which app opens when the user presses the Copilot key on their keyboard. -- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings. +- If the policy is enabled, the specified app will open when the user presses the Copilot key. +Users can change the key assignment in Settings, but cannot select a different custom app. + +- If the policy isn't configured, Copilot or Microsoft 365 Copilot will open if it's available in that country or region. + +The property value is the Application User Model ID (AUMID) for the target application. For example: Notepad `Microsoft.WindowsNotepad_8wekyb3d8bbwe!App`. + +To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). -- If the policy isn't configured, Copilot will open if it's available in that country or region. From 2744d7738edbb662e1b2458eedef00bd97cbe332 Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:20:15 -0700 Subject: [PATCH 09/17] Learn Editor: Update policy-csp-windowsai.md --- windows/client-management/mdm/policy-csp-windowsai.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index cf72ce10b9..f64b5633d6 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -363,14 +363,11 @@ This policy setting allows you to control whether Image Creator functionality is This policy setting determines which app opens when the user presses the Copilot key on their keyboard. -- If the policy is enabled, the specified app will open when the user presses the Copilot key. -Users can change the key assignment in Settings, but cannot select a different custom app. +- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings, but cannot select a different custom app. - If the policy isn't configured, Copilot or Microsoft 365 Copilot will open if it's available in that country or region. -The property value is the Application User Model ID (AUMID) for the target application. For example: Notepad `Microsoft.WindowsNotepad_8wekyb3d8bbwe!App`. - -To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). +The property value is the Application User Model ID (AUMID) for the target application. For example: Notepad is `Microsoft.WindowsNotepad_8wekyb3d8bbwe!App`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). From ac8617d4155716a3ae4a48a2b7be1ebf623df4b5 Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:23:06 -0700 Subject: [PATCH 10/17] Learn Editor: Update policy-csp-windowsai.md --- windows/client-management/mdm/policy-csp-windowsai.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index f64b5633d6..47e181633e 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -365,7 +365,7 @@ This policy setting determines which app opens when the user presses the Copilot - If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings, but cannot select a different custom app. -- If the policy isn't configured, Copilot or Microsoft 365 Copilot will open if it's available in that country or region. +- If the policy isn't configured, Microsoft 365 Copilot or Copilot will open if it's available for that user's account in that country or region. The property value is the Application User Model ID (AUMID) for the target application. For example: Notepad is `Microsoft.WindowsNotepad_8wekyb3d8bbwe!App`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). From 57baa7d38bcb8594185787e40863e9773e420c8b Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:27:24 -0700 Subject: [PATCH 11/17] Learn Editor: Update policy-csp-windowsai.md --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 47e181633e..016090e9cb 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -365,9 +365,9 @@ This policy setting determines which app opens when the user presses the Copilot - If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings, but cannot select a different custom app. -- If the policy isn't configured, Microsoft 365 Copilot or Copilot will open if it's available for that user's account in that country or region. +- If the policy isn't configured, Microsoft 365 Copilot or Copilot will open if it's available for that user's account in that country or region. Users can change the key assignment in Settings including selecting a different custom app. -The property value is the Application User Model ID (AUMID) for the target application. For example: Notepad is `Microsoft.WindowsNotepad_8wekyb3d8bbwe!App`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). +The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). From e0a77c209cebd7ab8ba65bb179117048d24a7083 Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:47:41 -0700 Subject: [PATCH 13/17] Fix formatting issue in policy description --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 016090e9cb..bc0596b1f3 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -367,12 +367,12 @@ This policy setting determines which app opens when the user presses the Copilot - If the policy isn't configured, Microsoft 365 Copilot or Copilot will open if it's available for that user's account in that country or region. Users can change the key assignment in Settings including selecting a different custom app. -The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). - +The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). + From 159309b2c684e0b6dce7e08b52609c7ab6d07984 Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:50:13 -0700 Subject: [PATCH 14/17] Simplify Copilot key policy description --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index bc0596b1f3..92014c9ff1 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -363,9 +363,9 @@ This policy setting allows you to control whether Image Creator functionality is This policy setting determines which app opens when the user presses the Copilot key on their keyboard. -- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings, but cannot select a different custom app. +- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings. -- If the policy isn't configured, Microsoft 365 Copilot or Copilot will open if it's available for that user's account in that country or region. Users can change the key assignment in Settings including selecting a different custom app. +- If the policy isn't configured, Copilot will open if it's available in that country or region. From dd927a7456fe3d18f1ae473bc1be2e2bce7ff381 Mon Sep 17 00:00:00 2001 From: Andrew Glass Date: Wed, 26 Mar 2025 14:51:16 -0700 Subject: [PATCH 15/17] Remove extra blank line in policy description --- windows/client-management/mdm/policy-csp-windowsai.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 92014c9ff1..8c6c7e0d3e 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -366,7 +366,6 @@ This policy setting determines which app opens when the user presses the Copilot - If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings. - If the policy isn't configured, Copilot will open if it's available in that country or region. - From d596464044712ec18305ba85e452ccf8a02ef003 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 26 Mar 2025 16:58:39 -0700 Subject: [PATCH 16/17] fix link --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 8c6c7e0d3e..4708cd0e55 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 03/12/2025 +ms.date: 03/26/2025 ms.topic: generated-reference --- @@ -370,7 +370,7 @@ This policy setting determines which app opens when the user presses the Copilot -The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. To help you retrieve AUMIDs, you can refer to this article: [Find the Application User Model ID of an installed app | Microsoft Learn](https://learn.microsoft.com/en-us/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). +The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. For more information, see [Find the application user model ID of an installed app](/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). From 86e2a1497f7a01a0efc0bb34caf6e48d2d4418f1 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 27 Mar 2025 11:17:28 -0400 Subject: [PATCH 17/17] update to user experience --- windows/configuration/taskbar/pinned-apps.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/configuration/taskbar/pinned-apps.md b/windows/configuration/taskbar/pinned-apps.md index 6f93e76b25..f8ec2fe588 100644 --- a/windows/configuration/taskbar/pinned-apps.md +++ b/windows/configuration/taskbar/pinned-apps.md @@ -214,7 +214,9 @@ The GPO applies the Start and taskbar layout at the next user sign-in. Each time ## User experience -After the taskbar layout is applied, the users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar. +After the taskbar layout is applied, users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar. + +Any pins provisioned via policy settings are restored upon the next policy refresh, even when users unpin them. ### OS install and upgrade experience