diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 79fce660b9..f5db421a51 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -6171,6 +6171,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/configuration/multi-app-kiosk-xml.md",
+"redirect_url": "windows/configuration/kiosk-xml.md",
+"redirect_document_id": true
+},
+{
"source_path": "windows/configure/provisioning-uninstall-package.md",
"redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
"redirect_document_id": true
@@ -13099,6 +13104,39 @@
"source_path": "windows/deployment/windows-10-auto-pilot.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-10-autopilot",
"redirect_document_id": true
-}
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
+"redirect_document_id": true
+},
+
+
+
]
}
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index cffe549908..fc8a612b80 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -1,14 +1,15 @@
---
description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
-author: eross-msft
+author: shortpatti
+ms.author: pashort
ms.prod: edge
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: appcompat
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/15/2018
---
# Use Enterprise Mode to improve compatibility
@@ -19,8 +20,6 @@ If you have specific web sites and apps that you know have compatibility problem
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
-
-[@Reviewer: will RS5 have the need for the following note?]
>[!NOTE]
>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 8650b4702c..a607034785 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -3,19 +3,20 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Enable and disable add-ons using administrative templates and group policy
-author: eross-msft
+ms.author: pashort
+author: shortpatti
ms.prod: ie11
ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
ms.sitesec: library
-ms.date: 07/27/2017
+ms.date: 4/12/2018
---
# Enable and disable add-ons using administrative templates and group policy
Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
-There are 4 types of add-ons:
+There are four types of add-ons:
- **Search Providers.** Type a term and see suggestions provided by your search provider.
@@ -57,7 +58,7 @@ You can use the Local Group Policy Editor to change how add-ons work in your org
5. Close the Local Group Policy Editor when you’re done.
## Using the CLSID and Administrative Templates to manage group policy objects
-Because every add-on has a Class ID (CLSID), you can use it to enable and disable specific add-ons, using Group Policy and Administrative Templates.
+Every add-on has a Class ID (CLSID) that you use to enable and disable specific add-ons, using Group Policy and Administrative Templates.
**To manage add-ons**
@@ -65,22 +66,30 @@ Because every add-on has a Class ID (CLSID), you can use it to enable and disabl
1. Open IE, click **Tools**, and then click **Manage Add-ons**.
- 2. Pick the add-on you want to change, and then right-click **More Information**.
-
- 3. Click **Copy** and then close **Manage Add-ons** and IE.
+ 2. Double-click the add-on you want to change.
+ 3. In the More Information dialog, click **Copy** and then click **Close**.
+
+ 4. Open Notepad and paste the information for the add-on.
+
+ 5. On the Manage Add-ons windows, click **Close**.
+
+ 6. On the Internet Options dialog, click **Close** and then close IE.
+
2. From the copied information, select and copy just the **Class ID** value.
-3. Open the Group Policy Management Editor and go to `Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+ >[!NOTE]
+ >You want to copy the curly brackets as well as the CLSID: **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
+
+3. Open the Group Policy Management Editor and go to: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
**-OR-**
-Open the Local Group Policy Editor and go to `Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`.
+Open the Local Group Policy Editor and go to: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management.
-4. Open the **Add-on List** Group Policy Object, pick **Enabled**, and then click **Show**.
-**Show Contents** box appears.
+4. Open the **Add-on List** Group Policy Object, select **Enabled**, and then click **Show**. The Show Contents dialog appears.
-5. In **Value Name**, put your copied Class ID.
+6. In **Value Name**, paste the Class ID for your add-on, for example, **{47833539-D0C5-4125-9FA8-0819E2EAAC93}**.
-6. In **Value**, put:
+6. In **Value**, enter one of the following:
- **0**. The add-on is disabled and your employees can’t change it.
@@ -88,11 +97,12 @@ Open the Local Group Policy Editor and go to `Computer Configuration\Administrat
- **2**. The add-on is enabled and your employees can change it.
-7. Click **OK** and close the Group Policy editor.
-
-
-
-
+7. Close the Show Contents dialog.
+7. In the Group Policy editor, go to: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
+8. Double-click **Automatically activate/enable newly installed add-ons** and select **Enabled**.
Enabling turns off the message prompting you to Enable or Don't enable the add-on.
+7. Click **OK** twice to close the Group Policy editor.
+
+
\ No newline at end of file
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 87ef48bb20..d494af7e30 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1,9 +1,12 @@
# [Microsoft HoloLens](index.md)
+## [What's new in Microsoft HoloLens](hololens-whats-new.md)
## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
## [Set up HoloLens](hololens-setup.md)
## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
+## [Manage updates to HoloLens](hololens-updates.md)
## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
+## [Share HoloLens with multiple people](hololens-multiple-users.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
index 20d0866be8..ad91f33903 100644
--- a/devices/hololens/change-history-hololens.md
+++ b/devices/hololens/change-history-hololens.md
@@ -8,13 +8,22 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 02/02/2018
+ms.date: 04/23/2018
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
+## Windows 10 Holographic for Business, version 1803
+
+The topics in this library have been updated for Windows 10 Holographic for Business, version 1803. The following new topics have been added:
+
+- [What's new in Microsoft HoloLens](hololens-whats-new.md)
+- [Manage updates to HoloLens](hololens-updates.md)
+- [Share HoloLens with multiple people](hololens-multiple-users.md)
+
+
## February 2018
New or changed topic | Description
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index aef7ea7f69..a673506578 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -55,7 +55,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
### Create a provisioning package that upgrades the Windows Holographic edition
-1. [Create a provisioning package for HoloLens.](hololens-provisioning.md#create-a-provisioning-package-for-hololens)
+1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
2. Go to **Runtime settings** > **Policies** > **Security**, and select **RequireDeviceEncryption**.
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 1412357e31..db28187680 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -12,7 +12,7 @@ ms.date: 07/27/2017
# Enroll HoloLens in MDM
-You can manage multiple Microsoft HoloLens devices simultaneously using solutions like Microsoft Intune. You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need. See [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business), the [configuration service providers (CSPs) that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens), and the [policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies).
+You can manage multiple Microsoft HoloLens devices simultaneously using solutions like [Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business). You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need. See [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business), the [configuration service providers (CSPs) that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens), and the [policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies).
>[!NOTE]
>Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index 14ede04e4d..a70c2265b8 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -1,20 +1,196 @@
---
title: Set up HoloLens in kiosk mode (HoloLens)
-description: Kiosk mode limits the user's ability to launch new apps or change the running app.
+description: Use a kiosk configuration to lock down the apps on HoloLens.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 04/23/2018
---
# Set up HoloLens in kiosk mode
+In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks.
+
+When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
+
+Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
+
+The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration.
+
+>[!WARNING]
+>The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access.
+>
+>Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app.
+
+For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
+- You can [use Microsoft Intune](#intune-kiosk), for HoloLens devices managed by Intune, to configure single-app and multi-app kiosks.
+- You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks.
+- You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
+
+For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks.
+
+
+## Start layout for HoloLens
+
+If you use [Microsoft Intune](#intune-kiosk) or a [provisioning package](#ppkg-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
+
+>[!NOTE]
+>Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
+
+### Start layout file for Intune
+
+Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune.
+
+```xml
+
+
+
+
+
+
+
+
+
+```
+
+### Start layout for a provisioning package
+
+You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+```
+
+
+## Set up kiosk mode using Microsoft Intune (Windows 10, version 1803)
+
+
+
+**Multi-app kiosk**
+
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Multi app kiosk**.
+11. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
+12. Enter a friendly name for the configuration.
+13. Select **UWP App** for a Universal Windows Platform app, and enter the Application User Model ID for an installed app.
+14. Select whether to enable the taskbar.
+15. Browse to and select [the Start layout XML file](#start-kiosk).
+16. Add one or more accounts. When the account signs in, only the apps defined in the configuration will be available.
+17. Select **OK**. You can add additional configurations or finish.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
+
+**Single-app kiosk**
+
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Single app kiosk**.
+11. Enter the user account that will be used for the kiosk.
+13. Enter the Application User Model ID for an installed app.
+14. Select **OK**, and then select **Create**.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
+
+
+## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
+
+Process:
+1. [Create an XML file that defines the kiosk configuration.](#create-xml-file)
+2. [Add the XML file to a provisioning package.](#add-xml)
+3. [Apply the provisioning package to HoloLens.](#apply-ppkg)
+
+
+### Create a kiosk configuration XML file
+
+Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions:
+
+- Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens.
+- Use the [placeholder Start XML](#start-kiosk) for HoloLens.
+- Use [group accounts](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#config-for-group-account) rather than individual accounts.
+
+
+### Add the kiosk configuration XML file to a provisioning package
+
+1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22).
+2. Choose **Advanced provisioning**.
+3. Name your project, and click **Next**.
+4. Choose **Windows 10 Holographic** and click **Next**.
+5. Select **Finish**. The workspace for your package opens.
+6. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
+7. In the center pane, click **Browse** to locate and select the kiosk configuration XML file that you created.
+
+ 
+
+8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
+8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
+8. On the **File** menu, select **Save.**
+9. On the **Export** menu, select **Provisioning package**.
+10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+
+11. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
+
+ - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
+
+12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
+
+13. Click **Next**.
+
+14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+
+
+
+
+### Apply the provisioning package to HoloLens
+
+1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
+
+3. HoloLens will show up as a device in File Explorer on the PC.
+
+4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
+
+5. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page.
+
+6. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
+
+7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
-Kiosk mode limits the user's ability to launch new apps or change the running app. When kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
+
+## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803)
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
@@ -37,3 +213,18 @@ Kiosk mode limits the user's ability to launch new apps or change the running ap
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
+
+## Kiosk app recommendations
+
+- You cannot select Microsoft Edge, Microsoft Store, or the Shell app as a kiosk app.
+- We recommend that you do **not** select the Settings app and the File Explorer app as a kiosk app.
+- You can select Cortana as a kiosk app.
+- To enable photo or video capture, the HoloCamera app must be enabled as a kiosk app.
+
+## More information
+
+Watch how to configure a kiosk in Microsoft Intune.
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false]
+
+Watch how to configure a kiosk in a provisioning package.
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
\ No newline at end of file
diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md
new file mode 100644
index 0000000000..0282d545fe
--- /dev/null
+++ b/devices/hololens/hololens-multiple-users.md
@@ -0,0 +1,30 @@
+---
+title: Share HoloLens with multiple people (HoloLens)
+description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: hololens, devices
+ms.sitesec: library
+author: jdeckerms
+ms.localizationpriority: medium
+ms.date: 04/23/2018
+---
+
+# Share HoloLens with multiple people
+
+A HoloLens device can be shared by multiple Azure Active Directory (Azure AD) accounts, each with their own user settings and user data on the device.
+
+**Prerequisite**: The HoloLens device must be running Windows 10, version 1803, and be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
+During setup, you must select **My work or school owns it** and sign in with an Azure AD account. After setup, ensure that **Other People** appears in **Settings** > **Accounts**.
+
+Other people can use the HoloLens device by signing in with their Azure AD account credentials. To switch users, press the power button once to go to standby and then press the power button again to return to the lock screen, or select the user tile on the upper right of th epins panel to sign out the current user.
+
+>[!NOTE]
+>Each subsequent user will need to perform [Calibration](https://developer.microsoft.com/windows/mixed-reality/calibration) in order to set their correct interpupillary distance (PD) for the device while signed in.
+
+To see users on the device or to remove a user from the device, go to **Settings** > **Accounts** > **Other users**.
+
+
+
+
diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index eae5a880c2..87a541f840 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -7,30 +7,84 @@ ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 11/29/2017
+ms.date: 04/23/2018
---
-# Configure HoloLens using a provisioning package test
+# Configure HoloLens using a provisioning package
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Windows Configuration Designer, a tool for configuring images and runtime settings which are then built into provisioning packages.
+[Windows provisioning](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) makes it easy for IT administrators to configure end-user devices without imaging. Windows Configuration Designer is a tool for configuring images and runtime settings which are then built into provisioning packages.
Some of the HoloLens configurations that you can apply in a provisioning package:
- Upgrade to Windows Holographic for Business
- Set up a local account
- Set up a Wi-Fi connection
-- Apply certificatess to the device
+- Apply certificates to the device
-To install Windows Configuration Designer and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or install [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
-
-When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration Designer** from the **Select the features you want to install** dialog box.
-
-
-
-> [!NOTE]
-> In previous versions of the Windows 10 ADK, you had to install additional features for Windows Configuration Designer to run. Starting in version 1607, you can install Windows Configuration Designer without other ADK features.
+To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store]((https://www.microsoft.com/store/apps/9nblggh4tx22)) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
-## Create a provisioning package for HoloLens
+
+
+## Create a provisioning package for HoloLens using the HoloLens wizard
+
+The HoloLens wizard helps you configure the following settings in a provisioning package:
+
+- Upgrade to the enterprise edition
+
+ >[!NOTE]
+ >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
+- Configure the HoloLens first experience (OOBE)
+- Configure Wi-Fi network
+- Enroll device in Azure Active Directory or create a local account
+- Add certificates
+- Enable Developer Mode
+
+>[!WARNING]
+>You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+
+Provisioning packages can include management instructions and policies, customization of network connections and policies, and more.
+
+> [!TIP]
+> Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
+>
+>
+
+### Create the provisioning package
+
+Use the Windows Configuration Designer tool to create a provisioning package.
+
+1. Open Windows Configuration Designer (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
+
+2. Click **Provision HoloLens devices**.
+
+ 
+
+3. Name your project and click **Finish**.
+
+4. Read the instructions on the **Getting started** page and select **Next**. The pages for desktop provisioning will walk you through the following steps.
+
+> [!IMPORTANT]
+> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+
+### Configure settings
+
+
+
+
Browse to and select the enterprise license file to upgrade the HoloLens edition.You can also toggle **Yes** or **No** to hide parts of the first experience.Select a region and timezone in which the device will be used.
+
 Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
+
 You can enroll the device in Azure Active Directory, or create a local account on the deviceBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions. To create a local account, select that option and enter a user name and password. **Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.
+
 To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.
+
Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.
+
+
+After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
+
+ **Next step**: [How to apply a provisioning package](#apply)
+
+
+## Create a provisioning package for HoloLens using advanced provisioning
>[!NOTE]
>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
@@ -47,7 +101,7 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
7. Expand **Runtime settings** and customize the package with any of the settings [described below](#what-you-can-configure).
>[!IMPORTANT]
- >If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery).
+ >(For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery).
8. On the **File** menu, click **Save**.
@@ -80,12 +134,12 @@ When you run ADKsetup.exe for Windows 10, version 1607, select **Configuration D
10. When the build completes, click **Finish**.
-
+
## Apply a provisioning package to HoloLens
1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
-2. Briefly press and release the **Volume Down** and **Power** buttons simultaneously.
+2. Briefly press and release the **Volume Down** and **Power** buttons simultaneously. (This step isn't needed in Windows 10, version 1803.)
3. HoloLens will show up as a device in File Explorer on the PC.
@@ -110,7 +164,6 @@ In Windows Configuration Designer, when you create a provisioning package for Wi
| Setting | Description |
| --- | --- |
-| **Accounts** | Create a local account. HoloLens currently supports a single user only. Creating multiple local accounts in a provisioning package is not supported.
**IMPORTANT** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery). |
| **Certificates** | Deploy a certificate to HoloLens. |
| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. |
| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens-upgrade-enterprise.md) |
diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md
index 77ad68eb9e..c6061e863f 100644
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@@ -54,8 +54,8 @@ Hello for Business (using a PIN to sign in) is supported for HoloLens. It must b
Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type.
- Microsoft account: signs in automatically
-- Local account: always asks for password, not configurable by Settings
-- Azure AD: asks for password by default; configurable by Settings to no longer ask for password.
+- Local account: always asks for password, not configurable in **Settings**
+- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password.
>[!NOTE]
>Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy.
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
new file mode 100644
index 0000000000..6eaeb70644
--- /dev/null
+++ b/devices/hololens/hololens-updates.md
@@ -0,0 +1,47 @@
+---
+title: Manage updates to HoloLens (HoloLens)
+description: Administrators can use mobile device management to manage updates to HoloLens devices.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: hololens, devices
+ms.sitesec: library
+author: jdeckerms
+ms.localizationpriority: medium
+ms.date: 04/23/2018
+---
+
+# Manage updates to HoloLens
+
+Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. As with desktop devices, administrators can manage updates to the HoloLens operating system using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
+
+>[!NOTE]
+>HoloLens devices must be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md) to manage updates.
+
+
+Mobile device management (MDM) providers use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to enable update management.
+
+The Update policies supported for HoloLens are:
+
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
+- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)
+- [Update/RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requiredeferupgrade)
+- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
+- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
+
+
+
+Typically, devices access Windows Update directly for updates. You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead:
+
+- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)
+- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
+- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
+
+In Microsoft Intune, use [a custom profile](https://docs.microsoft.com/intune/custom-settings-windows-holographic) to configure devices to get updates from WSUS.
+
+
+
+
+
+## Related topics
+
+- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
\ No newline at end of file
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
index 1ac6bbeed2..ce45a29b1e 100644
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ b/devices/hololens/hololens-upgrade-enterprise.md
@@ -7,7 +7,7 @@ ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 02/02/2018
+ms.date: 04/23/2018
---
# Unlock Windows Holographic for Business features
@@ -17,7 +17,7 @@ Microsoft HoloLens is available in the *Development Edition*, which runs Windows
When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
>[!TIP]
->You can tell that the HoloLens has been upgraded to the business edition in **Settings** > **Network & Internet**. The **VPN** option is only available in Windows Holographic for Business.
+>In Windows 10, version 1803, you can tell that the HoloLens has been upgraded to the business edition in **Settings** > **System**.
@@ -37,7 +37,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
### Create a provisioning package that upgrades the Windows Holographic edition
-1. [Create a provisioning package for HoloLens.](hololens-provisioning.md#create-a-provisioning-package-for-hololens)
+1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
2. Go to **Runtime settings** > **EditionUpgrade**, and select **EditionUpgradeWithLicense**.
diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md
new file mode 100644
index 0000000000..20cd006e6a
--- /dev/null
+++ b/devices/hololens/hololens-whats-new.md
@@ -0,0 +1,52 @@
+---
+title: What's new in Microsoft HoloLens (HoloLens)
+description: Windows Holographic for Business gets new features in Windows 10, version 1803.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: hololens, devices
+ms.sitesec: library
+author: jdeckerms
+ms.localizationpriority: medium
+ms.date: 04/23/2018
+---
+
+# What's new in Microsoft HoloLens
+
+Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
+
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md).
+
+- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
+
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+
+ 
+
+- When you create a local account in a provisioning package, the password no longer expires every 42 days.
+
+- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
+
+- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
+
+- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
+
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
+
+- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
+
+- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
+
+- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
+
+- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.
+
+
+
+
+
+## Additional resources
+
+- [Reset or recover your HoloLens](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens)
+- [Restart, rest, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
+- [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business)
+
diff --git a/devices/hololens/images/account-management-details.png b/devices/hololens/images/account-management-details.png
new file mode 100644
index 0000000000..4094dabd85
Binary files /dev/null and b/devices/hololens/images/account-management-details.png differ
diff --git a/devices/hololens/images/account-management.PNG b/devices/hololens/images/account-management.PNG
new file mode 100644
index 0000000000..34165dfcd6
Binary files /dev/null and b/devices/hololens/images/account-management.PNG differ
diff --git a/devices/hololens/images/add-certificates-details.PNG b/devices/hololens/images/add-certificates-details.PNG
new file mode 100644
index 0000000000..966a826a46
Binary files /dev/null and b/devices/hololens/images/add-certificates-details.PNG differ
diff --git a/devices/hololens/images/add-certificates.PNG b/devices/hololens/images/add-certificates.PNG
new file mode 100644
index 0000000000..24cb605d1c
Binary files /dev/null and b/devices/hololens/images/add-certificates.PNG differ
diff --git a/devices/hololens/images/backicon.png b/devices/hololens/images/backicon.png
new file mode 100644
index 0000000000..3007e448b1
Binary files /dev/null and b/devices/hololens/images/backicon.png differ
diff --git a/devices/hololens/images/check_blu.png b/devices/hololens/images/check_blu.png
new file mode 100644
index 0000000000..d5c703760f
Binary files /dev/null and b/devices/hololens/images/check_blu.png differ
diff --git a/devices/hololens/images/check_grn.png b/devices/hololens/images/check_grn.png
new file mode 100644
index 0000000000..f9f04cd6bd
Binary files /dev/null and b/devices/hololens/images/check_grn.png differ
diff --git a/devices/hololens/images/checklistbox.gif b/devices/hololens/images/checklistbox.gif
new file mode 100644
index 0000000000..cbcf4a4f11
Binary files /dev/null and b/devices/hololens/images/checklistbox.gif differ
diff --git a/devices/hololens/images/checklistdone.png b/devices/hololens/images/checklistdone.png
new file mode 100644
index 0000000000..7e53f74d0e
Binary files /dev/null and b/devices/hololens/images/checklistdone.png differ
diff --git a/devices/hololens/images/checkmark.png b/devices/hololens/images/checkmark.png
new file mode 100644
index 0000000000..f9f04cd6bd
Binary files /dev/null and b/devices/hololens/images/checkmark.png differ
diff --git a/devices/hololens/images/crossmark.png b/devices/hololens/images/crossmark.png
new file mode 100644
index 0000000000..69432ff71c
Binary files /dev/null and b/devices/hololens/images/crossmark.png differ
diff --git a/devices/hololens/images/developer-setup-details.png b/devices/hololens/images/developer-setup-details.png
new file mode 100644
index 0000000000..0a32af7ba7
Binary files /dev/null and b/devices/hololens/images/developer-setup-details.png differ
diff --git a/devices/hololens/images/developer-setup.png b/devices/hololens/images/developer-setup.png
new file mode 100644
index 0000000000..826fda5f25
Binary files /dev/null and b/devices/hololens/images/developer-setup.png differ
diff --git a/devices/hololens/images/doneicon.png b/devices/hololens/images/doneicon.png
new file mode 100644
index 0000000000..d80389f35b
Binary files /dev/null and b/devices/hololens/images/doneicon.png differ
diff --git a/devices/hololens/images/finish-details.png b/devices/hololens/images/finish-details.png
new file mode 100644
index 0000000000..ff3f53e5c8
Binary files /dev/null and b/devices/hololens/images/finish-details.png differ
diff --git a/devices/hololens/images/finish.PNG b/devices/hololens/images/finish.PNG
new file mode 100644
index 0000000000..7c65da1799
Binary files /dev/null and b/devices/hololens/images/finish.PNG differ
diff --git a/devices/hololens/images/five.png b/devices/hololens/images/five.png
new file mode 100644
index 0000000000..961f0e15b7
Binary files /dev/null and b/devices/hololens/images/five.png differ
diff --git a/devices/hololens/images/four.png b/devices/hololens/images/four.png
new file mode 100644
index 0000000000..0fef213b37
Binary files /dev/null and b/devices/hololens/images/four.png differ
diff --git a/devices/hololens/images/icd-create-options-1703.PNG b/devices/hololens/images/icd-create-options-1703.PNG
new file mode 100644
index 0000000000..007e740683
Binary files /dev/null and b/devices/hololens/images/icd-create-options-1703.PNG differ
diff --git a/devices/hololens/images/icd-export-menu.png b/devices/hololens/images/icd-export-menu.png
new file mode 100644
index 0000000000..20bd5258eb
Binary files /dev/null and b/devices/hololens/images/icd-export-menu.png differ
diff --git a/devices/hololens/images/icd-install.PNG b/devices/hololens/images/icd-install.PNG
new file mode 100644
index 0000000000..a0c80683ff
Binary files /dev/null and b/devices/hololens/images/icd-install.PNG differ
diff --git a/devices/hololens/images/icd-simple-edit.png b/devices/hololens/images/icd-simple-edit.png
new file mode 100644
index 0000000000..421159ac17
Binary files /dev/null and b/devices/hololens/images/icd-simple-edit.png differ
diff --git a/devices/hololens/images/launchicon.png b/devices/hololens/images/launchicon.png
new file mode 100644
index 0000000000..d469c68a2c
Binary files /dev/null and b/devices/hololens/images/launchicon.png differ
diff --git a/devices/hololens/images/multiappassignedaccesssettings.png b/devices/hololens/images/multiappassignedaccesssettings.png
new file mode 100644
index 0000000000..86e2e0a451
Binary files /dev/null and b/devices/hololens/images/multiappassignedaccesssettings.png differ
diff --git a/devices/hololens/images/one.png b/devices/hololens/images/one.png
new file mode 100644
index 0000000000..7766e7d470
Binary files /dev/null and b/devices/hololens/images/one.png differ
diff --git a/devices/hololens/images/provision-hololens-devices.png b/devices/hololens/images/provision-hololens-devices.png
new file mode 100644
index 0000000000..c5ece7102f
Binary files /dev/null and b/devices/hololens/images/provision-hololens-devices.png differ
diff --git a/devices/hololens/images/set-up-device-details.PNG b/devices/hololens/images/set-up-device-details.PNG
new file mode 100644
index 0000000000..85b7dd382e
Binary files /dev/null and b/devices/hololens/images/set-up-device-details.PNG differ
diff --git a/devices/hololens/images/set-up-device.PNG b/devices/hololens/images/set-up-device.PNG
new file mode 100644
index 0000000000..0c9eb0e3ff
Binary files /dev/null and b/devices/hololens/images/set-up-device.PNG differ
diff --git a/devices/hololens/images/set-up-network-details-desktop.PNG b/devices/hololens/images/set-up-network-details-desktop.PNG
new file mode 100644
index 0000000000..83911ccbd0
Binary files /dev/null and b/devices/hololens/images/set-up-network-details-desktop.PNG differ
diff --git a/devices/hololens/images/set-up-network.PNG b/devices/hololens/images/set-up-network.PNG
new file mode 100644
index 0000000000..a0e856c103
Binary files /dev/null and b/devices/hololens/images/set-up-network.PNG differ
diff --git a/devices/hololens/images/seven.png b/devices/hololens/images/seven.png
new file mode 100644
index 0000000000..285a92df0b
Binary files /dev/null and b/devices/hololens/images/seven.png differ
diff --git a/devices/hololens/images/six.png b/devices/hololens/images/six.png
new file mode 100644
index 0000000000..e8906332ec
Binary files /dev/null and b/devices/hololens/images/six.png differ
diff --git a/devices/hololens/images/three.png b/devices/hololens/images/three.png
new file mode 100644
index 0000000000..887fa270d7
Binary files /dev/null and b/devices/hololens/images/three.png differ
diff --git a/devices/hololens/images/two.png b/devices/hololens/images/two.png
new file mode 100644
index 0000000000..b8c2d52eaf
Binary files /dev/null and b/devices/hololens/images/two.png differ
diff --git a/devices/hololens/images/wizard-steps.png b/devices/hololens/images/wizard-steps.png
new file mode 100644
index 0000000000..d97bae9a05
Binary files /dev/null and b/devices/hololens/images/wizard-steps.png differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index ddb5c29aea..d545d9b2f2 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -7,7 +7,7 @@ ms.pagetype: hololens, devices
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 11/29/2017
+ms.date: 04/23/2018
---
# Microsoft HoloLens
@@ -21,14 +21,18 @@ ms.date: 11/29/2017
| Topic | Description |
| --- | --- |
+[What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update.
| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business|
| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune |
+[Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates.
| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
+[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts.
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens|
-
+[Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens.
+[Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library.
## Related resources
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index d0cb5eb932..c3ab437724 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -16,6 +16,12 @@ ms.localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
+## April 2018
+
+New or changed topic | Description
+--- | ---
+[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions for Skype for Business Hybrid.
+
## March 2018
New or changed topic | Description
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 44cc9145f9..dd8d127472 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -17,6 +17,9 @@ ms.localizationpriority: medium
You can connect other devices to your Microsoft Surface Hub to display content. This topic describes the Guest Mode, Replacement PC Mode, and Video Out functionality available through wired connections, and also lists accessories that you can connect to Surface Hub using [Bluetooth](#bluetooth-accessories).
+>[!NOTE]
+>Surface Hub will use the video input that you select until a new connection is made, the existing connection is disrupted, or the Connect App is closed.
+
## Which method should I choose?
When connecting external devices and displays to a Surface Hub, there are several available options. The method you use will depend upon your scenario and needs.
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index de3ffd59ee..b464e456dc 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -9,13 +9,17 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
-ms.date: 02/21/2018
+ms.date: 04/12/2018
ms.localizationpriority: medium
---
# Hybrid deployment (Surface Hub)
A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
+>[!NOTE]
+>In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
+
+
## Exchange on-premises
Use this procedure if you use Exchange on-premises.
@@ -210,15 +214,10 @@ If your organization has set up [hybrid connectivity between Skype for Business
The Surface Hub requires a Skype account of the type `meetingroom`, while a normal user would use a user type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
-In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet, unfortunately this will not work between the on-preisesm Skype server and Office 365 - it only works across on-premises Skype pools.
+In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
-To have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. Enable the account on the on-premises Skype server first:
-
-```
-Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
-```
-
-After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365.](https://technet.microsoft.com/library/jj204969.aspx)
+>[!NOTE]
+>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
## Exchange online
@@ -406,13 +405,8 @@ If your organization has set up [hybrid connectivity between Skype for Business
The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
-In a hybrid Skype environment, you have to create the user on-premises first, then move the user to the cloud. This means that your user is present in both environments (which makes SIP routing possible). The move from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet which can only be used against user type accounts, not meetingroom type accounts. Because of this, you will not be able to move a Surface Hub account that has a meetingroom type of account. You might think of using the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&MSPPError=-2147217396) cmdlet, unfortunately this will not work between the on-premises Skype server and Office 365 - it only works across on-premises Skype pools.
-
-In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server:
+In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
-```PowerShell
-Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName
-```
-
-After the Surface Hub account is enabled for Skype for Business on-premises, you can keep the account on-premises or you can move the Surface Hub account to Office 365, using the Move-CsUser cmdlet. [Learn more about moving a Skype user to Office 365](https://technet.microsoft.com/library/jj204969.aspx).
+>[!NOTE]
+>To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 7ef2ae24a6..7c6a90015d 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: surfacehub
author: jdeckerms
ms.author: jdecker
-ms.date: 07/27/2017
+ms.date: 04/13/2018
ms.localizationpriority: medium
---
@@ -100,13 +100,12 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
- ```PowerShell
- Set-CsMeetingRoom HUB01 -DomainController DC-ND-001.contoso.com
- -LineURItel: +14255550555;ext=50555" Set-CsMeetingRoom -DomainController DC-ND-001.contoso.com
- -Identity HUB01 -EnterpriseVoiceEnabled $true
+ ```PowerShell
+ Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
```
Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
+
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index 077e16a6a5..cef7042de1 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -36,9 +36,10 @@ Additionally, note that Surface Hub requires the following open ports:
- HTTP: 80
- NTP: 123
-Depending on your environment, access to additional ports may be needed:
-- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
-- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
+If you are using Surface Hub with Skype for Business, you will need to open additional ports. Please follow the guidance below:
+- If you use Skype for Business Online, see [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
+- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
+- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx).
Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list:
- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/`
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index e7013de28c..7ad560c77e 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -15,7 +15,7 @@ ms.localizationpriority: medium
Microsoft Whiteboard’s latest update (17.8302.5275X or greater) includes the capability for two Surface Hubs to collaborate in real time on the same board.
-By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together. Mobile device management (MDM) allows you to control default settings and provides access to these capabilities. For more information about mobile device management for Surface Hub, see [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md).
+By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together.
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index c827683002..de19d69ecb 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -26,7 +26,8 @@ ms.date: 03/18/2018
| [](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?[1](#footnote1)** Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
| [](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
| [](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** Open [OneNote](#edu-task4) and create an example group project for your class. |
-| [](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
+| [](#edu-task5) | **Curious about telling stories through video?** Try the [Photos app](#edu-task5) to make your own example video. |
+| [](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
| | |
@@ -34,6 +35,7 @@ ms.date: 03/18/2018
> [!VIDEO https://www.youtube.com/embed/3nqooY9Iqq4]
+
@@ -44,6 +46,7 @@ To try out the educator tasks, start by logging in as a teacher.
2. Log in to **Device A** using the **Teacher Username** and **Teacher Password** included in the **Credentials Sheet** located in your kit.
3. Connect to your school's Wi-Fi network or connect with a local Ethernet connection.
+
@@ -76,6 +79,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
|  |  |  |  |
+
## 3. Spark communication, critical thinking, and creativity in the classroom
@@ -94,6 +98,7 @@ Take a guided tour of Microsoft Teams and test drive this digital hub.
1. Take a guided tour of Microsoft Teams and test drive some teaching tasks. Open the Microsoft Edge browser and navigate to https://msteamsdemo.azurewebsites.net.
2. Use your school credentials provided in the **Credentials Sheet**.
+
@@ -127,9 +132,56 @@ When you're not using the pen, just use the magnet to stick it to the left side
+
+
+
+## 5. Engage with students by creating videos
+
+PHOTOS APP VIDEO COMING SOON!
+
+
+The Photos app now has a built-in video editor, making it easy for you and your students to create movies using photos, video clips, music, 3D models, and special effects. Improve comprehension, unleash creativity, and capture your student’s imagination through video.
+
+**Try this!**
+Use video to create a project summary.
+
+1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**.
+2. Open Microsoft Edge and visit http://aka.ms/PhotosTIB to download a zip file of the project media.
+3. Once the download has completed, open the zip file and select **Extract** > **Extract all**. Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**.
+4. In the **Start** menu, search for **Photos** or select the Photos tile to launch the app.
+5. Select the first video to preview it full screen. Select **Edit & Create**, then select **Create a video with text**.
+ 1. If you don't see the **Edit & Create** menu, select the video and the menu will appear at the top of the screen.
+6. Name your project “Laser Maze Project.” Hit Enter to continue.
+7. Select **Add photos and videos** and then **From my collection**. Scroll to select the 6 additional videos and select **Add**.
+8. Drag the videos to the Storyboard, one by one. Your project should look roughly like this:
+
+ 
+
+9. Select the first card in the Storyboard (the video of the project materials) and select **Text**, type a title in, a text style, a layout, and select **Done**.
+10. Select the third card in the Storyboard (the video of the children assembling the maze) and select **Trim**. Drag the trim handle on the left to shorten the duration of the clip and select **Done**.
+11. Select the last card on the Storyboard and select **3D effects**.
+ 1. Position the playback indicator to be roughly 1 second into the video clip, or when the boy moves down to examine the laser.
+ 2. Find the **lightning bolt** effect and click or drag to add it to the scene. Rotate, scale, and position the effect so it looks like the lightning is coming out of the laser beam and hitting the black back of the mirror.
+ 3. Position the blue anchor over the end of the laser pointer in the video and toggle on **Attach to a point** for the lightning bolt effect to anchor the effect in the scene.
+ 4. Play back your effect.
+ 5. Select **Done** when you have it where you want it.
+
+ 
+
+12. Select **Music** and select a track from the **Recommended** music collection.
+ 1. The music will update automatically to match the length of your video project, even as you make changes.
+ 2. If you don’t see more than a few music options, confirm that you’re connected to Wi-Fi and then close and re-open Microsoft Photos (returning to your project via the **Albums** tab). Additional music files should download in the background.
+13. You can adjust the volume for the background music using the **Music volume** button.
+14. Preview your video to see how it all came together.
+15. Select **Export or share** and select either the **Small** or **Medium** file size. You can share your video to social media, email, or another apps.
+
+Check out this use case video of the Photos team partnering with the Bureau Of Fearless Ideas in Seattle to bring the Photos app to local middle school students: https://www.youtube.com/watch?v=0dFFAu6XwPg
+
+
+
-## 5. Get kids to further collaborate and problem solve
+## 6. Get kids to further collaborate and problem solve
> [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png b/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png
new file mode 100644
index 0000000000..684bc59a50
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-5-jump2.png differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-5-v4.png b/education/trial-in-a-box/images/edu-tib-setp-5-v4.png
new file mode 100644
index 0000000000..d1d3f51fb8
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-5-v4.png differ
diff --git a/education/trial-in-a-box/images/edu-tib-setp-6-v4.png b/education/trial-in-a-box/images/edu-tib-setp-6-v4.png
new file mode 100644
index 0000000000..c46d7861af
Binary files /dev/null and b/education/trial-in-a-box/images/edu-tib-setp-6-v4.png differ
diff --git a/education/trial-in-a-box/images/photo_app_1.png b/education/trial-in-a-box/images/photo_app_1.png
new file mode 100644
index 0000000000..b5e6a59f63
Binary files /dev/null and b/education/trial-in-a-box/images/photo_app_1.png differ
diff --git a/education/trial-in-a-box/images/photo_app_2.png b/education/trial-in-a-box/images/photo_app_2.png
new file mode 100644
index 0000000000..69ec9b01dd
Binary files /dev/null and b/education/trial-in-a-box/images/photo_app_2.png differ
diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md
index 62510022e6..486c9358c7 100644
--- a/education/trial-in-a-box/index.md
+++ b/education/trial-in-a-box/index.md
@@ -28,7 +28,7 @@ Welcome to Microsoft Education Trial in a Box. We built this trial to make it ea
-|  |  |
+| [](educator-tib-get-started.md) | [](itadmin-tib-get-started.md) |
| :---: | :---: |
| **Educator**Enhance students of all abilities by unleashing their creativity, collaboration, and improving problem-solving skills. [Get started](educator-tib-get-started.md) | **IT Admin**Quickly implement and deploy a full cloud infrastructure that's secure and easy to manage. [Get started](itadmin-tib-get-started.md) |
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 17e228afb1..6f39869fb3 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -88,7 +88,7 @@ Check with your device manufacturer before trying Windows 10 S on your device to
| HP | Huawei | I Life |
| iNET | Intel | LANIT Trading |
| Lenovo | LG | MCJ |
-| Micro P/Exertis | Microsoft | MSI |
+| Micro P/Exertis | Microsoft | MSI |
| Panasonic | PC Arts | Positivo SA |
| Positivo da Bahia | Samsung | Teclast |
| Thirdwave | Tongfang | Toshiba |
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 7bb09bf7a9..52ef3ff163 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -130,7 +130,7 @@ Use the steps in the following sections to upgrade MBAM for the Stand-alone topo
6. Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, web applications, and Configuration Manager integration, in that order. The databases and Configuration Manager objects are upgraded in place.
-7. Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](http://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates.
+7. Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates.
After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored.
diff --git a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
index 18be63b57f..b0d0ef4e43 100644
--- a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
+++ b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md
@@ -94,7 +94,7 @@ Restoring a user’s device restores the currently registered Template’s setti
- **Manual Restore**
- If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the user’s current settings become the current state on the Settings Storage Location.
+ If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command causes the user’s settings to be downloaded from the Settings Storage Location.
## Restore Application and Windows Settings to Original State
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 20536b0115..ceac52581f 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -16,13 +16,13 @@ ms.localizationpriority: high
**Applies to**
- Windows 10
-Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot).
+Windows AutoPilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot).
Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business.
> [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
-## What is Windows AutoPilot Deployment Program?
+## What is Windows AutoPilot?
In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device.
You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this.
@@ -65,7 +65,7 @@ To manage devices through Microsoft Store for Business and Education, you'll nee
### Device information file format
Columns in the device information file need to use this naming and be in this order:
- Column A: Device Serial Number
-- Column B: Windows Product ID
+- Column B: Windows Product ID (optional, typically blank)
- Column C: Hardware Hash
Here's a sample device information file:
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index c18bb989b4..c2421f0918 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -6,66 +6,64 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# What's new in App-V for Windows 10, version 1703 and earlier
-**Applies to**
-- Windows 10, version 1703 and earlier
+>Applies to: Windows 10, version 1703 and earlier
-Microsoft Application Virtualization (App-V) helps organizations to deliver Win32 applications to employees as virtual apps. Virtual apps are installed on centrally managed servers and delivered to employees as a service – in real time and on an as-needed basis. Employees start virtual apps from familiar access points and interact with them as if they were installed locally.
+Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
## What's new in App-V Windows 10, version 1703
-The following are new features in App-V for Windows 10, version 1703.
-### Auto sequence and update your App-V packages singly or as a batch
-Previous versions of the App-V Sequencer have required you to manually sequence and update your app packages. This was time-consuming and required extensive interaction, causing many companies to deploy brand-new packages rather than update an existing one. Windows 10, version 1703 introduces the App-V Auto-Sequencer, which automatically sequences your app packages, improving your overall experience by streamlining the provisioning of the prerequisite environment, automating app installation, and expediting the package updating setup.
+### Auto-sequence and update your App-V packages singly or as a batch
-Using the automatic sequencer to package your apps provides:
-- Automatic virtual machine (VM) provisioning of the sequencing environment. For info about this, see [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md).
+Previous versions of the App-V Sequencer required manual sequencing and updating of app packages. This was time-consuming and required extensive interaction, causing many companies to deploy brand-new packages rather than update an existing one. Windows 10, version 1703 introduces the App-V Auto-Sequencer, which automatically sequences your app packages, improving your overall experience by streamlining prerequisite environment provisioning, automating app installation, and expediting package updating setup.
-- Batch-sequencing of packages. This means that multiple apps can be sequenced at the same time, in a single group. For info about this, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+Using the automatic sequencer to package your apps gives you the following benefits:
-- Batch-updating of packages. This means that multiple apps can be updated at the same time, in a single group. For info about this, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
+* **Automatic virtual machine (VM) sequencing environment provisioning**. To learn more, see [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md).
+* **Package batch-sequencing**. This means that multiple apps can be sequenced at the same time, in a single group. To learn more, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+* **Package batch-updating**. This means that multiple apps can be updated at the same time, in a single group. To learn more, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
### Updates to the App-V project template
-Starting with Windows 10, version 1703, you can save an App-V project template (.appvt) file as part of a sequenced App-V package, so it's automatically loaded every time the package opens for editing or updates. Your template can include general option settings, file exclusion list settings, and target operating system settings. For more info about this, see [Create and apply an App-V project template to a sequenced App-V package](appv-create-and-use-a-project-template.md)
-### Automatically cleanup unpublished App-V packages from the App-V client
-Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. For more info about this, see [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
+Starting with Windows 10, version 1703, you can now save an App-V project template (.appvt) file as part of a sequenced App-V package. This file will automatically load every time you open the package for edits or updates. Your template can include general option settings, file exclusion list settings, and target operating system settings. To learn more, see [Create and apply an App-V project template to a sequenced App-V package](../app-v/appv-create-and-use-a-project-template.md).
+
+### Automatically clean up unpublished App-V packages from the App-V client
+
+Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. To learn more, see [Automatically clean up unpublished packages on the App-V client](../app-v/appv-auto-clean-unpublished-packages.md).
## What's new in App-V in Windows 10, version 1607
-The following are new features in App-V for Windows 10, version 1607.
-## App-V is now a feature in Windows 10
-With Windows 10, version 1607 and later releases, Application Virtualization (App-V) is included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack.
+### App-V is now a feature in Windows 10
-For information about earlier versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+With Windows 10, version 1607 and later releases, App-V is now included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack.
-The changes in App-V for Windows 10, version 1607 impact already existing implementations of App-V in the following ways:
+To learn more about earlier versions of App-V, see [MDOP Information Experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index).
-- The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+The changes in App-V for Windows 10, version 1607 impact existing implementations of App-V in the following ways:
-- The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work.
+* The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+* In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
- >[!NOTE]
- >If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+ >[!NOTE]
+ >If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release.
-For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](appv-migrating-to-appv-from-a-previous-version.md).
+For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](../app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](../app-v/appv-migrating-to-appv-from-a-previous-version.md).
>[!IMPORTANT]
->You can upgrade your existing App-V installation to Windows 10, version 1607 from App-V versions 5.0 SP2 and higher only. If you are using a previous version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade to Windows 10, version 1607.
-
-## Support for System Center
-App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
+>You can only upgrade your existing App-V installation to Windows 10, version 1607 if it's version 5.0 SP2 or higher. If you're using an older version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you can upgrade to Windows 10, version 1607.
-## Related topics
-- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows.md)
+## Support for System Center
-- [Release Notes for App-V for Windows 10, version 1703](appv-release-notes-for-appv-for-windows-1703.md)
+App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) to learn more about how to integrate your App-V environment with Configuration Manager.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
+## Related topics
+
+* [Release Notes for App-V for Windows 10, version 1607](../app-v/appv-release-notes-for-appv-for-windows.md)
+* [Release Notes for App-V for Windows 10, version 1703](../app-v/appv-release-notes-for-appv-for-windows-1703.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 0bd1f363b2..7a031ea941 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedures to add or remove an administrator on the Microsoft
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index 89c7a533fb..19131f8521 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -27,7 +27,7 @@ You can the following procedure to add or upgrade a package to the App-V Managem
2. To specify the package you want to add, click **Add or Upgrade Packages**.
-3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**.
+3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **https://server.1234/file.appv**, and then click **Add**.
**Important**
You must select a package with the **.appv** file name extension.
@@ -42,7 +42,7 @@ You can the following procedure to add or upgrade a package to the App-V Managem
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index f234f60e45..a27ad2dd60 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -129,7 +129,7 @@ Use the following table for information about Windows PowerShell error handling
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index f7ba1d2116..ff218061cc 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -97,7 +97,7 @@ JavaScript must be enabled on the browser that opens the Web Management Console.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for this App-V deployment
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index 25c6cf10a9..f97ca1f36d 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -54,7 +54,7 @@ Use one of the following methods to allow only administrators to enable or disab
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 2c094afa66..4674fddc02 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -1285,4 +1285,4 @@ There are three specific categories of events recorded described below.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index d88487a0f0..ce1b3601b9 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -35,7 +35,7 @@ The dynamic deployment configuration file is applied when a package is added or
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index 206bc30bea..a59c999681 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -34,7 +34,7 @@ Use the following procedure to specify a user-specific configuration file. The f
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index c8521bc7d2..508ae9f351 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -6,49 +6,40 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 06/26/2017
+ms.date: 04/18/2018
---
-
# Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1703
+>Applies to: Windows 10, version 1703
Sequencing multiple apps at the same time requires you to install and start Microsoft Application Virtualization Sequencer (App-V Sequencer), and to install the necessary apps to collect any changes made to the operating system during the installation and building of the App-V package.
In Windows 10, version 1703, running the App-V Sequencer automatically captures and stores your customizations as an App-V project template (.appvt) file. If you want to make changes to this package later, your customizations will be automatically loaded from this template file. This is applicable to all of the sequencing scenarios:
-- Using the New-BatchAppVSequencerPackages cmdlet
-
+- Using the **New-BatchAppVSequencerPackages** cmdlet
- Using the App-V Sequencer interface
-
-- Using the new-AppVSequencerPackage cmdlet
+- Using the **New-AppVSequencerPackage** cmdlet
>[!NOTE]
->If you're trying to update multiple apps at the same time, see the [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md) topic.
+>If you're trying to update multiple apps at the same time, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
+
+### Sequence multiple apps with a PowerShell cmdlet
-### Sequence multiple apps by using a PowerShell cmdlet
Sequencing multiple apps at the same time requires that you create a **ConfigFile** with info related to each round of sequencing. This file is then used by the cmdlet to start the VM at a "clean" checkpoint, to copy the installer from the Host device to the VM, and then to start the App-V Sequencer to monitor your specified app installations.
-**To create your ConfigFile for use by the PowerShell cmdlet**
+#### Create your ConfigFile for use by the PowerShell cmdlet
1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad.
2. Add the following required XML info for each app:
- - **<AppName>.** The name of the app you're adding to the package.
-
- - **<InstallerFolder>.** The file path to the folder with the app installer.
-
- - **<Installer>.** The file name for the app executable. This will typically be an .exe or .msi file.
-
- - **<InstallerOptions>.** The command-line options required for the app installation.
-
- - **<TimeoutInMinutes>.** The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
- - **<Cmdlet>.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-
- - **<Enabled>.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+ - ``````. The name of the app you're adding to the package.
+ - ``````. The file path to the folder with the app installer.
+ - ``````. The file name for the app executable. This will typically be an .exe or .msi file.
+ - ``````. The command-line options required for the app installation.
+ - ``````. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+ - ``````. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+ - ``````. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
**Example:**
@@ -75,40 +66,37 @@ Sequencing multiple apps at the same time requires that you create a **ConfigFil
- ```
+ ```
3. Save your completed file, using the name **ConfigFile**.
+#### Start the App-V Sequencer interface and app installation process
-**To start the App-V Sequencer interface and app installation process**
-- Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
+Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
- ```ps1
- New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
- ```
- Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and _OutputPath_ is the full path to where the sequenced packages should be copied.
+```PowerShell
+New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
+```
+
+Where `````` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and `````` is the full path to where the sequenced packages should be copied.
+
+The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
- The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
-
### Sequence multiple apps by using the App-V Sequencer interface
+
Sequencing multipe apps at the same time requires that you create a **ConfigFIle** to collect all of the info related to each round of sequencing. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
-**To create your ConfigFile for use by the App-V Sequencer interface**
+#### Create your ConfigFile for use by the App-V Sequencer interface
1. Determine the apps that need to be included in your App-V sequencing package, and then open a text editor, such as Notepad.
2. Add the following required XML info for each app:
- - **<AppName>.** The name of the app you're adding to the package.
-
- - **<InstallerFolder>.** The file path to the folder with the app installer.
-
- - **<Installer>.** The file name for the app executable. This will typically be an .exe or .msi file.
-
- - **<TimeoutInMinutes>.** The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
- - **<Cmdlet>.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-
- - **<Enabled>.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+ - ``````. The name of the app you're adding to the package.
+ - ``````. The file path to the folder with the app installer.
+ - ``````. The file name for the app executable. This will typically be an .exe or .msi file.
+ - ``````. The maximum amount of time, in minutes, that the cmdlet should wait for sequencing to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+ - ``````. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based sequencing, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+ - ``````. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
**Example:**
@@ -135,41 +123,36 @@ Sequencing multipe apps at the same time requires that you create a **ConfigFIle
```
+#### How to start the App-V Sequencer interface and app installation process
-**To start the App-V Sequencer interface and app installation process**
-- Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
+Open PowerShell as an admin on the Host computer and run the following commands to start the batch sequencing:
- ```ps1
- New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
- ```
- Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and _OutputPath_ is the full path to where the sequenced packages should be copied.
+```PowerShell
+New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
+```
- The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+Where `````` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch sequencing, and `````` is the full path to where the sequenced packages should be copied.
+
+The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and sequencing of the app begins from the command-line. After completing sequencing and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
### Review the log files
+
There are 3 types of log files that occur when you sequence multiple apps at the same time:
-- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the sequencing activities, such as "Copying installer to VM", "Scheduling sequencing task", and so on for each app. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
-
-- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
-
+- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the sequencing activities for each app, such as "Copying installer to VM," "Scheduling sequencing task," and so on. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
- **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the NewAppVSequencerPackage cmdlet, including the allowed parameters.
### Related topics
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
-
- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
-
- [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
-
- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
+- [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
-- [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
+## Have a suggestion for App-V?
-**Have a suggestion for App-V?**
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 09911137f3..1d96b18fb8 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -6,45 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 06/26/2017
+ms.date: 04/18/2018
---
-
# Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1703
+>Applies to: Windows 10, version 1703
-Updating multiple apps at the same time follows the same process as [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However for updating, you'll pass your previously created app package files to the App-V Sequencer cmdlet for updating.
+Updating multiple apps at the same time follows a similar process to the one used for [automatically sequencing multiple apps at the same time](appv-auto-batch-sequencing.md). However, when updating, you'll also have to pass your previously created app package files to the App-V Sequencer cmdlet.
Starting with Windows 10, version 1703, running the New-BatchAppVSequencerPackages cmdlet or the App-V Sequencer interface captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
>[!NOTE]
->If you're trying to sequence multiple apps at the same time, see the [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md) topic.
+>If you're trying to sequence multiple apps at the same time, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+
+## Update multiple apps with a PowerShell cmdlet
-### Update multiple apps by using a PowerShell cmdlet
Updating multiple apps at the same time requires that you create a **ConfigFile** with info related to each round of updating. This file is then used by the cmdlet to start the VM at a "clean" checkpoint, to copy the installer from the Host device to the VM, and then to start the App-V Sequencer to monitor your specified app installations.
-**To create your ConfigFile for use by the PowerShell cmdlet**
+### Create your ConfigFile for use by the PowerShell cmdlet
1. Determine the apps that need to be included in your app package, and then open a text editor, such as Notepad.
2. Add the following XML info for each app:
- - **<AppName>.** The name of the app you're adding to the package.
-
- - **<InstallerFolder>.** The file path to the folder with the app installer.
-
- - **<Installer>.** The file name for the app executable. This will typically be an .exe or .msi file.
-
- - **<InstallerOptions>.** The command-line options required for the app installation.
-
- - **<Package>.** The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
-
- - **<TimeoutInMinutes>.** The maximum amount of time, in minutes, that the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
- - **<Cmdlet>.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-
- - **<Enabled>.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+ - ``````. The name of the app you're adding to the package.
+ - ``````. The file path to the folder with the app installer.
+ - ``````. The file name for the app executable. This will typically be an .exe or .msi file.
+ - ``````. The command-line options required for the app installation.
+ - ``````. The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
+ - ``````. The maximum amount of time, in minutes, that the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+ - ``````. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+ - ``````. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
**Example:**
```XML
@@ -74,41 +66,36 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
```
-3. Save your completed file, using the name **ConfigFile**.
+3. Save your completed file under the name **ConfigFile**.
+### Start the App-V Sequencer interface and app installation process
-**To start the App-V Sequencer interface and app installation process**
- Open PowerShell as an admin on the Host computer and run the following commands to start the batch updating:
- ```ps1
- New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
+ ```PowerShell
+ New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
```
- Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and _OutputPath_ is the full path to where the updated packages should be copied.
+ Where `````` is the name of the virtual machine (VM) with the App-V Sequencer installed that you'll run the batch updating on, and `````` is the full path to where the updated packages should be copied.
+
+ The cmdlet creates a "clean" checkpoint on the VM. After making the checkpoint, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM. This opens a new session of the VM (through VMConnect), allowing app updates to begin from the command-line. After completing the update and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+
+## Update multiple apps with the App-V Sequencer interface
- The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and updating of the app begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
-
-### Update multiple apps by using the App-V Sequencer interface
Updating multipe apps at the same time requires that you create a **ConfigFile** to collect all of the info related to each round of updating. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
-**To create your ConfigFile for use by the App-V Sequencer interface**
+### Create your ConfigFile for use by the App-V Sequencer interface
1. Determine the apps that need to be updated and then open a text editor, such as Notepad.
2. Add the following XML info for each app:
- - **<AppName>.** The name of the app you're adding to the package.
-
- - **<InstallerFolder>.** The file path to the folder with the app installer.
-
- - **<Installer>.** The file name for the app executable. This will typically be an .exe or .msi file.
-
- - **<Package>.** The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
-
- - **<TimeoutInMinutes>.** The maximum amount of time, in minutes, the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
-
- - **<Cmdlet>.** Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
-
- - **<Enabled>.** Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
+ - ``````. The name of the app you're adding to the package.
+ - ``````. The file path to the folder with the app installer.
+ - ``````. The file name for the app executable. This will typically be an .exe or .msi file.
+ - ``````. The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
+ - ``````. The maximum amount of time, in minutes, the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
+ - ``````. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
+ - ``````. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
**Example:**
@@ -139,41 +126,35 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
```
-**To start the App-V Sequencer interface and app installation process**
+### Start the App-V Sequencer interface and app installation process
+
- Open PowerShell as an admin on the Host computer and run the following commands to start the batch updating:
- ```ps1
- New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
+ ```PowerShell
+ New-BatchAppVSequencerPackages –ConfigFile –VMName -OutputPath
```
- Where _VMName_ is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and _OutputPath_ is the full path to where the updated packages should be copied.
+ Where `````` is the name of the virtual machine (VM) with the App-V Sequencer installed, where you'll run the batch updating, and `````` is the full path to where the updated packages should be copied.
- The cmdlet creates a "clean" checkpoint on the VM. Next, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM, and finally a new session of the VM opens (through VMConnect) and updating of the app begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer, specified in the OutputPath parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted back to a "clean" checkpoint and turned off.
+ This cmdlet creates a "clean" checkpoint on the VM. After making the checkpoint, the cmdlet copies the first app installer listed in the ConfigFile from the Host computer to the VM. This opens a new session of the VM (through VMConnect) and app updating begins from the command-line. After completing updating and package creation for the first app on the VM, the package is copied from the VM to the Host computer specified in the *OutputPath* parameter. The cmdlet then goes to the second app on your list, reverting the VM back to a "clean" checkpoint and running through all of the steps again, until the second app package is copied to your output folder. This process continues until all apps included in your list are done. After the last app, the VM is reverted to a "clean" checkpoint and turned off.
### Review the log files
-There are 3 types of log files that occur when you sequence multiple apps at the same time:
-- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about the updating activities, such as "Copying installer to VM", "Scheduling updating task", and so on for each app. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+There are three types of log files that occur when you sequence multiple apps at the same time:
-- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
-
-- **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the NewAppVSequencerPackage cmdlet, including the allowed parameters.
+- **New-BatchAppVSequencerPackages-<*time_stamp*>.txt**. Located in the %temp%\AutoSequencer\Logs directory. This log contains info about updating activities for each app, such as "Copying installer to VM," "Scheduling updating task," and so on. Additionally, if an app times out, this log contains the failure along with the checkpoint for troubleshooting the problem.
+- **New-BatchAppVSequencerPackages-report-<*time_stamp*>.txt**. Located in the **OutputPath** folder you specified earlier. This log contains info about the connections made to the VM, showing if there were any failures. Additionally, it briefly includes success or failure info for all of the apps.
+- **Log.txt file**. Located in the **Output Package** folder. This file contains all code included in the **NewAppVSequencerPackage** cmdlet, including the allowed parameters.
### Related topics
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
-
- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
-
- [Manually sequence a single app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
-
- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
-
- [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
+## Have a suggestion for App-V?
-**Have a suggestion for App-V?**
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 9632883b04..23a9fe37c6 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -74,4 +74,4 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused app
**Have a suggestion for App-V?**
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 29943d7b0b..73c3fb6cdf 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -6,88 +6,89 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1703
+>Applies to: Windows 10, version 1703
Previous versions of the App-V Sequencer have required you to manually create your sequencing environment. Windows 10, version 1703 introduces two new PowerShell cmdlets, New-AppVSequencerVM and Connect-AppvSequencerVM, which automatically create your sequencing environment for you, including provisioning your virtual machine.
## Automatic VM provisioning of the sequencing environment
-You have 2 options for provisioning an VM for auto-sequencing:
-- Using a Virtual Hard Disk (VHD)
- -OR-
+You have two options for provisioning an VM for auto-sequencing:
-- Updating an existing VM
+1. Using a Virtual Hard Disk (VHD)
+2. Updating an existing VM
- >[!NOTE]
- >We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+You can only choose one option.
+
+>[!NOTE]
+>We have reduced the number of environmental checks performed by the App-V Sequencer, narrowing down the list of apps that need to be disabled or turned off for a clean sequencing experience. We've also suppressed antivirus and other similar app warnings.
+
+### Provision a new VM with a VHD file
-### Provision a new VM by using a VHD file
Provisioning your new VM includes creating a VHD file, setting up a user account, turning on remote PowerShell scripting, and installing the App-V Sequencer.
#### Create a VHD file
+
For this process to work, you must have a base operating system available as a VHD image file, we recommend using the [Convert-WindowsImage.ps1](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f) command-line tool.
-**To create a VHD file by using the Convert-WindowsImage command-line tool**
-1. Open PowerShell as an admin and run the Convert-WindowsImage tool, using the following commands:
+#### Create a VHD file with the Convert-WindowsImage command-line tool
+
+1. Open PowerShell as an admin and run the **Convert-WindowsImage** tool, using the following commands:
```ps1
Convert-WindowsImage -SourcePath "" -VHDFormat "VHD" -VHDPartitionStyle "MBR"
```
- Where *<path_to_iso_image>* is the full path to your ISO image.
-
- >[!IMPORTANT]
- >You must specify the _VHDPartitionStyle_ as **MBR**. Using the default value, **GPT**, will cause a boot failure in your VHD image.
+ Where `````` is the full path to your ISO image.
+
+>[!IMPORTANT]
+>You must specify the *VHDPartitionStyle* as **MBR**. If you use the default value, **GPT**, will cause a boot failure in your VHD image.
+
+#### Provision your VM with your VHD file
-#### Provision your VM using your VHD file
After you have a VHD file, you must provision your VM for auto-sequencing.
-**To provision your VM using your VHD file**
1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
-
2. Make sure that Hyper-V is turned on. For more info about turning on and using Hyper-V, see [Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server).
-
3. Open PowerShell as an admin and run the **New-AppVSequencerVM** cmdlet, using the following parameters:
- ```ps1
- New-AppVSequencerVM -VMName "" -ADKPath "" -VHDPath "" -VMMemory -VMSwitch ""
+ ```PowerShell
+ New-AppVSequencerVM -VMName "" -ADKPath "" -VHDPath "" -VMMemory "" -VMSwitch ""
```
-
-This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
+ This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
### Provision an existing VM for auto-sequencing
+
If your apps require custom prerequisites, such as Microsoft SQL Server, we recommend that you preinstall the prerequisites on your VM and then use that VM for auto-sequencing. Using these steps will establish a connection to your existing VM.
-**To connect to your existing VM**
+#### Connect to your existing VM
+
- Open PowerShell as an admin and run the following commands on your existing VM:
- **Set the network category of your connection profile on the VM to _Private_:**
- ```ps1
+ ```PowerShell
Get-netconnectionprofile | set-netconnectionprofile -NetworkCategory Private
```
- - **Enable firewall rules for _Remote Desktop_ and _Windows Remote Management_:**
+ - **Enable firewall rules for _Remote Desktop_ and _Windows Remote Management_:**
- ```ps1
- Enable-NetFirewallRule -DisplayGroup “Remote Desktop”
+ ```PowerShell
+ Enable-NetFirewallRule -DisplayGroup “Remote Desktop”
Enable-NetFirewallRule -DisplayGroup “Windows Remote Management”
```
- **Set the VM to receive remote commands without a confirmation prompt:**
- ```ps1
+ ```PowerShell
Enable-PSRemoting –Force
```
-**To provision an existing VM**
+#### Provision an existing VM
+
1. On the Host device, install Windows 10, version 1703 and the **Microsoft Application Virtualization (App-V) Auto Sequencer** component from the matching version of the Windows Assessment and Deployment Kit (ADK). For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
2. Open PowerShell as an admin and run the **Connect-AppvSequencerVM** cmdlet, using the following parameters:
@@ -96,33 +97,34 @@ If your apps require custom prerequisites, such as Microsoft SQL Server, we reco
Connect-AppvSequencerVM -VMName "" -ADKPath ""
```
- Where *<name_of_vm>* is the name of the VM granted during its creation and shown in the Hyper-V Manager tool.
+ Where `````` is the name of the VM as shown in the Hyper-V Manager tool.
This command creates a new Hyper-V VM file using the provided VHD file and also creates a "clean" checkpoint, from where all sequencing and updating will start.
-
### Review the provisioning log files
-The 2 types of provisioning log files, located at %temp%\AutoSequencer\Logs, are:
-- **New-AppVSequencerVM-<*time_stamp*>.txt**. Includes info about the provisioning activities, such as "Waiting for VM session", "Copying installer for Sequencer", and so on.
-
-- **Connect-AppvSequencerVM-report-<*time_stamp*>.txt**. Includes info about the connections made to the VM, showing whether there were any failures.
+The two types of provisioning log files, located at %temp%\AutoSequencer\Logs, are:
+- **New-AppVSequencerVM-.txt**. Includes info about the provisioning activities, such as "Waiting for VM session", "Copying installer for Sequencer", and so on.
+- **Connect-AppvSequencerVM-report-.txt**. Includes info about the connections made to the VM, showing whether there were any failures.
### Next steps
-After provisioning your sequencing environment, you must sequence your apps, either as a group or individually. For more info about sequencing your apps, see [Manually sequence a single new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md), [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md), and [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
-After you sequence your packages, you can automatically cleanup any unpublished packages on the App-V client. For more info, see [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md).
+After provisioning your sequencing environment, you must sequence your apps, either as a group or individually. For more info about sequencing your apps, see the following articles
+
+- [Manually sequence a single new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
+- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
+- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
+
+After you sequence your packages, you can automatically clean up any unpublished packages on the App-V client. To learn more, see [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md).
### Related topics
-- [Download the Convert-WindowsImage tool](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f)
+- [Download the **Convert-WindowsImage** tool](https://www.powershellgallery.com/packages/Convert-WindowsImage/10.0)
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
-
- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
+## Have a suggestion for App-V?
-**Have a suggestion for App-V?**
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index f37904bd63..4eb8944558 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -6,948 +6,190 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Capacity Planning
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
->**Important**
-Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
+>[!IMPORTANT]
+>Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
-
+## Determine the project scope
-## Determine the Project Scope
+Before you design the App-V infrastructure, determining which applications will be available virtually, and also identify the target users and their locations. This information will determine what type of App-V infrastructure your project should implement. Your should base your decisions about your project's scope on your organization's specific needs.
+|Task|More information|
+|----|----------------|
+|Determine application scope|The App-V infrastructure can be set up in different ways depending on which applications you want to virtualize. This means your first task is to define which applications you want to virtualize.|
+|Determine location scope|"Location scope" refers to the physical locations where you plan to run the virtualized applications (for example, enterprise-wide or a specific geographic location). It can also refer to the user population that will run the virtual applications (for example, a single department). You should obtain a network map that includes the connection paths, the available bandwidth for each location, the number of users using virtualized applications, and the WAN link speed.|
-Before you design the App-V infrastructure, determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
+## Determine which App-V infrastructure is required
-
-
-
-
-
-
-
-
Task
-
More Information
-
-
-
-
-
Determine Application Scope
-
Depending on the applications to be virtualized, the App-V infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.
-
-
-
Determine Location Scope
-
Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.
-
-
-
+You can also manage your App-V environment using an electronic software distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V packages using electronic software distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
-## Determine Which App-V Infrastructure is Required
+* **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
-You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+ * When there are disconnected remote users who can't connect to the App-V infrastructure.
+ * When you're running a software management system, such as System Center 2012 Configuration Manager.
+ * When network bandwidth limitations inhibit electronic software distribution.
+* **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
-- **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
+ * When you want to use the Management Server to publish the application to target computers.
+ * For rapid provisioning of applications to target computers.
+ * When you want to use App-V reporting.
- - With disconnected remote users who cannot connect to the App-V infrastructure.
+>[!IMPORTANT]
+>The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information, see [App-V supported configurations](appv-supported-configurations.md).
- - When you are running a software management system, such as System Center 2012 Configuration Manager.
+## End-to-end server sizing guidance
- - When network bandwidth limitations inhibit electronic software distribution.
+The following section describes end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
-- **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
+>[!NOTE]
+>Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
- >**Important**
- The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md).
+* 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time (<3 seconds).
+* A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time (<5 seconds).
-
+## App-V Management Server capacity planning recommendations
- - When you want to use the Management Server to publish the application to target computers.
+The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
- - For rapid provisioning of applications to target computers.
+>[!NOTE]
+>The default refresh time on the App-V publishing server is ten minutes.
- - When you want to use App-V reporting.
+When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors will influence the publishing server's round-trip response time:
-## End-to-end Server Sizing Guidance
+1. The number of publishing servers making simultaneous requests.
+2. The number of connection groups configured on the management server.
+3. The number of access groups configured on the management server.
+The following table describes each factor that impacts round-trip time in more detail.
-The following section provides information about end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
+>[!NOTE]
+>Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
-**Note**
-Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
+|Factors impacting round-trip response time|Description|
+|------------------------------------------|-----------|
+|The number of publishing servers simultaneously requesting package metadata refreshes.|A single management server can respond to up to 320 publishing servers simultaneously requesting publishing metadata. For example, in a case with 30 publishing servers simultaneously requesting publishing metadata, the round-trip response time is about 40 seconds, while for less than 50 servers it's less than 5 seconds. From 50 to 320 publishing servers, response team increases linearly (approximately 2×).|
+|The number of connection groups configured on the management server.|For up to 100 connection groups, there is no significant change in the round-trip response time on the publishing server. For 100–400 connection groups, there is a minor linear increase in the round-trip response time.|
+|The number of access groups configured on the management server.|For up to 40 access groups, there is a linear (approximately 3×) increase in the round-trip response time on the publishing server.|
-
+The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V management server.
-- 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds)
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization|
+|---|---|---|---|---|---|---|---|
+|Publishing servers contact management server for publishing metadata at same time|Number of publishing servers.|0 0 0 0 0 0|1 1 1 1 1 1|50 100 200 300 315 320|LAN|5 10 19 32 30 37|17 17 17 15 17 15|
+|Publishing metadata contains connection groups|Number of connection groups|10 20 100 150 300 400|1 1 1 1 1 1|100 100 100 100 100 100|LAN|10 11 11 16 22 25|17 19 22 19 20 20|
+|Publishing metadata contains access groups|Number of access groups|0 0 0 0|1 10 20 40|100 100 100 100|LAN|10 43 153 535|17 26 24 24|
-- A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (<5 seconds)
+The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example, transactions/sec is approximately 30, batch requests approximately 200, and user connects approximately six.
-## App-V Management Server Capacity Planning Recommendations
+Using a geographically distributed deployment, where the management server and publishing servers utilize a slow link network between them, the round-trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server.
-
-The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
-
-**Note**
-The default refresh time on the App-V publishing server is ten minutes.
-
-
-
-When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
-
-1. Number of publishing servers making simultaneous requests.
-
-2. Number of connection groups configured on the management server.
-
-3. Number of access groups configured on the management server.
-
-The following table displays more information about each factor that impacts round trip time.
-
-**Note**
-Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
-
-
-
-
-
-
-
-
-
-
-
Factors impacting round trip response time
-
More Information
-
-
-
-
-
The number of publishing servers simultaneously requesting package metadata refreshes.
-
-
-
A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.
-
Round trip response time for 320 pub servers is ~40 seconds.
-
For <50 publishing servers requesting metadata simultaneously, the round trip response time is <5 seconds.
-
From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).
-
-
-
-
The number of connection groups configured on the management server.
-
-
-
-
For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.
-
For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.
-
-
-
-
The number of access groups configured on the management server.
-
-
-
-
For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.
-
-
-
-
-
-
-
-The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-Vmanagement server.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Variation
-
Number of connection groups
-
Number of access groups
-
Number of publishing servers
-
Network connection type publishing server / management server
-
Round trip response time on the publishing server (in seconds)
-
CPU utilization on management server
-
-
-
-
-
Publishing servers simultaneously contacting management server for publishing metadata.
-
Number of publishing servers
-
-
-
0
-
0
-
0
-
0
-
0
-
0
-
-
-
-
1
-
1
-
1
-
1
-
1
-
1
-
-
-
-
50
-
100
-
200
-
300
-
315
-
320
-
-
-
-
LAN
-
LAN
-
LAN
-
LAN
-
LAN
-
LAN
-
-
-
-
5
-
10
-
19
-
32
-
30
-
37
-
-
-
-
17
-
17
-
17
-
15
-
17
-
15
-
-
-
-
Publishing metadata contains connection groups
-
Number of connection groups
-
-
-
10
-
50
-
100
-
150
-
300
-
400
-
-
-
-
1
-
1
-
1
-
1
-
1
-
1
-
-
-
-
100
-
100
-
100
-
100
-
100
-
100
-
-
-
-
LAN
-
LAN
-
LAN
-
LAN
-
LAN
-
LAN
-
-
-
-
10
-
11
-
11
-
16
-
22
-
25
-
-
-
-
17
-
19
-
22
-
19
-
20
-
20
-
-
-
-
Publishing metadata contains access groups
-
Number of access groups
-
-
-
0
-
0
-
0
-
0
-
-
-
-
1
-
10
-
20
-
40
-
-
-
-
100
-
100
-
100
-
100
-
-
-
-
LAN
-
LAN
-
LAN
-
LAN
-
-
-
-
10
-
43
-
153
-
535
-
-
-
-
17
-
26
-
24
-
24
-
-
-
-
-
-
-
-The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
-
-Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Variation
-
Number of connection groups
-
Number of access groups
-
Number of publishing servers
-
Network connection type publishing server / management server
-
Round trip response time on the publishing server (in seconds)
-
CPU utilization on management server
-
-
-
-
-
Network connection between the publishing server and management server
-
1.5 Mbps Slow link Network
-
-
-
0
-
0
-
-
-
-
1
-
1
-
-
-
-
50
-
100
-
-
-
-
1.5Mbps Cable DSL
-
1.5Mbps Cable DSL
-
-
-
-
4
-
5
-
-
-
-
1
-
2
-
-
-
-
Network connection between the publishing server and management server
-
LAN / WIFI Network
-
-
-
0
-
0
-
-
-
-
1
-
1
-
-
-
-
100
-
200
-
-
-
-
Wifi
-
Wifi
-
-
-
-
11
-
20
-
-
-
-
15
-
17
-
-
-
-
-
-
+|Scenario|Variation|Number of connection groups|Number of access groups|Number of publishing servers|Network connection type|Round-trip response time (seconds)|Management server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|Network connection between the publishing server and management server|1.5 Mbps Slow link Network|0 0|1 1|50 100|1.5 Mbps Cable DSL|4 5|1 2|
+|Network connection between the publishing server and management server|LAN/WiFi Network|0 0|1 1|100 200|WiFi|11 20|15 17|
Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
-## App-V Reporting Server Capacity Planning Recommendations
+## App-V Reporting Server capacity planning recommendations
+App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about the App-V Reporting Server's supported configurations see [App-V supported configurations](appv-supported-configurations.md).
-App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about App-V Reporting Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!NOTE]
+>Round-trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
-**Note**
-Round trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients send reporting information to the reporting server simultaneously.|Round-trip response time from the reporting server is 2.6 seconds for 500 clients. Round-trip response time from the reporting server is 5.65 seconds for 1000 clients. Round-trip response time increases linearly depending on number of clients.|
+|Requests per second processed by the reporting server.|A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second. Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second, like a single reporting server, is about 127, with a max of 278 requests/second. A single reporting server can process 500 concurrent/active connections. A single reporting server can process a maximum 1,500 concurrent connections.|
+|Reporting database.|Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second. Throughput and response time are independent of database size.|
-
-
-
-
-
-
-
-
-
-
Scenario
-
Summary
-
-
-
-
-
Multiple App-V clients send reporting information to the reporting server simultaneously.
-
-
-
Round trip response time from the reporting server is 2.6 seconds for 500 clients.
-
Round trip response time from the reporting server is 5.65 seconds for 1000 clients.
-
Round trip response time increases linearly depending on number of clients.
-
-
-
-
Requests per second processed by the reporting server.
-
-
-
-
A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.
-
Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.
-
A single reporting server can process 500 concurrent/active connections.
-
A single reporting server can process a maximum 1500 concurrent connections.
-
-
-
-
Reporting Database.
-
-
-
-
Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.
-
Throughput and response time are independent of database size.
-
-
-
-
-
-
-
-**Calculating random delay**:
+### Calculating random delay
The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data.
-Random delay = 4 \* number of clients / average requests per second.
+*Random delay = 4 × number of clients/average requests per second*.
-Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes.
+Example: Random delay for 500 clients with 120 requests per second is *4 × 500/120 = about 17 minutes*.
-## App-V Publishing Server Capacity Planning Recommendations
+## App-V publishing server capacity planning recommendations
+Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and receive a response. Round trip response time is measured on the computer running the App-V client, while processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations, see [App-V supported configurations](appv-supported-configurations.md).
-Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V client. Processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+>[!IMPORTANT]
+>The following list displays the main factors to consider when setting up the App-V publishing server:
+ * The number of clients connecting simultaneously to a single publishing server.
+ * The number of packages in each refresh.
+ * The available network bandwidth in your environment between the client and the App-V publishing server.
-**Important**
-The following list displays the main factors to consider when setting up the App-V publishing server:
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients connect to a single publishing server simultaneously.|A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously. For 5,000–10,000 clients, the publishing server requires a minimum quad core. For 10,000–20,000 clients, the publishing server should have dual quad cores for more efficient response times. A publishing server with a quad core can refresh up to 10,000 packages within three seconds. (Supports 10,000 simultaneous clients.)|
+|Number of packages in each refresh.|Increasing number of packages will increase response time by about 40% (up to 1,000 packages).|
+|Network between the App-V client and the publishing server.|Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1,000 users).|
-- The number of clients connecting simultaneously to a single publishing server.
+>[!NOTE]
+>The publishing server CPU usage is always high during the time interval when it must process simultaneous requests (>90% in most cases). The publishing server can handle about 1,500 client requests in one second.
-- The number of packages in each refresh.
-
-- The available network bandwidth in your environment between the client and the App-V publishing server.
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Summary
-
-
-
-
-
Multiple App-V clients connect to a single publishing server simultaneously.
-
-
-
A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.
-
For 5000-10000 clients, the publishing server requires a minimum quad core.
-
For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.
-
A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)
-
-
-
-
Number of packages in each refresh.
-
-
-
-
Increasing number of packages will increase response time by ~40% (up to 1000 packages).
-
-
-
-
Network between the App-V client and the publishing server.
-
-
-
-
Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).
-
-
-
-
-
-
-
-**Note**
-The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Variation
-
Number of App-V clients
-
Number of packages
-
Processor configuration on the publishing server
-
Network connection type publishing server / App-V client
-
-
-
-## App-V Streaming Capacity Planning Recommendations
+|Scenario|Variation|Number of App-V clients|Number of packages|Processor configuration on publishing server|Network connection type|App-V client round-trip time (in seconds)|Publishing server CPU utilization (in %)|
+|---|---|---|---|---|---|---|---|
+|App-V client sends publishing refresh request and receives response, each request containing 120 packages|Number of clients|100 1,000 5,000 10,000|120 120 120 120|Dual Core Dual Core Quad Core Quad Core|LAN|1 2 2 3|100 99 89 77|
+|Multiple packages in each refresh.|Number of packages|1,000 1,000|500 1,000|Quad Core|LAN|2 3|92 91|
+|Network between client and publishing server.|1.5 Mbps Slow link network|100 500 1,000|120 120 120|Quad Core|1.5 Mbps intra-continental network|3 10 (0.2% failure rate) 7 (1% failure rate)||
+## App-V streaming capacity planning recommendations
Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package.
-**Important**
-The following list identifies the main factors to consider when setting up the App-V streaming server:
+>[!IMPORTANT]
+>The following list identifies the main factors to consider when setting up the App-V streaming server:
+ * The number of clients streaming application packages simultaneously from a single streaming server.
+ * The size of the package being streamed.
+ * The available network bandwidth in your environment between the client and the streaming server.
-- The number of clients streaming application packages simultaneously from a single streaming server.
-
-- The size of the package being streamed.
-
-- The available network bandwidth in your environment between the client and the streaming server.
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Summary
-
-
-
-
-
Multiple App-V clients stream applications from a single streaming server simultaneously.
-
-
-
If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.
-
-
-
-
Size of the package being streamed.
-
-
-
-
The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.
-
-
-
-
Network between the App-V client and the streaming server.
-
-
-
-
Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).
-
-
-
-
-
-
+|Scenario|Summary|
+|---|---|
+|Multiple App-V clients stream applications from a single streaming server simultaneously.|If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.|
+|Size of the package being streamed.|The package size has a significant impact on the streaming/download time only for larger packages with a size of about 1 GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.|
+|Network between the App-V client and the streaming server.|Across a slow network (1.5 Mbps bandwidth), there is a 70–80% increase in response time compared to LAN (up to 100 users).|
The following table displays sample values for each of the factors in the previous list:
-
-
-
-
-
-
-
-
-
-
-
-
Scenario
-
Variation
-
Number of App-V clients
-
Size of each package
-
Network connection type streaming server / App-V client
-
Round trip time on the App-V client (in seconds)
-
-
-
-
-
Multiple App-V clients streaming virtual application packages from a streaming server.
-
Number of clients.
-
-
-
100
-
200
-
1000
-
-
100
-
200
-
1000
-
-
-
-
3.5 MB
-
3.5 MB
-
3.5 MB
-
-
5 MB
-
5 MB
-
5 MB
-
-
-
-
LAN
-
LAN
-
LAN
-
-
LAN
-
LAN
-
LAN
-
-
-
-
29
-
39
-
391
-
-
35
-
68
-
461
-
-
-
-
Size of each package being streamed.
-
Size of each package.
-
-
-
100
-
200
-
-
100
-
200
-
-
-
-
21 MB
-
21 MB
-
-
109
-
109
-
-
-
-
LAN
-
LAN
-
-
LAN
-
LAN
-
-
-
33
-
83
-
-
100
-
160
-
-
-
Network connection between client and App-V streaming server.
-
1.5 Mbps Slow link network.
-
-
-
100
-
-
100
-
-
-
-
3.5 MB
-
-
5 MB
-
-
-
-
1.5 Mbps Intra-Continental Network
-
-
-
102
-
-
121
-
-
-
-
-
+|Scenario|Variation|Number of App-V clients|Size of each package|Network connection type|Round-trip time on the App-V client (in seconds)|
+|---|---|---|---|---|---|
+|Multiple App-V clients streaming virtual application packages from a streaming server.|Number of clients.|100 200 1,000 100 200 1,000|3.5 MB 3.5 MB 3.5 MB 5 MB 5 MB 5 MB|LAN|29 39 391 35 68 461|
+|Size of each package being streamed.|Size of each package.|100 200 100 200|21 MB 21 MB 109 MB 109 MB|LAN|33 83 100 160|
+|Network connection between client and App-V streaming server.|1.5 Mbps Slow link network.|100 100|3.5 MB 5 MB|1.5 Mbps intra-continental network|102 121|
Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
-**Note**
-The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
+>[!NOTE]
+>The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
-
-
-For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
+For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real-world environments, streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment to properly size the number of required streaming servers.
The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
-## Combining App-V Server Roles
+## Combining App-V server roles
+Discounting scaling and fault-tolerance requirements, the minimum number of servers that a location with Active Directory connectivity needs to function is one. This server will host the management server, management server service, and Microsoft SQL Server roles. This means that you can arrange server roles in any combination you like, as they don't conflict with one another.
-Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another.
+Ignoring scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
-Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
-
-Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities.
+Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatabilities could cause certain fault-tolerance options to stop working.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[App-V Supported Configurations](appv-supported-configurations.md)
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
-
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
-
-
-
-
-
-
-
-
+* [App-V supported configurations](appv-supported-configurations.md)
+* [Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 5608dafd61..8ecf438180 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -6,99 +6,97 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# About Client Configuration Settings
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
-You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+You can use Group Policy to configure App-V client settings by navigating to the **Group Policy managment console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
## App-V Client Configuration Settings: Windows PowerShell
The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
-| Windows PowerShell cmdlet or cmdlets, **Option** Type | Description | Disabled Policy State Keys and Values |
+| Windows PowerShell cmdlet or cmdlets, **Option** Type | Description | Disabled policy state keys and values |
|------------|------------|------------|------------|
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-PackageInstallationRoot** String | Specifies directory where all new applications and updates will be installed. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-PackageSourceRoot** String | Overrides source location for downloading package content. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-AllowHighCostLaunch** True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | 0 |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReestablishmentRetries** Integer (0-99) | Specifies the number of times to retry a dropped session. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReestablishmentInterval** Integer (0-3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-AllowHighCostLaunch** True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected by a metered network connection (for example, 4G). | 0 |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReestablishmentRetries** Integer (0–99) | Specifies the number of times to retry a dropped session. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReestablishmentInterval** Integer (0–3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-LocationProvider** String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-CertFilterForClientSsl** String | Specifies the path to a valid certificate in the certificate store. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-VerifyCertificateRevocationList** True(enabled); False(Disabled state) | Verifies Server certificate revocation status before steaming using HTTPS. | 0 |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-SharedContentStoreMode** True(enabled); False(Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-VerifyCertificateRevocationList** True (enabled); False (Disabled state) | Verifies Server certificate revocation status before streaming with HTTPS. | 0 |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-SharedContentStoreMode** True (enabled); False (Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 |
| Set-AppvPublishingServer
**-Name** String | Displays the name of publishing server. | Policy value not written (same as Not Configured) |
| Set-AppvPublishingServer
**-URL** String | Displays the URL of publishing server. | Policy value not written (same as Not Configured) |
-| Set-AppvPublishingServer
**-UserRefreshInterval** Word count (with spaces): 85Integer (0-744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
-| Set-AppvPublishingServer
**-UserRefreshIntervalUnit** 0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | 1 |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-MigrationMode** True(enabled state); False (disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-EnablePackageScripts** True(enabled); False(Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | |
-| Set-AppvClientConfiguration
**-RoamingFileExclusions** String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-RoamingRegistryExclusions** String | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-IntegrationRootUser** String | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-IntegrationRootGlobal** String | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-VirtualizableExtensions** String | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingEnabled** True (enabled); False (Disabled state) | Enables the client to return information to a reporting server. | False |
+| Set-AppvPublishingServer
**-UserRefreshOnLogon** True (enabled); False (Disabled state) | Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60 | False |
+| Set-AppvPublishingServer
**-UserRefreshInterval** Word count (with spaces): 85 Integer (0–744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
+| Set-AppvPublishingServer
**-UserRefreshIntervalUnit** 0 for hour, 1 for day | Specifies the interval unit (Hour 0–23, Day 0–31). | 1 |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-MigrationMode** True (enabled state); False (Disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V. | |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-EnablePackageScripts** True (enabled); False (Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | |
+| Set-AppvClientConfiguration
**-RoamingFileExclusions** String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'``` | |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-RoamingRegistryExclusions** String | Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients``` | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-IntegrationRootUser** String | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-IntegrationRootGlobal** String | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-VirtualizableExtensions** String | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingEnabled** True (enabled); False (Disabled state) | Returns information to a reporting server. | False |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingServerURL** String | Specifies the location on the reporting server where client information is saved. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingDataCacheLimit** Integer \[0-1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingDataCacheLimit** Integer \[0–1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingDataBlockSize** Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingStartTime** Integer (0 – 23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22. **Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingStartTime** Integer (0–23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22. **Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingInterval** Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ReportingRandomDelay** Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-EnableDynamicVirtualization **1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | |
| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-EnablePublishingRefreshUI** 1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | |
| Sync-AppvPublishingServer
**-HidePublishingRefreshUI** 1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | |
-| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ProcessesUsingVirtualComponents** String | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Empty string. |
+| Set-AppvClientConfiguration, Set-AppvPublishingServer
**-ProcessesUsingVirtualComponents** String | Specifies a list of process paths (that may contain wildcards) that are candidates for using dynamic virtualization (such as supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Empty string. |
-## App-V Client Configuration Settings: Registry Keys
+## App-V client configuration settings: registry keys
The following table provides information about App-V client configuration settings that can be configured through the registry:
-| **Setting name** Type | Registry Key Value | Disabled Policy State Keys and Values |
+| **Setting name** Type | Registry key value | Disabled policy state keys and values |
|---------------------------|---------------------|---------------------------------------|
| **PackageInstallationRoot** String | Streaming\\PackageInstallationRoot | Policy value not written (same as Not Configured) |
| **PackageSourceRoot** String | Streaming\\PackageSourceRoot | Policy value not written (same as Not Configured) |
-| **AllowHighCostLaunch** True (enabled); False (Disabled state) | Streaming\\AllowHighCostLaunch | 0 |
-| **ReestablishmentRetries** Integer (0-99) | Streaming\\ReestablishmentRetries | Policy value not written (same as Not Configured) |
-| **ReestablishmentInterval** Integer (0-3600) | Streaming\\ReestablishmentInterval | Policy value not written (same as Not Configured) |
+| **AllowHighCostLaunch** True (Enabled); False (Disabled state) | Streaming\\AllowHighCostLaunch | 0 |
+| **ReestablishmentRetries** Integer (0–99) | Streaming\\ReestablishmentRetries | Policy value not written (same as Not Configured) |
+| **ReestablishmentInterval** Integer (0–3600) | Streaming\\ReestablishmentInterval | Policy value not written (same as Not Configured) |
| **LocationProvider** String | Streaming\\LocationProvider | Policy value not written (same as Not Configured) |
| **CertFilterForClientSsl** String | Streaming\\CertFilterForClientSsl | Policy value not written (same as Not Configured) |
-| **VerifyCertificateRevocationList** True(enabled); False(Disabled state) | Streaming\\VerifyCertificateRevocationList | 0 |
-| **SharedContentStoreMode** True(enabled); False(Disabled state) | Streaming\\SharedContentStoreMode | 0 |
+| **VerifyCertificateRevocationList** True (Enabled); False (Disabled state) | Streaming\\VerifyCertificateRevocationList | 0 |
+| **SharedContentStoreMode** True (Enabled); False (Disabled state) | Streaming\\SharedContentStoreMode | 0 |
| **Name** String | Publishing\\Servers{serverId}\\FriendlyName | Policy value not written (same as Not Configured) |
| **URL** String | Publishing\\Servers{serverId}\\URL | Policy value not written (same as Not Configured) |
-| **GlobalRefreshEnabled** True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\GlobalEnabled | False |
-| **GlobalRefreshOnLogon** True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\GlobalLogonRefresh | False |
-| **GlobalRefreshInterval** Integer (0-744) | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval | 0 |
+| **GlobalRefreshEnabled** True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\GlobalEnabled | False |
+| **GlobalRefreshOnLogon** True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\GlobalLogonRefresh | False |
+| **GlobalRefreshInterval** Integer (0–744) | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval | 0 |
| **GlobalRefreshIntervalUnit** 0 for hour, 1 for day | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit | 1 |
-| **UserRefreshEnabled** True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\UserEnabled | False |
-| **UserRefreshOnLogon** True(enabled); False(Disabled state) | Publishing\\Servers{serverId}\\UserLogonRefresh | False |
-| **UserRefreshInterval** Word count (with spaces): 85Integer (0-744 Hours) | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval | 0 |
+| **UserRefreshEnabled** True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\UserEnabled | False |
+| **UserRefreshOnLogon** True (Enabled); False (Disabled state) | Publishing\\Servers{serverId}\\UserLogonRefresh | False |
+| **UserRefreshInterval** Word count (with spaces): 85; Integer (0–744 Hours) | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval | 0 |
| **UserRefreshIntervalUnit** 0 for hour, 1 for day | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit | 1 |
-| **MigrationMode** True(enabled state); False (disabled state) | Coexistence\\MigrationMode | |
-| **EnablePackageScripts** True(enabled); False(Disabled state) | \\Scripting\\EnablePackageScripts | |
+| **MigrationMode** True(Enabled state); False (Disabled state) | Coexistence\\MigrationMode | |
+| **EnablePackageScripts** True (Enabled); False (Disabled state) | \\Scripting\\EnablePackageScripts | |
| **RoamingFileExclusions** String | | |
| **RoamingRegistryExclusions** String | Integration\\RoamingReglstryExclusions | Policy value not written (same as Not Configured) |
| **IntegrationRootUser** String | Integration\\IntegrationRootUser | Policy value not written (same as Not Configured) |
| **IntegrationRootGlobal** String | Integration\\IntegrationRootGlobal | Policy value not written (same as Not Configured) |
| **VirtualizableExtensions** String | Integration\\VirtualizableExtensions | Policy value not written |
-| **ReportingEnabled** True (enabled); False (Disabled state) | Reporting\\EnableReporting | False |
+| **ReportingEnabled** True (Enabled); False (Disabled state) | Reporting\\EnableReporting | False |
| **ReportingServerURL** String | Reporting\\ReportingServer | Policy value not written (same as Not Configured) |
-| **ReportingDataCacheLimit** Integer \[0-1024\] | Reporting\\DataCacheLimit | Policy value not written (same as Not Configured) |
-| **ReportingDataBlockSize** Integer \[1024 - Unlimited\] | Reporting\\DataBlockSize | Policy value not written (same as Not Configured) |
-| **ReportingStartTime** Integer (0 – 23) | Reporting\\ StartTime | Policy value not written (same as Not Configured) |
+| **ReportingDataCacheLimit** Integer \[0–1024\] | Reporting\\DataCacheLimit | Policy value not written (same as Not Configured) |
+| **ReportingDataBlockSize** Integer \[1024–Unlimited\] | Reporting\\DataBlockSize | Policy value not written (same as Not Configured) |
+| **ReportingStartTime** Integer (0–23) | Reporting\\ StartTime | Policy value not written (same as Not Configured) |
| **ReportingInterval** Integer | Reporting\\RetryInterval | Policy value not written (same as Not Configured) |
| **ReportingRandomDelay** Integer \[0 - ReportingRandomDelay\] | Reporting\\RandomDelay | Policy value not written (same as Not Configured) |
| **EnableDynamicVirtualization **1 (Enabled), 0 (Disabled) | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization | |
@@ -108,9 +106,8 @@ The following table provides information about App-V client configuration settin
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
+* [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index a36a845027..58b23dd73f 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -60,7 +60,7 @@ Use the following procedure to configure access to virtualized packages.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 8fca1c8678..06b310e729 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -57,7 +57,7 @@ For more information, see [How to Manage App-V Packages Running on a Stand-Alone
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 8d682c7235..dca7131dbf 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -59,7 +59,7 @@ For the following procedures the management server was installed on a computer n
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index b4c4203b8f..4da1633e90 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -18,13 +18,13 @@ Use the following procedure to connect to the App-V Management Console.
**To connect to the App-V Management Console**
-1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **https://\<_management server name_\>:\<_management service port number_\>/console.html**.
2. To view different sections of the console, click the desired section in the navigation pane.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 89b2c9530c..2c0d1e7208 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -83,7 +83,7 @@ The following table describes the parameters in the XML file that define the con
Schema name
Name of the schema.
If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
@@ -261,7 +261,7 @@ The following application connection configurations are supported.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 6bd7e8257a..6ba91b41f8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -95,7 +95,7 @@ In the example above, when a virtualized application tries to find a specific fi
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index c7589228fa..83cff76b90 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -58,7 +58,7 @@ When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 418919b1b2..5a13170e82 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -79,7 +79,7 @@ You can create user-entitled connection groups that contain both user-published
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 321421cdcd..144900c14b 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -42,7 +42,7 @@ When you place packages in a connection group, their package root paths are merg
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index afc4033cc9..3aea6099e5 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -34,7 +34,7 @@ Use the following procedure to create a Dynamic User Configuration file by using
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 8c79e0bc1a..5d001bf498 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -43,7 +43,7 @@ App-V package accelerators automatically sequence large, complex applications. A
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index b6b8930c2d..b62f27281a 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -70,7 +70,7 @@ Use the following procedure to create a package accelerator.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index eb25257a00..d816a91315 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -72,7 +72,7 @@ Use the following procedure to create a virtual application package with the App
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 26367d8ffd..383572f210 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -62,4 +62,4 @@ After creating the template, you can apply it to all of your new virtual app pac
- [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
**Have a suggestion for App-V?**
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index d076323495..92958f3b25 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -6,140 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Creating and Managing App-V Virtualized Applications
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
-**Note**
-For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide]().
-**Note**
-The App-V Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated.
+>[!NOTE]
+>The App-V Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated.
## Sequencing an application
-
You can use the App-V Sequencer to perform the following tasks:
-- Create virtual packages that can be deployed to computers running the App-V client.
+- Create virtual packages that can be deployed to computers running the App-V client.
+- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
+- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
-- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
+ >[!NOTE]
+ >You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
-- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
-
- **Note**
- You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
-
-- Convert existing virtual packages.
+- Convert existing virtual packages.
The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V package.
-- .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers.
+- **.msi file**. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers.
+- **Report.xml file**. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting.
+- **.appv file**. This is the virtual application file.
+- **Deployment configuration file**. The deployment configuration file determines how the virtual application will be deployed to target computers.
+- **User configuration file**. The user configuration file determines how the virtual application will run on target computers.
-- Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting.
-
-- .appv file. This is the virtual application file.
-
-- Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers.
-
-- User configuration file. The user configuration file determines how the virtual application will run on target computers.
-
-**Important**
-You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.
+>[!IMPORTANT]
+>You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package, you should either save the package to a secure location or make sure that no other user is allowed to log in during the conversion and monitoring process.
The **Options** dialog box in the sequencer console contains the following tabs:
-- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
+- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
- **Important**
- Package Accelerators created using App-V 4.6 are not supported by App-V.
+ >[!IMPORTANT]
+ >Package Accelerators created using App-V 4.6 are not supported by App-V.
-- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
+- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
+- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages.
-- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages.
-
-App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call.
+App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the service will be included in the sequenced virtual package as long as it's installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then after installation, the application must be run while the sequencer is monitoring for the Windows Service to be included in the package. Only services running under the Local System account are supported. Services configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call.
- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
- [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md)
- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
-## App-V shell extension support
-
+## App-V shell extension support
App-V supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing.
-Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed.
+Shell extensions are automatically embedded in the package during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed.
-**Requirements for using shell extensions:**
+### Requirements for using shell extensions
-- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
-
-- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
-
- - The version of the application is 64-bit.
-
- - The Sequencer is running on a 64-bit computer.
-
- - The package is being delivered to a 64-bit App-V client computer.
+- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
+- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
+ - The version of the application is 64-bit.
+ - The Sequencer is running on a 64-bit computer.
+ - The package is being delivered to a 64-bit App-V client computer.
The following table lists the supported shell extensions:
-
-
-
-
-
-
-
-
Handler
-
Description
-
-
-
-
-
Context menu handler
-
Adds menu items to the context menu. It is called before the context menu is displayed.
-
-
-
Drag-and-drop handler
-
Controls the action where right-click, drag and drop and modifies the context menu that appears.
-
-
-
Drop target handler
-
Controls the action after a data object is dragged and dropped over a drop target such as a file.
-
-
-
Data object handler
-
Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.
-
-
-
Property sheet handler
-
Replaces or adds pages to the property sheet dialog box of an object.
-
-
-
Infotip handler
-
Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.
-
-
-
Column handler
-
Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.
-
-
-
Preview handler
-
Enables a preview of a file to be displayed in the Windows Explorer Preview pane.
-
-
-
+|Handler|Description|
+|---|---|
+|Context menu handler|Adds menu items to the context menu. It's called before the context menu is displayed.|
+|Drag-and-drop handler|Controls the action where right-click, drag and drop, and modifies the context menu that appears.|
+|Drop target handler|Controls the action after a data object is dragged and dropped over a drop target such as a file.|
+|Data object handler|Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.|
+|Property sheet handler|Replaces or adds pages to the property sheet dialog box of an object.|
+|Infotip handler|Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.|
+|Column handler|Allows creating and displaying custom columns in **Windows Explorer Details view**. It can be used to extend sorting and grouping.|
+|Preview handler|Enables a preview of a file to be displayed in the Windows Explorer Preview pane.|
## Copy on Write (CoW) file extension support
@@ -147,50 +94,46 @@ Copy on write (CoW) file extensions allow App-V to dynamically write to specific
The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
-| File Type | | | | | |
-|------------ |------------- |------------- |------------ |------------ |------------ |
-| .acm | .asa | .asp | .aspx | .ax | .bat |
-| .cer | .chm | .clb | .cmd | .cnt | .cnv |
-| .com | .cpl | .cpx | .crt | .dll | .drv |
-| .esc | .exe | .fon | .grp | .hlp | .hta |
-| .ime | .inf | .ins | .isp | .its | .js |
-| .jse | .lnk | .msc | .msi | .msp | .mst |
-| .mui | .nls | .ocx | .pal | .pcd | .pif |
-| .reg | .scf | .scr | .sct | .shb | .shs |
-| .sys | .tlb | .tsp | .url | .vb | .vbe |
-| .vbs | .vsmacros | .ws | .wsf | .wsh | |
-
+| File Type||||||
+|---|---|---|---|---|---|
+| .acm | .asa | .asp | .aspx | .ax | .bat |
+| .cer | .chm | .clb | .cmd | .cnt | .cnv |
+| .com | .cpl | .cpx | .crt | .dll | .drv |
+| .esc | .exe | .fon | .grp | .hlp | .hta |
+| .ime | .inf | .ins | .isp | .its | .js |
+| .jse | .lnk | .msc | .msi | .msp | .mst |
+| .mui | .nls | .ocx | .pal | .pcd | .pif |
+| .reg | .scf | .scr | .sct | .shb | .shs |
+| .sys | .tlb | .tsp | .url | .vb | .vbe |
+| .vbs | .vsmacros | .ws | .wsf | .wsh | |
## Modifying an existing virtual application package
-
You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system.
-[How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md)
+For more information, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
## Creating a project template
+
An App-V project template (.appvt) file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V project template:
A template can specify and store multiple settings as follows:
-- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
+- **Exclusion Items.** Contains the Exclusion pattern list.
-- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
-
-- **Exclusion Items.** Contains the Exclusion pattern list.
-
-In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
+In Windows 10, version 1703, running the **new-appvsequencerpackage** or **update-appvsequencepackage** cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file.
>[!IMPORTANT]
->If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template.
-
-[How to Create and Use a Project Template](appv-create-and-use-a-project-template.md)
+>If you attempt to load another template through the *_TemplateFilePath_* parameter while already having an auto-saved template, the customization value from the parameter will override the auto-saved template.
+For more information, see [How to Create and Use a Project Template](appv-create-and-use-a-project-template.md).
## Creating a package accelerator
-**Note**
-Package accelerators created using a previous version of App-V must be recreated using App-V.
+>[!NOTE]
+>Package accelerators created using a previous version of App-V must be recreated using App-V.
You can use App-V package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
@@ -198,21 +141,21 @@ In some situations, to create the package accelerator, you might have to install
After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
-[How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+For more information, see the following articles:
-[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+- [How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+- [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
## Sequencer error reporting
-
The App-V Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue.
You can also find additional information about sequencing errors using the Windows Event Viewer.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Operations for App-V](appv-operations.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 77ec4edbc2..9a7fd827bf 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to customize the virtual application extensions for
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 176253c332..b6e27aece2 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an existing App-V connection group.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index b96b43a1ad..0a3464836a 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -25,7 +25,7 @@ Use the following procedure to delete an App-V package.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index eb3c088281..e719ae1710 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -6,51 +6,49 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to deploy the App-V databases by using SQL scripts
-
-# How to Deploy the App-V Databases by Using SQL Scripts
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
-- Install the App-V databases
+* Install the App-V databases
+* Upgrade the App-V databases to a later version
-- Upgrade the App-V databases to a later version
-
->**Note**
-> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
+>[!NOTE]
+>If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
## How to install the App-V databases by using SQL scripts
-1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
+1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
-2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
+2. Copy **appv\_server\_setup.exe** from the App-V release media to a temporary location.
-3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
+3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
- Example: appv\_server\_setup.exe /layout c:\\__
+ ```sql
+ appv\_server\_setup.exe /layout c:\\__
+ ```
-4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate readme.txt file for instructions:
+4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate **readme.txt** file for instructions:
- | Database | Location of readme.txt file to use
- | - | - |
+ | Database | Location of readme.txt file to use|
+ |---|---|
| Management database | ManagementDatabase subfolder |
| Reporting database | ReportingDatabase subfolder |
-> [!CAUTION]
-> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
+>[!CAUTION]
+>The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
-> [!IMPORTANT]
+>[!IMPORTANT]
> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
-> The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
+> The Permissions.sql script should be updated according to Step 2 in [KB article 3031340](https://support.microsoft.com/kb/3031340). Step 1 is not required for versions of App-V later than App-V 5.0 SP3.
### Updated management database README file content
-``` syntax
+```syntax
***********************************************************************************************************
Before you install and use the Application Virtualization Database Scripts, you must:
@@ -109,7 +107,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
### Updated reporting database README file content
-``` syntax
+```syntax
***********************************************************************************************************
Before you install and use the Application Virtualization Database Scripts, you must:
@@ -148,7 +146,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
defaults are likely sufficient, it is suggested that the following
settings be reviewed:
- DATABASE - ensure name is satisfactory - default is "AppVReporting".
+ DATABASE - ensure name is satisfactory - default is "AppVReporting".
2. Review the Permissions.sql file and provide all the necessary account information
for setting up read and write access on the database. Note: Default settings
@@ -179,9 +177,9 @@ Steps to install "AppVReporting" schema in SQL SERVER.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [How to deploy the App-V Server](appv-deploy-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 0710d7ff57..439a1617b9 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -38,7 +38,7 @@ Use one of the following methods to publish packages to App-V client computers w
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 1c7db8783f..7dbb8d0e48 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -6,335 +6,413 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to deploy the App-V server using a script
+>Applies to: Windows Server 2016
-# How to Deploy the App-V Server Using a Script
+In order to complete the **appv_server_setup.exe** server setup successfully using the command line, you must specify and combine multiple parameters.
-**Applies to**
-- Windows Server 2016
-
-In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters.
-
-**To install the App-V server using a script**
+## To install the App-V server using a script
Use the following lists and tables for more information about installing the App-V server using the command line.
-> **Note** The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
+The information in the following lists and tables can also be accessed through the command line by entering the following command: ```appv\_server\_setup.exe /?```.
-## How to use common parameters
+## How to use common parameters to install the Management server and Management database on a local machine
-## To install the Management server and Management database on a local machine
+The following examples will show you how to install the Management server and database on a local machine.
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Parameters for a default instance of Microsoft SQL Server for a new installation on a local machine
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters:
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
+### Parameters for a custom instance of Microsoft SQL Server for a new installation on a local machine
-### Example for using a custom instance of Microsoft SQL Server:
+To use a custom instance of Microsoft SQL Server, use the following parameters:
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for a new installation on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/MANAGEMENT_DB_NAME="AppVManagement"
+```
-## To install the Management server using an existing Management database on a local machine
+## How to use common parameters to install the Management server using an existing Management database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server on a local machine with an existing Management database.
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+### Default instance of Microsoft SQL Server for installation with an existing Management database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example parameters for using a custom instance of Microsoft SQL Server for installation with an existing Management database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
-## To install the Management server using an existing Management database on a remote machine
+## How to install the Management server with an existing Management database on a remote machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+### Default instance of Microsoft SQL Server with an existing Management database on a remote machine
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_MANAGEMENT_DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_MANAGEMENT_DB_NAME*
-- /MANAGEMENT_SERVER
-- /MANAGEMENT_ADMINACCOUNT
-- /MANAGEMENT_WEBSITE_NAME
-- /MANAGEMENT_WEBSITE_PORT
-- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /EXISTING_MANAGEMENT_DB_NAME
+### Custom instance of Microsoft SQL Server with an existing Management database on a remote machine
-### Example for using a custom instance of Microsoft SQL Server:
+To use a custom instance of Microsoft SQL Server, use these parameters:
-/appv_server_setup.exe /QUIET
-/MANAGEMENT_SERVER
-/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
-/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
-/MANAGEMENT_WEBSITE_PORT="8080"
-/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
-/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+* */MANAGEMENT_SERVER*
+* */MANAGEMENT_ADMINACCOUNT*
+* */MANAGEMENT_WEBSITE_NAME*
+* */MANAGEMENT_WEBSITE_PORT*
+* */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_MANAGEMENT_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server with an existing Management database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+```
-## To install the Management database and the Management Server on the same computer
+## Installing the Management database and the Management Server on the same computer
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management server and database on the same computer.
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installation on the same computer
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use these parameters:
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installation on the same computer
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/MANAGEMENT_DB_NAME="AppVManagement"
-/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_SERVER_MACHINE_USE_LOCAL*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installation on the same computer
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Management database on a different computer than the Management server
+## Installing the Management database on a different computer than the Management server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Management database and server on different computers.
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_MANAGEMENT
-- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
-- /MANAGEMENT_DB_NAME
-- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
-- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_MANAGEMENT
-/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/MANAGEMENT_DB_NAME="AppVManagement"
-/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_MANAGEMENT*
+* */MANAGEMENT_DB_CUSTOM_SQLINSTANCE*
+* */MANAGEMENT_DB_NAME*
+* */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Management database on a different computer than the Management server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Publishing server
+## Installing the Publishing server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Publishing server.
-- /PUBLISHING_SERVER
-- /PUBLISHING_MGT_SERVER
-- /PUBLISHING_WEBSITE_NAME
-- /PUBLISHING_WEBSITE_PORT
+### Default instance of Microsoft SQL Server for installing the Publishing server
-### Example
+To use the default instance of Microsoft SQL Server, use the following parameters:
-/appv_server_setup.exe /QUIET
-/PUBLISHING_SERVER
-/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
-/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
+* */PUBLISHING_SERVER*
+* */PUBLISHING_MGT_SERVER*
+* */PUBLISHING_WEBSITE_NAME*
+* */PUBLISHING_WEBSITE_PORT*
+
+### Example for installing the Publishing server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/PUBLISHING_SERVER
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
/PUBLISHING_WEBSITE_PORT="8081"
+```
-## To install the Reporting server and Reporting database on a local machine
+## Installing the Reporting server and Reporting database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and database on a local machine.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/DB_PREDEPLOY_REPORTING
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server and Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting server using an existing Reporting database on a local machine
+## Installing the Reporting server using an existing Reporting database on a local machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the reporting machine on a local machine with an existing Reporting database.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING_DB_NAME
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a local machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/EXITING_REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting server using an existing Reporting database on a remote machine
+## Installing the Reporting server using an existing Reporting database on a remote machine
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting server and on a remote machine with an existing database.
-- /REPORTING _SERVER
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /EXISTING_REPORTING _DB_NAME
-
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+### Default instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
-- /REPORTING _SERVER
-- /REPORTING _ADMINACCOUNT
-- /REPORTING _WEBSITE_NAME
-- /REPORTING _WEBSITE_PORT
-- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
-- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
-- /EXISTING_REPORTING _DB_NAME
+To use the default instance of Microsoft SQL Server, use the following parameters:
-### Example for using a custom instance of Microsoft SQL Server:
+* */REPORTING_SERVER*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */EXISTING_REPORTING_DB_NAME*
-/appv_server_setup.exe /QUIET
-/REPORTING_SERVER
-/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
-/REPORTING_WEBSITE_PORT="8082"
-/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
-/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+### Custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */REPORTING_SERVER*
+* */REPORTING_ADMINACCOUNT*
+* */REPORTING_WEBSITE_NAME*
+* */REPORTING_WEBSITE_PORT*
+* */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME*
+* */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */EXISTING_REPORTING_DB_NAME*
+
+### Example using a custom instance of Microsoft SQL Server for installing the Reporting server using an existing Reporting database on a remote machine
+
+```SQL
+/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/EXITING_REPORTING_DB_NAME="AppVReporting"
+```
-## To install the Reporting database on the same computer as the Reporting server
+## Installing the Reporting database on the same computer as the Reporting server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on the same computer.
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING_DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_SERVER_MACHINE_USE_LOCAL
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
-/appv_server_setup.exe /QUIET
-/DB_PREDEPLOY_REPORTING
-/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
-/REPORTING_DB_NAME="AppVReporting"
-/REPORTING_SERVER_MACHINE_USE_LOCAL
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_SERVER_MACHINE_USE_LOCAL*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on the same computer as the Reporting server
+
+```SQL
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting"
+/REPORTING_SERVER_MACHINE_USE_LOCAL
/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
-## To install the Reporting database on a different computer than the Reporting server
+## Installing the Reporting database on a different computer than the Reporting server
-**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+The following examples will show you how to install the Reporting database and server on different computers.
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+### Default instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
-**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+To use the default instance of Microsoft SQL Server, use the following parameters:
-- /DB_PREDEPLOY_REPORTING
-- /REPORTING _DB_CUSTOM_SQLINSTANCE
-- /REPORTING _DB_NAME
-- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
-- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_SQLINSTANCE_USE_DEFAULT*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
-### Example for using a custom instance of Microsoft SQL Server:
+### Custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
+To use a custom instance of Microsoft SQL Server, use these parameters:
+
+* */DB_PREDEPLOY_REPORTING*
+* */REPORTING_DB_CUSTOM_SQLINSTANCE*
+* */REPORTING_DB_NAME*
+* */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT*
+* */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT*
+
+### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
+
+```SQL
Using a custom instance of Microsoft SQL Server example:
/appv_server_setup.exe /QUIET
/DB_PREDEPLOY_REPORTING
@@ -342,105 +420,104 @@ Using a custom instance of Microsoft SQL Server example:
/REPORTING_DB_NAME="AppVReporting"
/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+```
## Parameter definitions
-- [General parameters](#parameter-definitions-for-general-parameters)
-- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
-- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
-- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
-- [Reporting Server parameters](#parameter-definitions-for-reporting-server)
-- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
-- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
-- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
+* [General parameters](#parameter-definitions-for-general-parameters)
+* [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
+* [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
+* [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
+* [Reporting Server parameters](#parameter-definitions-for-reporting-server)
+* [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
+* [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
+* [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
### Parameter definitions for general parameters
| Parameter | Description |
|-----------|-------------|
-| /QUIET | Specifies silent install. |
-| /UNINSTALL | Specifies an uninstall. |
-| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. |
-| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" |
-| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" |
-| /MUOPTIN | Enables Microsoft Update. No value is expected |
-| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+| */QUIET* | Specifies silent install. |
+| */UNINSTALL* | Specifies an uninstall. |
+| */LAYOUT* | Specifies layout action. This extracts the MSIs and script files to a folder without installing the actual product. No value is expected. |
+| */LAYOUTDIR* | Specifies the layout directory with a string. For example, ```/LAYOUTDIR="C:\Application Virtualization Server"```. |
+| */INSTALLDIR* | Specifies the installation directory with a string. For example, ```/INSTALLDIR="C:\Program Files\Application Virtualization\Server"```. |
+| */MUOPTIN* | Enables Microsoft Update. No value is expected. |
+| */ACCEPTEULA* | Accepts the license agreement. This is required for an unattended installation. For example, ```/ACCEPTEULA``` or ```/ACCEPTEULA=1```. |
### Parameter definitions for Management Server installation parameters
| Parameter | Description |
|-----------|-------------|
-| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected |
-| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. |
-| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" |
-| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. |
+| */MANAGEMENT_SERVER* | Specifies that the management server will be installed. No value is expected. |
+| */MANAGEMENT_ADMINACCOUNT* | Specifies the account that will be allowed administrator access to the management server. This account can be an individual user account or a group. For example, ```/MANAGEMENT_ADMINACCOUNT="mydomain\admin"```. If **/MANAGEMENT_SERVER** isn't specified, this parameter will be ignored.|
+| */MANAGEMENT_WEBSITE_NAME* | Specifies name of the website that will be created for the management service. For example, ```/MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service"``` |
+| */MANAGEMENT_WEBSITE_PORT* | Specifies the port number that will be used by the management service will use. For example, ```/MANAGEMENT_WEBSITE_PORT=82```. |
### Parameter definitions for the Management Server Database
| Parameter | Description |
|-----------|-------------|
-| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected |
-| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. |
-| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
-| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
-| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** |
-| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** |
+| */DB\_PREDEPLOY\_MANAGEMENT* | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected. |
+| */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance should be used. No value is expected. |
+| */MANAGEMENT_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that should be used to create a new database. For example, ```/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this parameter will be ignored. |
+| */MANAGEMENT_DB_NAME* | Specifies the name of the new management database that should be created. For example, ```/MANAGEMENT_DB_NAME="AppVMgmtDB"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
+| */MANAGEMENT_SERVER_MACHINE_USE_LOCAL* | Indicates if the management server that will be accessing the database is installed on the local server. This is a switch parameter, so no value is expected. |
+| */MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT* | Specifies the machine account of the remote machine that the management server will be installed on. For example, ```/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"```. |
+| */MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT* | Indicates the Administrator account that will be used to install the management server. For example, ```/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"```. |
### Parameter definitions for Publishing Server installation parameters
| Parameter | Description |
|-----------|-------------|
-| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected |
-| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://<management server name>:<Management server port number>**. If /PUBLISHING_SERVER is not used, this parameter will be ignored |
-| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" |
-| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 |
+| */PUBLISHING_SERVER* | Specifies that the publishing server will be installed. No value is expected. |
+| */PUBLISHING_MGT_SERVER* | Specifies the URL to Management Service the Publishing server will connect to. For example, ```http://;```. If **/PUBLISHING_SERVER** isn't used, this parameter will be ignored. |
+| */PUBLISHING_WEBSITE_NAME* | Specifies name of the website that will be created for the publishing service. For example, ```/PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service"```. |
+| */PUBLISHING_WEBSITE_PORT* | Specifies the port number used by the publishing service. For example, ```/PUBLISHING_WEBSITE_PORT=83```. |
### Parameter definitions for Reporting Server
| Parameter | Description |
|-----------|-------------|
-| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected |
-| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService" |
-| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82 |
-
-
+| */REPORTING_SERVER* | Specifies that the Reporting Server will be installed. No value is expected. |
+| */REPORTING_WEBSITE_NAME* | Specifies name of the website that will be created for the Reporting Service. For example, ```/REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"```. |
+| */REPORTING_WEBSITE_PORT* | Specifies the port number that the Reporting Service will use. For example, ```/REPORTING_WEBSITE_PORT=82```. |
### Parameters for using an existing Reporting Server database
| Parameter | Description |
|-----------|-------------|
-| /EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. |
-| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
-| /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. |
-| /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
-| /EXISTING_REPORTING_DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting" |
+| */EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL* | Indicates that the Microsoft SQL Server is installed on the local server. This is a switch parameter, so no value is expected. |
+| */EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME* | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. For example, ```/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1"```. |
+| */EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance is to be used. This is a switch parameter, so no value is expected. |
+| */EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that should be used. Takes a string. For example, ```/EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. |
+| */EXISTING_REPORTING_DB_NAME* | Specifies the name of the existing Reporting database that should be used. Takes a string. For example, ```/EXISTING_REPORTING_DB_NAME="AppVReporting"```. |
### Parameter definitions for Reporting Server database installation
| Parameter | Description |
|-----------|-------------|
-| /DB\_PREDEPLOY\_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected |
-| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
-| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB" |
-| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
-| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername" |
-| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias" |
+| */DB\_PREDEPLOY\_REPORTING* | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected. |
+| */REPORTING_DB_SQLINSTANCE_USE_DEFAULT* | Specifies the name of the custom SQL instance that should be used. Takes a string. For example, ```/REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"```. |
+| */REPORTING_DB_NAME* | Specifies the name of the new Reporting database that should be created. Takes a string. For example, ```/REPORTING_DB_NAME="AppVMgmtDB"```. |
+| */REPORTING_SERVER_MACHINE_USE_LOCAL* | Indicates that the Reporting server that will be accessing the database is installed on the local server. This is a switch parameter, so no value is expected. |
+| */REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT* | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. For example, ```/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"```. |
+| */REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT* | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. For example, ```/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"```. |
### Parameters for using an existing Management Server database
| Parameter | Description |
|-----------|-------------|
-| /EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
-| /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
-| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| */EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL* | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this variable will be ignored. |
+| */EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME* | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. For example, ```/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1"```. |
+| */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this variable will be ignored. |
+| */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE* | Specifies the name of the custom SQL instance that will be used. For example, ```/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
+| */EXISTING_MANAGEMENT_DB_NAME* | Specifies the name of the existing management database that should be used. For example, ```/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"```. If **/DB_PREDEPLOY_MANAGEMENT** isn't specified, this will be ignored. |
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Deploying the App-V Server](appv-deploying-the-appv-server.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 70121311f4..4ffe1ba432 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -6,120 +6,92 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# How to Deploy the App-V Server (new installation)
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
->**Important** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+## Before you start
-**Before you start:**
+>[!IMPORTANT]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
-- Ensure that you’ve installed required software. See [App-V Prerequisites](appv-prerequisites.md).
+* Ensure that you’ve installed required software. See [App-V prerequisites](appv-prerequisites.md).
+* Review the server section of [App-V security considerations](appv-security-considerations.md).
+* Specify a port where each component will be hosted.
+* Add firewall rules to allow incoming requests to access the specified ports.
+* If you use SQL scripts instead of the Windows Installer to set up the Management database or Reporting database, you must run the required SQL scripts before installing the Management Server or Reporting Server. See [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-- Review the server section of [App-V security considerations](appv-security-considerations.md).
+## Installing the App-V server
-- Specify a port where each component will be hosted.
+1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
-- Add firewall rules to allow incoming requests to access the specified ports.
-
-- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-
-**To install the App-V server**
-
-1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
-
- - The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
- - The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-
-2. Copy the App-V server installation files to the computer on which you want to install it.
-
-3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
-
-4. Review and accept the license terms, and choose whether to enable Microsoft updates.
-
-5. On the **Feature Selection** page, select all of the following components.
+ * The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+ * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+2. Copy the App-V server installation files to the computer on which you want to install it.
+3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+4. Review and accept the license terms, and choose whether to enable Microsoft updates.
+5. On the **Feature Selection** page, select all components listed in the following table.
| Component | Description |
- | - | - |
+ |---|---|
| Management server | Provides overall management functionality for the App-V infrastructure. |
| Management database | Facilitates database predeployments for App-V management. |
| Publishing server | Provides hosting and streaming functionality for virtual applications. |
| Reporting server | Provides App-V reporting services. |
| Reporting database | Facilitates database predeployments for App-V reporting. |
-
-6. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
-
-7. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+6. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+7. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
| Method | What you need to do |
- | - | - |
- | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance. Use the format **INSTANCENAME**. The assumed installation location is the local computer. Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
+ |---|---|
+ | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, then specify the instance name. Use the format **INSTANCENAME**. The assumed installation location is the local computer. Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
| You are using a custom database name. | Select **Custom configuration** and type the database name. The database name must be unique, or the installation will fail.|
+8. On the **Configure** page, accept the default value, **Use this local computer**.
-8. On the **Configure** page, accept the default value **Use this local computer**.
-
- >**Note** If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+ >[!NOTE]
+ >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
+9. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
| Method | What you need to do |
- | - | - |
+ |---|---|
| You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance. Use the format **INSTANCENAME**. The assumed installation location is the local computer. Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
| You are using a custom database name. | Select **Custom configuration** and type the database name. The database name must be unique, or the installation will fail.|
-
-
10. On the **Configure** page, accept the default value: **Use this local computer**.
- >**Note**
- > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
-
-
+ >[!NOTE]
+ >If you're installing the Management server and Management database side-by-side, the appropriate options are selected by default and cannot be changed.
11. On the **Configure** (Management Server Configuration) page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser
After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups to perform this action.|
- | **Website name**: Specify the custom name that will be used to run the publishing service. | If you do not have a custom name, do not make any changes.|
- |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345** Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Specify AD group | Specify the AD group with sufficient permissions to manage the App-V environment. Example: MyDomain\MyUser
After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups to perform this action.|
+ |Website name | Specify the custom name that will be used to run the publishing service. If you do not have a custom name, you don't have to change it.|
+ |Port binding | Specify a unique port number that will be used by App-V. Example: **12345** Ensure that the port specified is not being used by another website. |
12. On the **Configure Publishing Server Configuration** page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | Specify the URL for the management service. | Example: http://localhost:12345 |
- | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. |
- | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321 Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Specify the management service URL | Example: http://localhost:12345 |
+ | Website name | Specify the custom website name that will be used to run the publishing service. If you do not have a custom name, do not make any changes. |
+ | Port binding | Specify a unique port number that will be used by App-V. Example: 54321 Ensure that the port specified is not being used by another website. |
13. On the **Reporting Server** page, specify the following:
| Item to configure | Description and examples |
- | - | - |
- | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. |
- | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555 Ensure that the port specified is not being used by another website. |
-
+ |---|---|
+ | Website name | Specify the custom name that will be used to run the Reporting Service. If you do not have a custom name, do not make any changes. |
+ | Port binding | Specify a unique port number that will be used by App-V. Example: 55555 Ensure that the port specified is not being used by another website.|
14. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
+15. To verify that the setup completed successfully, open a web browser, and type the following URL with the bracketed variables adjusted according to your specifications in the earlier steps:
-15. To verify that the setup completed successfully, open a web browser, and type the following URL:
+ ```http://:/console.html```
- **http://\<_Management server machine name_\>:\<_Management service port number_\>/console.html**.
-
- Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+ Example: ```http://localhost:12345/console.html```. If the installation succeeded, the App-V Management console will display with no errors.
## Related topics
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index d6d019fcff..1d2034eb89 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -6,52 +6,41 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying App-V for Windows 10
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-App-V supports a number of different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
+App-V supports several different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
## App-V Deployment Information
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+ This section describes how to install the App-V sequencer used to virtualize applications, and how to enable the App-V client that runs on target computers to facilitate virtualized packages.
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
- This section describes how to install the App-V sequencer, which is used to virtualize applications, and how to enable the App-V client, which runs on target computers to facilitate virtualized packages.
-
-- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
-
- This section provides information about installing the App-V management, publishing, database and reporting severs.
-
-- [App-V Deployment Checklist](appv-deployment-checklist.md)
+ This section provides information about installing the App-V management, publishing, database, and reporting severs.
+* [App-V deployment checklist](appv-deployment-checklist.md)
This section provides a deployment checklist that can be used to assist with installing App-V.
-- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
-[Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-[Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+The following sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
- These sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
+* [Deploying Microsoft Office 2016 by using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
-## Other Resources for Deploying App-V
+## Other App-V deployment resources
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting Started with App-V](appv-getting-started.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 28a866aa22..5d6bd60233 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -6,291 +6,95 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Deploying Microsoft Office 2010 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
-- Application Virtualization (App-V) Sequencer
-
-- Application Virtualization (App-V) Package Accelerator
+* Application Virtualization (App-V) Sequencer
+* Application Virtualization (App-V) Package Accelerator
## App-V support for Office 2010
-
The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010.
-
-
-
-
-
-
-
-
Supported item
-
Level of support
-
-
-
-
-
Package creation
-
-
Sequencing
-
Package Accelerator
-
Office Deployment Kit
-
-
-
-
Supported licensing
-
Volume Licensing
-
-
-
Supported deployments
-
-
Desktop
-
Personal VDI
-
RDS
-
-
-
-
-
-
+|Supported item|Support level|
+|---|---|
+|Package creation|- Sequencing - Package Accelerator - Office Deployment Kit|
+|Supported licensing|Volume Licensing|
+|Supported deployments|- Desktop - Personal VDI - RDS|
## Creating Office 2010 App-V using the sequencer
-
-Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions:
-
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069).
## Creating Office 2010 App-V packages using package accelerators
+Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
-Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
-
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
-
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
+* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
## Deploying the Microsoft Office package for App-V
-
You can deploy Office 2010 packages by using any of the following App-V deployment methods:
-- System Center Configuration Manager
-
-- App-V server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V server
+* Stand-alone through Windows PowerShell commands
## Office App-V package management and customization
-
Office 2010 packages can be managed like any other App-V packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages.
## Microsoft Office integration with Windows
-
The following table provides a full list of supported integration points for Office 2010.
-
-
-
-
-
-
-
-
-
Extension Point
-
Description
-
Office 2010
-
-
-
-
-
Lync meeting Join Plug-in for Firefox and Chrome
-
User can join Lync meetings from Firefox and Chrome
-
-
-
-
Sent to OneNote Print Driver
-
User can print to OneNote
-
Yes
-
-
-
OneNote Linked Notes
-
OneNote Linked Notes
-
-
-
-
Send to OneNote Internet Explorer Add-In
-
User can send to OneNote from IE
-
-
-
-
Firewall Exception for Lync and Outlook
-
Firewall Exception for Lync and Outlook
-
-
-
-
MAPI Client
-
Native apps and add-ins can interact with virtual Outlook through MAPI
-
-
-
-
SharePoint Plugin for Firefox
-
User can use SharePoint features in Firefox
-
-
-
-
Mail Control Panel Applet
-
User gets the mail control panel applet in Outlook
-
Yes
-
-
-
Primary Interop Assemblies
-
Support managed add-ins
-
-
-
-
Office Document Cache Handler
-
Allows Document Cache for Office applications
-
-
-
-
Outlook Protocol Search handler
-
User can search in outlook
-
Yes
-
-
-
Active X Controls:
-
For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx).
-
-
-
-
Groove.SiteClient
-
Active X Control
-
-
-
-
PortalConnect.PersonalSite
-
Active X Control
-
-
-
-
SharePoint.openDocuments
-
Active X Control
-
-
-
-
SharePoint.ExportDatabase
-
Active X Control
-
-
-
-
SharePoint.SpreadSheetLauncher
-
Active X Control
-
-
-
-
SharePoint.StssyncHander
-
Active X Control
-
-
-
-
SharePoint.DragUploadCtl
-
Active X Control
-
-
-
-
SharePoint.DragDownloadCtl
-
Active X Control
-
-
-
-
Sharpoint.OpenXMLDocuments
-
Active X Control
-
-
-
-
Sharepoint.ClipboardCtl
-
Active X control
-
-
-
-
WinProj.Activator
-
Active X Control
-
-
-
-
Name.NameCtrl
-
Active X Control
-
-
-
-
STSUPld.CopyCtl
-
Active X Control
-
-
-
-
CommunicatorMeetingJoinAx.JoinManager
-
Active X Control
-
-
-
-
LISTNET.Listnet
-
Active X Control
-
-
-
-
OneDrive Pro Browser Helper
-
Active X Control]
-
-
-
-
OneDrive Pro Icon Overlays
-
Windows explorer shell icon overlays when users look at folders OneDrive Pro folders
-
-
-
-
+(POPULATE THE THIRD COLUMN)
-
+|Extension Point|Description|Office 2010|
+|---|---|---|
+|Lync meeting Join Plug-in for Firefox and Chrome|User can join Lync meetings from Firefox and Chrome||
+|Sent to OneNote Print Driver|User can print to OneNote|Yes|
+|OneNote Linked Notes|OneNote Linked Notes||
+|Send to OneNote Internet Explorer Add-In|User can send to OneNote from IE||
+|Firewall Exception for Lync and Outlook|Firewall Exception for Lync and Outlook||
+|MAPI Client|Native apps and add-ins can interact with virtual Outlook through MAPI||
+|SharePoint Plugin for Firefox|User can use SharePoint features in Firefox||
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|Yes|
+|Primary Interop Assemblies|Support managed add-ins||
+|Office Document Cache Handler|Allows Document Cache for Office applications||
+|Outlook Protocol Search handler|User can search in Outlook|Yes|
+|Active X Controls: - Groove.SiteClient - PortalConnect.PersonalSite - SharePoint.openDocuments - SharePoint.ExportDatabase - SharePoint.SpreadSheetLauncher - SharePoint.StssyncHander - SharePoint.DragUploadCtl - SharePoint.DragDownloadCtl - Sharpoint.OpenXMLDocuments - Sharepoint.ClipboardCtl - WinProj.Activator - Name.NameCtrl - STSUPld.CopyCtl - CommunicatorMeetingJoinAx.JoinManager - LISTNET.Listnet - OneDrive Pro Browser Helper|Active X Control.
For more information about ActiveX controls, see the [ActiveX Control API Reference]().||
+|OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders||
## Additional resources
+### Office 2013 App-V Packages Additional Resources
-**Office 2013 App-V Packages Additional Resources**
+* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+### Office 2010 App-V Packages
-**Office 2010 App-V Packages**
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+### Connection Groups
-[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [Managing Connection Groups](appv-managing-connection-groups.md)
+* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+### Dynamic Configuration
-**Connection Groups**
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
-
-[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
-
-**Dynamic Configuration**
-
-[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index dbbd968cfa..7b63794730 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -6,229 +6,94 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Deploying Microsoft Office 2013 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
-This topic contains the following sections:
+## What to know before you start
-- [What to know before you start](#bkmk-before-you-start)
+Before you deploy Office 2013 with App-V, review the following planning information.
-- [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg)
+### Supported Office versions and Office coexistence
-- [Publishing the Office package for App-V](#bkmk-pub-pkg-office)
+The following table will direct you to more information about which versions of Office App-V supports and how to run App-V with coexisting versions of Office.
-- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs)
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|- Supported versions of Office - Supported deployment types like desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI - Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
-## What to know before you start
+### Packaging, publishing, and deployment requirements
+Before you deploy Office with App-V, review the following requirements.
-Before you deploy Office 2013 by using App-V, review the following planning information.
-
-### Supported Office versions and Office coexistence
-
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
-
-
-
-
-
-
-
-
-
Information to review
-
Description
-
-
-
-
-
[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)
-
-
Supported versions of Office
-
Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)
-
Office licensing options
-
-
-
-
[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)
-
Considerations for installing different versions of Office on the same computer
-
-
-
-
-
-
-### Packaging, publishing, and deployment requirements
-
-Before you deploy Office by using App-V, review the following requirements.
-
-
-
-
-
-
-
-
-
Task
-
Requirement
-
-
-
-
-
Packaging
-
-
All of the Office applications that you want to deploy to users must be in a single package.
-
In App-V and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.
-
If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).
-
-
-
-
Publishing
-
-
You can publish only one Office package to each client computer.
-
You must publish the Office package globally. You cannot publish to the user.
-
-
-
-
Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:
-
-
Office 365 ProPlus
-
Visio Pro for Office 365
-
Project Pro for Office 365
-
-
You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).
-
You don’t use shared computer activation if you’re deploying a volume licensed product, such as:
-
-
Office Professional Plus 2013
-
Visio Professional 2013
-
Project Professional 2013
-
-
-
-
-
-
+|Task|Requirement|
+|---|---|
+|Packaging|All Office applications you wish to deploy to users must be in a single package. In App-V and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation. If you're deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).|
+|Publishing|You can only publish one Office package per client computer. You must publish the Office package globally, not to the user.|
+|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.|
### Excluding Office applications from a package
The following table describes the recommended methods for excluding specific Office applications from a package.
-
-
-
-
-
-
-
-
Task
-
Details
-
-
-
-
-
Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.
-
-
Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
-
For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement).
-
-
-
-
Modify the DeploymentConfig.xml file
-
-
Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.
-
For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).
-
-
-
-
-
-
-
-## Creating an Office 2013 package for App-V with the Office Deployment Tool
+|Task|Details|
+|---|---|
+|Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool.|Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word. For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element).|
+|Modify the **DeploymentConfig.xml** file|Modify the **DeploymentConfig.xml** file after creating the package. This file contains the default package settings for all users on a computer running the App-V Client. For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).|
+## Creating an Office 2013 package for App-V with the Office Deployment Tool
Complete the following steps to create an Office 2013 package for App-V or later.
-**Important**
-In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
-
-
+>[!IMPORTANT]
+>In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
-The computer on which you are installing the Office Deployment Tool must have:
+Before you start, make sure that the computer on which you are installing the Office Deployment Tool has the following:
-
-
-
-
-
-
-
-
Prerequisite
-
Description
-
-
-
-
-
Prerequisite software
-
.Net Framework 4
-
-
-
Supported operating systems
-
-
64-bit version of Windows 8 or later
-
64-bit version of Windows 7
-
-
-
-
+|Prerequisite|Description|
+|---|---|
+|Prerequisite software|.NET Framework 4|
+|Supported operating systems|64-bit version of Windows 8 or later 64-bit version of Windows 7|
-
+>[!NOTE]
+>In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
-**Note**
-In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
+### Create Office 2013 App-V packages using Office Deployment Tool
-
-
-### Create Office 2013 App-V Packages Using Office Deployment Tool
-
-You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
+You create Office 2013 App-V packages with the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
### Download the Office Deployment Tool
-Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The App-V sequencer can't create or modify packages. To create a package:
-1. Download the [Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
-
-2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+1. Download the [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778).
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
Example: \\\\Server\\Office2013
-
-3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+3. Check that a **setup.exe** and a **configuration.xml** file exist and are in the location you specified.
### Download Office 2013 applications
-After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package.
+After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. You can create the Office 2013 App-V package after getting all the Office applications.
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
-1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
- 1. Open the sample XML file in Notepad or your favorite text editor.
+ 1. Open the sample XML file in Notepad or your favorite text editor.
- 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
+ 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
- ``` syntax
+ ```XML
@@ -237,255 +102,139 @@ The XML file that is included in the Office Deployment Tool specifies the produc
-
+
```
- **Note**
- The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
+ >[!NOTE]
+ >The configuration XML is a sample XML file. This file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
- The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
+ The previous example of an XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications by specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-xml-file), later in this topic.
After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2013 applications that will later be converted into an App-V package. The following is an example command:
-2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
-
- ``` syntax
+ ```PowerShell
\\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
```
- In the example:
+ The following is a table that describes each element of the command:
-
-
-
-
-
-
-
-
\\server\Office2013
-
is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
-
-
-
setup.exe
-
is the Office Deployment Tool.
-
-
-
/download
-
downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.
-
-
-
\\server\Office2013\Customconfig.xml
-
passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.
-
-
-
+ |Element|Description|
+ |---|---|
+ |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, **Customconfig.xml**.|
+ |```setup.exe```|This is the Office Deployment Tool.|
+ |```/download```|This downloads the Office 2013 applications that you specify in the **Customconfig.xml** file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.|
+ |```\\server\Office2013\Customconfig.xml```|This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the XML configuration file, which in this example is ```\\Server\Office2013```.|
#### Customizable attributes and elements of the XML file
-
-
-
-
-
-
-
-
Input and description
-
Example
-
-
-
-
-
Add element: Specifies the products and languages to include in the package.
-
N/A
-
-
-
OfficeClientEdition (attribute of Add element): Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.
-
OfficeClientEdition="32"
-
OfficeClientEdition="64"
-
-
-
Product element: Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.
-
Product ID ="O365ProPlusRetail "
-
Product ID ="VisioProRetail"
-
Product ID ="ProjectProRetail"
-
Product ID ="ProPlusVolume"
-
Product ID ="VisioProVolume"
-
Product ID = "ProjectProVolume"
-
-
-
Language element: Specifies the language supported in the applications.
-
Language ID="en-us"
-
-
-
Version (attribute of Add element): Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).
-
15.1.2.3
-
-
-
SourcePath (attribute of Add element): Specifies the location in which the applications will be saved to.
-
Sourcepath = "\\Server\Office2013”
-
-
-
-
-
+|Input and description|Example|
+|---|---|
+|Add element: Specifies the products and languages to include in the package.|N/A|
+|OfficeClientEdition (attribute of Add element): Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value.|```OfficeClientEdition="32"``` ```OfficeClientEdition="64"```|
+|Product element: Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.|```Product ID="O365ProPlusRetail"``` ```Product ID="VisioProRetail"``` ```Product ID="ProjectProRetail"``` ```Product ID="ProPlusVolume"``` ```Product ID="ProjectProVolume"```|
+|Language element: Specifies the language supported in the applications.|```Language ID="en-us"```|
+|Version (attribute of Add element): Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).|```15.1.2.3```|
+|SourcePath (attribute of Add element): Specifies the location where the applications will be saved to.|```Sourcepath="\Server\Office2013”```|
### Convert the Office applications into an App-V package
-After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model.
+After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. You'll need to make sure to have the right procedure depending on your licensing model.
-**Summary of what you’ll need to do:**
+#### What you'll need to do
-- Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+* Create an Office App-V package for either the Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, then modify the **Customconfig.xml** configuration file.
-- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+ The following table summarizes the values you need to enter in the **Customconfig.xml** file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
- The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
-
-
-
-
-
-
-
-
-
-
Product ID
-
Volume Licensing
-
Subscription Licensing
-
-
-
-
-
Office 2013
-
ProPlusVolume
-
O365ProPlusRetail
-
-
-
Office 2013 with Visio 2013
-
ProPlusVolume
-
VisioProVolume
-
O365ProPlusRetail
-
VisioProRetail
-
-
-
Office 2013 with Visio 2013 and Project 2013
-
ProPlusVolume
-
VisioProVolume
-
ProjectProVolume
-
O365ProPlusRetail
-
VisioProRetail
-
ProjectProRetail
-
-
-
+|Product ID|Volume Licensing|Subscription Licensing|
+|---|---|---|
+|Office 2013|ProPlusVolume|O365ProPlusRetail|
+|Office 2013 with Visio 2013|ProPlusVolume VisioProVolume|O365ProPlusRetail VisioProRetail|
+|Office 2013 with Visio 2013 and Project 2013|ProPlusVolume VisioProVolume ProjectProVolume|O365ProPlusRetail VisioProRetail ProjectProRetail|
#### How to convert the Office applications into an App-V package
-1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
- - **SourcePath**: Point to the Office applications downloaded earlier.
-
- - **ProductID**: Specify the type of licensing, as shown in the following examples:
- - Subscription Licensing:
- ```
-
-
-
-
-
-
-
-
-
-
+ * **SourcePath**: Point to the Office applications downloaded earlier.
+ * **ProductID**: Specify the type of licensing, as shown in the following examples:
+ * Subscription Licensing:
+ ```XML
+
+
+
+
+
+
+
+
+
+
```
In this example, the following changes were made to create a package with Subscription licensing:
- **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
- **Product ID** for Office was changed to `O365ProPlusRetail`.
- **Product ID** for Visio was changed to `VisioProRetail`.
-
- - Volume Licensing
- ```
-
-
-
-
-
-
-
-
-
-
+ * **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
+ * **Product ID** for Office was changed to `O365ProPlusRetail`.
+ * **Product ID** for Visio was changed to `VisioProRetail`.
+ * Volume Licensing
+ ```XML
+
+
+
+
+
+
+
+
+
+
```
In this example, the following changes were made to create a package with Volume licensing:
- **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
- **Product ID** for Office was changed to `ProPlusVolume`.
- **Product ID** for Visio was changed to `VisioProVolume`.
-
- - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
-
- - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+ * **SourcePath** is the source's path, which was changed to point to the Office applications that were downloaded earlier.
+ * **Product ID** for Office was changed to `ProPlusVolume`.
+ * **Product ID** for Visio was changed to `VisioProVolume`.
+ * **ExcludeApp** (optional) lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+ * **PACKAGEGUID** (optional)—By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
- **Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
-
-2. Use the /packager command to convert the Office applications to an Office 2013 App-V package.
+ >[!NOTE]
+ >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the **/packager** command to convert the Office applications to an Office 2013 App-V package.
For example:
- ``` syntax
+ ```PowerShell
\\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml \\server\share\Office2013AppV
```
In the example:
-
-
-
-
-
-
-
-
\\server\Office2013
-
is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
-
-
-
setup.exe
-
is the Office Deployment Tool.
-
-
-
/packager
-
creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.
-
-
-
\\server\Office2013\Customconfig.xml
-
passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
-
-
-
\\server\share\Office2013AppV
-
specifies the location of the newly created Office App-V package.
-
-
-
+ |Element|Description|
+ |---|---|
+ |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is named **Customconfig.xml**.|
+ |```setup.exe```|This is the Office Deployment Tool.|
+ |```/packager```|This creates the Office 2013 App-V package with Volume Licensing as specified in the **Customconfig.xml** file.|
+ |```\\server\Office2013\Customconfig.xml```|This passes the configuration XML file, which in this example is named "Customconfig," that has been prepared for the packaging stage.|
+ |```\\server\share\Office2013AppV```|This specifies the location of the newly created Office App-V package.|
- After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
- **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.
- **WorkingDir**
+ After you run the **/packager** command, the following folders will appear in the directory where you specified the package should be saved:
+
+ * **App-V Packages**, which contains an Office 2013 App-V package and two deployment configuration files.
+ * **WorkingDir**
- **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+ >[!NOTE]
+ >To troubleshoot any issues, see the log files in the %temp% directory (default).
+3. Verify that the Office 2013 App-V package works correctly:
-3. Verify that the Office 2013 App-V package works correctly:
-
- 1. Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
-
- 2. Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
-
-## Publishing the Office package for App-V
+ 1. Publish the Office 2013 App-V package that you created globally to a test computer and verify that the Office 2013 shortcuts appear.
+ 2. Start a few Office 2013 applications, such as Excel or Word, to test that your package is working as expected.
+## Publishing the Office package for App-V
Use the following information to publish an Office package.
@@ -493,121 +242,77 @@ Use the following information to publish an Office package.
Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
-- System Center Configuration Manager
-
-- App-V Server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
### Publishing prerequisites and requirements
-
-
-
-
-
-
-
-
Prerequisite or requirement
-
Details
-
-
-
-
-
Enable Windows PowerShell scripting on the App-V clients
-
To publish Office 2013 packages, you must run a script.
-
Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:
Extension points in the Office App-V package require installation at the computer level.
-
When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.
-
-
-
-
-
+|Prerequisite or requirement|Details|
+|---|---|
+|Enable Windows PowerShell scripting on the App-V clients.|To publish Office 2013 packages, you must run a script. Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command: ```Set-AppvClientConfiguration –EnablePackageScripts 1```|
+|Publish the Office 2013 package globally.|Extension points in the Office App-V package require installation at the computer level. When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.|
### How to publish an Office package
-Run the following command to publish an Office package globally:
+Run the following command to publish an Office package globally, wtih the bracketed value replaced by the path to the App-V package:
-- `Add-AppvClientPackage | Publish-AppvClientPackage –global`
+```PowerShell
+Add-AppvClientPackage | Publish-AppvClientPackage –global
+```
-- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
-
-## Customizing and managing Office App-V packages
+* From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
+## Customizing and managing Office App-V packages
To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections.
-- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins)
+* [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins)
+* [Disabling Office 2013 applications](#bkmk-disable-office-apps)
+* [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts)
+* [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd)
+* [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd)
+* [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project)
-- [Disabling Office 2013 applications](#bkmk-disable-office-apps)
+### Enabling Office plug-ins by using connection groups
-- [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts)
+Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You can't use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
-- [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd)
+#### To enable plug-ins for Office App-V packages
-- [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd)
+1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+3. Create an App-V package that includes the desired plug-ins.
+4. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-- [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project)
+ >[!IMPORTANT]
+ >The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, then add the plug-in App-V package.
+6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
+7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has.
-### Enabling Office plug-ins by using connection groups
+ Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as **Integrated** and that both **InProcessEnabled** and **OutOfProcessEnabled** match the settings of the Office 2013 App-V package you published.
+8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
+9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the updated file.
+10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you'll have to reboot to successfully enable the Connection Group.
+11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the Connection Group works as expected.
-Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
+### Disabling Office 2013 applications
-**To enable plug-ins for Office App-V packages**
+You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+>[!NOTE]
+>To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool#excludeapp-element).
-2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+#### To disable an Office 2013 application
-3. Create an App-V package that includes the desired plug-ins.
+1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+2. Search for the Office application you want to disable, for example, Access 2013.
+3. Change the value of "Enabled" from "true" to "false."
+4. Save the Deployment Configuration File.
+5. Add the Office 2013 App-V Package with the new Deployment Configuration File.
-4. Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
-
-5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-
- **Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
-
-6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
-
-7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has.
-
- Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published.
-
-8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
-
-9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
-
-10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group.
-
-11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected.
-
-### Disabling Office 2013 applications
-
-You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-
-**Note**
-To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx).
-
-
-
-**To disable an Office 2013 application**
-
-1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
-
-2. Search for the Office application you want to disable, for example, Access 2013.
-
-3. Change the value of "Enabled" from "true" to "false."
-
-4. Save the Deployment Configuration File.
-
-5. Add the Office 2013 App-V Package with the new Deployment Configuration File.
-
- ``` syntax
+ ``` XML
InfoPath Filler 2013
@@ -630,20 +335,16 @@ To exclude specific Office applications (for example, Access and InfoPath) when
```
+6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
-
-### Disabling Office 2013 shortcuts
+### Disabling Office 2013 shortcuts
You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access.
-**To disable shortcuts for Office 2013 applications**
+1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut.
-1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
-
-2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut.
-
- ``` syntax
+ ```XML
Shortcuts
-->
@@ -663,119 +364,74 @@ You may want to disable shortcuts for certain Office applications instead of unp
[{AppVPackageRoot}]\officel5\MSACCESS.EXE
```
-
-3. Save the Deployment Configuration File.
-
-4. Republish Office 2013 App-V Package with new Deployment Configuration File.
+3. Save the Deployment Configuration File.
+4. Republish Office 2013 App-V Package with new Deployment Configuration File.
Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
-### Managing Office 2013 package upgrades
+### Managing Office 2013 package upgrades
To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps.
-**How to upgrade a previously deployed Office 2013 package**
+#### How to upgrade a previously deployed Office 2013 package
-1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
- **Note**
- Office App-V packages have two Version IDs:
+ >[!NOTE]
+ >Office App-V packages have two Version IDs:
+ * An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+ * A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
+2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
+3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
- - An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
-
- - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
-
-
-
-2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
-
-3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
-
-### Managing Office 2013 licensing upgrades
+### Managing Office 2013 licensing upgrades
If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
-**How to upgrade an Office 2013 License**
+#### How to upgrade an Office 2013 License
-1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package.
-
-2. Remove the unpublished Office 2013 Subscription Licensing App-V package.
-
-3. Restart the computer.
-
-4. Add the new Office 2013 App-V Package Volume Licensing.
-
-5. Publish the added Office 2013 App-V Package with Volume Licensing.
+1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package.
+2. Remove the unpublished Office 2013 Subscription Licensing App-V package.
+3. Restart the computer.
+4. Add the new Office 2013 App-V Package Volume Licensing.
+5. Publish the added Office 2013 App-V Package with Volume Licensing.
An Office 2013 App-V Package with your chosen licensing will be successfully deployed.
-### Deploying Visio 2013 and Project 2013 with Office
+### Deploying Visio 2013 and Project 2013 with Office
This section describes the requirements and options for deploying Visio 2013 and Project 2013 with Office.
-- **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+* **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+* **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
-- **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
-
-
-
-
-
-
-
-
-
Goal
-
Method
-
-
-
-
-
Create two different packages and deploy each one to a different group of users
-
Create and deploy the following packages:
-
-
A package that contains only Office - deploy to computers whose users need only Office.
-
A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.
-
-
-
-
If you want only one package for the whole organization, or if you have users who share computers:
-
Follows these steps:
-
-
Create a package that contains Office, Visio, and Project.
-
Deploy the package to all users.
-
Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project.
-
-
-
-
+|Goal|Method|
+|---|---|
+|Create two different packages and deploy each one to a different group of users|Create and deploy the following packages: A package that contains only Office—deploy to computers whose users need only Office. A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.|
+|Create just one package for the whole organization, or for users who share computers|Follow these steps: 1. Create a package that contains Office, Visio, and Project. 2. Deploy the package to all users. 3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project.|
## Additional resources
+### Additional resources for Office 2013 App-V Packages
-**Office 2013 App-V Packages Additional Resources**
+* [Office 2013 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778)
+* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
-[Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778)
+### Additional resources for Office 2010 App-V Packages
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-**Office 2010 App-V Packages**
+### Additional resources for Connection Groups
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+* [Managing Connection Groups](appv-managing-connection-groups.md)
+* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+### Additional resources for Dynamic Configuration
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
-
-**Connection Groups**
-
-[Managing Connection Groups](appv-managing-connection-groups.md)
-
-[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
-
-**Dynamic Configuration**
-
-[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index a85db55986..e43a70509e 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -6,257 +6,216 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying Microsoft Office 2016 by Using App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
-
-This topic contains the following sections:
-
-- [What to know before you start](#what-to-know-before-you-start)
-
-- [Creating an Office 2016 package for App-V with the Office Deployment Tool](#creating-an-office-2016-package-for-app-v-with-the-office-deployment-tool)
-
-- [Publishing the Office package for App-V](#publishing-the-office-package-for-app-v)
-
-- [Customizing and managing Office App-V packages](#customizing-and-managing-office-app-v-packages)
+Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md).
## What to know before you start
-Before you deploy Office 2016 by using App-V, review the following planning information.
+Before you deploy Office 2016 with App-V, review the following planning information.
### Supported Office versions and Office coexistence
-Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
+Use the following table to get information about supported versions of Office and running coexisting versions of Office.
-| **Information to review** | **Description** |
-|-------------------------------------|------------------------|
-| [Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv) | - Supported versions of Office - Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI) - Office licensing options |
-| [Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting) | Considerations for installing different versions of Office on the same computer |
+|Information to review|Description|
+|---|---|
+|[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#supported-versions-of-microsoft-office)|Supported versions of Office and deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), and pooled VDI), and Office licensing options.|
+|[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#before-you-implement-office-coexistence)|Considerations for installing different versions of Office on the same computer.|
### Packaging, publishing, and deployment requirements
-Before you deploy Office by using App-V, review the following requirements.
+Before you deploy Office with App-V, review the following requirements.
-
-
-| **Task** | **Requirement** |
+|Task|Requirement|
|-----------|-------------------|
-| Packaging | - All of the Office applications that you want to deploy to users must be in a single package. - In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer. - If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
-| Publishing | - You can publish only one Office package to each client computer. - You must publish the Office package globally. You cannot publish to the user. |
-| Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services: - Office 365 ProPlus - Visio Pro for Office 365 - Project Pro for Office 365 | You must enable [shared computer activation](https://technet.microsoft.com/library/dn782860.aspx). |
+| Packaging. | All Office applications that you deploy to users must be in a single package. In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation. If you're deploying Microsoft Visio 2016 and Microsoft Project 2016 at the same time as Office, you must put them all in the same package. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
+| Publishing. | You can only publish one Office package per client computer. You must publish the Office package globally, not to the user. |
+| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/en-us/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). |
### Excluding Office applications from a package
The following table describes the recommended methods for excluding specific Office applications from a package.
-| **Task** | **Details** |
+|Task|Details|
|-------------|---------------|
-| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.
For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement). |
-| Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client. For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications). |
+| Use the **ExcludeApp** setting when you create the package by using the Office Deployment Tool. | With this setting, you can exclude specific Office applications from the package that the Office Deployment Tool creates. For example, you can use this setting to create a package that contains only Microsoft Word. For more information, see [ExcludeApp element](https://docs.microsoft.com/en-us/DeployOffice/configuration-options-for-the-office-2016-deployment-tool?ui=en-US&rs=en-US&ad=US#excludeapp-element). |
+| Modify the DeploymentConfig.xml file | Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client. For more information, see [Disabling Office 2016 applications](#disabling-office-2016-applications). |
## Creating an Office 2016 package for App-V with the Office Deployment Tool
Complete the following steps to create an Office 2016 package for App-V.
->**Important** In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
+>[!IMPORTANT]
+>In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
-The computer on which you are installing the Office Deployment Tool must have:
+The computer on which you are installing the Office Deployment Tool must have the following:
-
-
-| **Prerequisite** | **Description** |
+| Prerequisite | Description |
|----------------------|--------------------|
| Prerequisite software | .Net Framework 4 |
-| Supported operating systems | - 64-bit version of Windows 10 - 64-bit version of Windows 8 or 8.1 - 64-bit version of Windows 7 |
+| Supported operating systems | 64-bit version of Windows 10 64-bit version of Windows 8 or 8.1 64-bit version of Windows 7 |
->**Note** In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
+>[!NOTE]
+>In this topic, the term “Office 2016 App-V package” refers to subscription licensing.
-### Create Office 2016 App-V Packages Using Office Deployment Tool
+### Create Office 2016 App-V packages with the Office Deployment Tool
-You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing.
+You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with subscription licensing.
Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
### Download the Office Deployment Tool
-Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+Office 2016 App-V packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation, follow these steps:
-1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
+1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
- > **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+ >[!IMPORTANT]
+ >You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages.
+2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
-2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
-
- Example: \\\\Server\\Office2016
-
-3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+ Example location: \\\\Server\\Office2016
+3. Check that the **setup.exe** and **configuration.xml** files exist and are in the location you specified.
### Download Office 2016 applications
After you download the Office Deployment Tool, you can use it to get the latest Office 2016 applications. After getting the Office applications, you create the Office 2016 App-V package.
-The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+The XML file included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
-**Step 1: Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+ 1. Open the sample XML file in Notepad or your favorite text editor.
+ 2. With the sample **configuration.xml** file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the **configuration.xml** file:
-1. Open the sample XML file in Notepad or your favorite text editor.
-
-2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
-
- ```
-
-
-
-
-
-
-
-
-
-
- ```
+ ```XML
+
+
+
+
+
+
+
+
+
+
+ ```
- >**Note** The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the “<! - -“ from the beginning of the line, and the “-- >” from the end of the line.
+ >[!NOTE]
+ >The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To uncomment these lines, remove the `````` from the end of the line.
- The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016, which is the location where Office applications will be saved. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file:
+ The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. Note that the Product ID of the applications will not affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
-| **Input** | **Description** | **Example** |
-|--------------|----------------------------|----------------|
-| Add element | Specifies the products and languages to include in the package. | N/A |
-| OfficeClientEdition (attribute of Add element) | Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value. | **OfficeClientEdition**="32" **OfficeClientEdition**="64" |
-| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications. For more information about the product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"` `Product ID ="VisioProRetail"` `Product ID ="ProjectProRetail"` |
-| Language element | Specifies the language supported in the applications | `Language ID="en-us"` |
-| Version (attribute of Add element) | Optional. Specifies a build to use for the package Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
-| SourcePath (attribute of Add element) | Specifies the location in which the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |
-| Channel (part of Add element) | Optional. Defines which channel to use for updating Office after it is installed. The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client. For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://technet.microsoft.com/library/mt455210.aspx). | `Channel="Current"`
`Channel="Deferred"`
`Channel="FirstReleaseDeferred"`
`Channel="FirstReleaseCurrent"` |
+ | Input | Description | Example |
+ |--------------|----------------------------|----------------|
+ | Add element | Specifies which products and languages the package will include. | N/A |
+ | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition** must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"` `OfficeClientEdition="64"` |
+ | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications. For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"` `Product ID ="VisioProRetail"` `Product ID ="ProjectProRetail"` |
+ | Language element | Specifies which language the applications support. | `Language ID="en-us"` |
+ | Version (attribute of **Add** element) | Optional. Specifies which build the package will use. Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
+ | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |
+ | Channel (part of **Add** element) | Optional. Defines which channel will be used to update Office after installation. The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Online Desktop Client. For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/en-us/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"` `Channel="Deferred"` `Channel="FirstReleaseDeferred"` `Channel="FirstReleaseCurrent"` |
-After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
-**Step 2: Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with description of details:
+ `\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
-`\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
+ The following table describes the example command's elements:
-In the example:
-
-| Element | Description |
-|-------------------------------|--------------------------------------|
-| **\\\\server\\Office2016** | is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml. |
-| **Setup.exe** | is the Office Deployment Tool. |
-| **/download** | downloads the Office 2016 applications that you specify in the customConfig.xml file. |
-| **\\\\server\\Office2016\\Customconfig.xml** | passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\\\Server\\Office2016. |
+ | Element | Description |
+ |-------------------------------|--------------------------------------|
+ | ```\\server\Office2016``` | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**. |
+ | ``Setup.exe`` | This is the Office Deployment Tool. |
+ | ```/download``` | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file. |
+ | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
### Convert the Office applications into an App-V package
After you download the Office 2016 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2016 App-V package. Complete the steps that correspond to your licensing model.
-**Summary of what you’ll need to do:**
+#### What you’ll need to do
-- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers.
+* Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the **Customconfig.xml** configuration file.
-- Create an Office App-V package for either Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+ The following table summarizes the values you need to enter in the **Customconfig.xml** file. The steps in the sections that follow the table will specify the exact entries you need to make.
- The following table summarizes the values you need to enter in the CustomConfig.xml file. The steps in the sections that follow the table will specify the exact entries you need to make.
+>[!NOTE]
+>You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
->**Note** You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
-
-| **Product ID** | **Subscription Licensing** |
-|--------------------------------------------------|-------------------------------------------------------------|
-| **Office 2016** | O365ProPlusRetail |
-| **Office 2016 with Visio 2016** | O365ProPlusRetail VisioProRetail |
-| **Office 2016 with Visio 2016 and Project 2016** | O365ProPlusRetail VisioProRetail ProjectProRetail |
+| Product ID | Subscription licensing |
+|---|---|
+| Office 2016| O365ProPlusRetail |
+| Office 2016 with Visio 2016 | O365ProPlusRetail VisioProRetail |
+| Office 2016 with Visio 2016 and Project 2016 | O365ProPlusRetail VisioProRetail ProjectProRetail |
#### How to convert the Office applications into an App-V package
+
1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
- - **SourcePath**: Point to the Office applications downloaded earlier.
+ * **SourcePath**: Change to the location where you saved the Office applications you downloaded during setup.
+ * **ProductID**: Specify the type of licensing, as shown in the following example:
- - **ProductID**: Specify the type of licensing, as shown in the following example:
-
- - Subscription Licensing:
+ * Subscription Licensing:
+ ```XML
+
+
+
+
+
+
+
+
+
+
```
-
-
-
-
-
-
-
-
-
-
- ```
- In this example, the following changes were made to create a package with Subscription licensing:
+ This example made the following changes to create this Subscription Licensing package:
- **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.
- **Product ID** for Office was changed to `O365ProPlusRetail`.
- **Product ID** for Visio was changed to `VisioProRetail`.
-
- - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access.
-
- - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+ * **SourcePath** was changed to point to the Office applications that were downloaded earlier.
+ * **Product ID** for Office was changed to `O365ProPlusRetail`.
+ * **Product ID** for Visio was changed to `VisioProRetail`.
+ * **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package created by the Office Deployment Tool. For example, you can exclude Access.
+ * **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use **PACKAGEGUID** to specify a different package ID for each package, which allows you to publish multiple App-V packages created by the Office Deployment Tool, and then manage your published packages with the App-V Server.
An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.
- >**Note** Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+ >[!NOTE]
+ >Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
-2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
+ The following is an example packager command:
- For example:
-
- ``` syntax
+ ```syntax
\\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml \\server\share\Office2016AppV
```
- In the example:
+ The following table describes each element used in the example command:
-
-
-
-
-
-
-
-
\\server\Office2016
-
is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.
-
-
-
Setup.exe
-
is the Office Deployment Tool.
-
-
-
/packager
-
creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.
-
-
-
\\server\Office2016\Customconfig.xml
-
passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.
-
-
-
\\server\share\Office2016AppV
-
specifies the location of the newly created Office App-V package.
-
-
-
+ | Element | Description |
+ |-------------------------------|--------------------------------------|
+ |```\\server\Office2016```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is Customconfig.xml.|
+ |```Setup.exe```|This is the Office Deployment Tool.|
+ |```/packager```|This command creates the Office 2016 App-V package with the license type specified in the Customconfig.xml file.|
+ |```\\server\Office2016\Customconfig.xml```|This passes the configuration XML file that has been prepared for the packaging stage. In this example, the file is Customconfig.xml.|
+ |```\\server\share\Office2016AppV```|This specifies the location of the newly created Office App-V package.|
- After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
+ After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
- - **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files.
- - **WorkingDir**
-
- **Note** To troubleshoot any issues, see the log files in the %temp% directory (default).
+ * **App-V Packages**—contains an Office 2016 App-V package and two deployment configuration files.
+ * **WorkingDir**
+ >[!NOTE]
+ >To troubleshoot any issues, see the log files in the %temp% directory (default).
3. Verify that the Office 2016 App-V package works correctly:
- 1. Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear.
-
+ 1. Publish the Office 2016 App-V package that you created globally to a test computer and verify that the Office 2016 shortcuts appear.
2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected.
## Publishing the Office package for App-V
@@ -265,94 +224,78 @@ Use the following information to publish an Office package.
### Methods for publishing Office App-V packages
-Deploy the App-V package for Office 2016 by using the same methods you use for any other package:
+Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
-- System Center Configuration Manager
-
-- App-V Server
-
-- Stand-alone through Windows PowerShell commands
+* System Center Configuration Manager
+* App-V Server
+* Stand-alone through Windows PowerShell commands
### Publishing prerequisites and requirements
-| **Prerequisite or requirement** | **Details** |
+| Prerequisite or requirement | Details |
|---------------------------------------|--------------------|
-| Enable Windows PowerShell scripting on the App-V clients | To publish Office 2016 packages, you must run a script.
Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command: `Set-AppvClientConfiguration -EnablePackageScripts 1` |
-| Publish the Office 2016 package globally | Extension points in the Office App-V package require installation at the computer level.
When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
+| Enable Windows PowerShell scripting on the App-V clients. | To publish Office 2016 packages, you must run a script. However, package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command: `Set-AppvClientConfiguration -EnablePackageScripts 1` |
+| Publish the Office 2016 package globally. | Extension points in the Office App-V package require installation at the computer level. When you publish at the computer level, no prerequisite actions or redistributables are needed. The Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages. |
### How to publish an Office package
Run the following command to publish an Office package globally:
-- `Add-AppvClientPackage | Publish-AppvClientPackage -global`
+```PowerShell
+Add-AppvClientPackage | Publish-AppvClientPackage -global
+```
-- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
+* You can add permissions to a group of computers instead of just a user group through the Web Management Console on the App-V Server. This lets packages be published globally to the computers in the corresponding group.
## Customizing and managing Office App-V packages
To manage your Office App-V packages, use the same operations as you would for any other package, with a few exceptions as outlined in the following sections.
-- [Enabling Office plug-ins by using connection groups](#enabling-office-plug-ins-by-using-connection-groups)
-
-- [Disabling Office 2016 applications](#disabling-office-2016-applications)
-
-- [Disabling Office 2016 shortcuts](#disabling-office-2016-shortcuts)
-
-- [Managing Office 2016 package upgrades](#managing-office-2016-package-upgrades)
-
-- [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office)
+* [Enabling Office plug-ins by using connection groups](#enabling-office-plug-ins-by-using-connection-groups)
+* [Disabling Office 2016 applications](#disabling-office-2016-applications)
+* [Disabling Office 2016 shortcuts](#disabling-office-2016-shortcuts)
+* [Managing Office 2016 package upgrades](#managing-office-2016-package-upgrades)
+* [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office)
### Enabling Office plug-ins by using connection groups
-Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
+The following steps will tell you how to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that only contains the plug-ins (you can't use the Office Deployment Tool to create the plug-ins package). After that, create a connection group that contains the Office package and the plug-ins package.
-#### To enable plug-ins for Office App-V packages
+#### Enable plug-ins for Office App-V packages
-1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
+3. Create an App-V package that includes the plug-ins you want.
+4. Add a Connection Group through the App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
+ >[!IMPORTANT]
+ >The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
+6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match published Office 2016 App-V package's global settings.
+7. Verify that the plug-in package's Deployment Configuration file has the same settings as the Office 2016 App-V package.
-3. Create an App-V package that includes the desired plug-ins.
-
-4. Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
-
-5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
-
- > **Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package.
-
-6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package.
-
-7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2016 App-V package has.
-
- Since the Office 2016 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published.
-
-8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
-
-9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
-
-10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2016 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group.
-
-11. After you successfully publish both packages and enable the Connection Group, start the target Office 2016 application and verify that the plug-in you published and added to the connection group works as expected.
+ The Office 2016 App-V plug-in package's settings must match those of the operating system to allow for integration. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published.
+8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
+9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
+10. Ensure that the Connection Group you created on your desired computer is enabled. The Connection Group created will be shown as "pending" if the Office 2016 App-V package is being used while the Connection Group is enabled. If that happens, you'll have to reboot the computer to successfully enable the Connection Group.
+11. After you successfully publish both packages and enable the Connection Group, verify the plug-ins you published on the Connection Group work as expected.
### Disabling Office 2016 applications
-You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
+You can also disable specific applications in your Office App-V package. For example, if you don't want to use Access, you can disable Access while leaving all other Office applications available. When you disable an application, the user will no longer see its shortcut icon. You don't need to re-sequence the application to do this. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, just save the changes and add the Office 2016 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
->**Note** To exclude specific Office applications (for example, Access) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
+>[!NOTE]
+>To exclude specific Office applications when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting.
-#### To disable an Office 2016 application
+#### Disable an Office 2016 application
-1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+2. Search for the Office application you want to disable, for example, Access 2016.
+3. Change the value of **Enabled** to **false**.
+4. Save the Deployment Configuration File.
+5. Add the Office 2016 App-V Package with the new Deployment Configuration File.
-2. Search for the Office application you want to disable, for example, Access 2016.
-
-3. Change the value of "Enabled" from "true" to "false."
-
-4. Save the Deployment Configuration File.
-
-5. Add the Office 2016 App-V Package with the new Deployment Configuration File.
-
- ``` syntax
+ ```XML
Lync 2016
@@ -368,21 +311,19 @@ You may want to disable specific applications in your Office App-V package. For
```
-
6. Re-add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications.
### Disabling Office 2016 shortcuts
You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access.
-#### To disable shortcuts for Office 2016 applications
+#### Disable shortcuts for Office 2016 applications
-1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. The following example shows how to delete the Microsoft Access shortcuts while keeping the subsystems `` intact.
-2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut.
-
- ``` syntax
- Shortcuts
+ ``` XML
+ Shortcuts
-->
@@ -401,45 +342,42 @@ You may want to disable shortcuts for certain Office applications instead of unp
[{AppVPackageRoot}]\officel6\MSACCESS.EXE
```
-
3. Save the Deployment Configuration File.
-
-4. Republish Office 2016 App-V Package with new Deployment Configuration File.
+4. Republish the Office 2016 App-V Package with the new Deployment Configuration File.
Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
### Managing Office 2016 package upgrades
-To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the following steps.
+To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the steps outlined in the following section.
#### How to upgrade a previously deployed Office 2016 package
-1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
- > **Note** Office App-V packages have two Version IDs:
- > - An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
- > - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
-
-2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
-
-3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
+ >[!NOTE]
+ >Office App-V packages have two Version IDs:
+ >* An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+ >* A second App-V Package Version ID, formatted as X.X.X.X, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect the new version of Office. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
+2. Globally publish the newly created Office 2016 App-V Packages onto the computers you want to apply the new updates to. Since the new package has the same lineage as the older Office 2016 App-V Package, publishing will be fast, as publishing the new package with the updates only applies the new changes to the old package.
+3. Upgrades will be applied in the same manner of any globally published App-V packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
### Deploying Visio 2016 and Project 2016 with Office
The following table describes the requirements and options for deploying Visio 2016 and Project 2016 with Office.
-| **Task** | **Details** |
+| Task | Details |
|---------------------|---------------|
| How do I package and publish Visio 2016 and Project 2016 with Office? | You must include Visio 2016 and Project 2016 in the same package with Office. If you are not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. |
-| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods: **To create two different packages and deploy each one to a different group of users**: Create and deploy the following packages: - A package that contains only Office - deploy to computers whose users need only Office. - A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.
**To create only one package for the whole organization, or create a package intended for users who share computers**: Follow these steps: 1. Create a package that contains Office, Visio, and Project. 2. Deploy the package to all users. 3. Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project. |
+| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods: **To create two different packages and deploy each one to a different group of users**: Create and deploy the following packages: - A package that contains only Office—deploy to computers whose users need only Office. - A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.
**To create only one package for the whole organization, or to create a package intended for users who share computers**: 1. Create a package that contains Office, Visio, and Project. 2. Deploy the package to all users. 3. Use [AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. |
## Related topics
-- [Deploying App-V for Windows 10](appv-deploying-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
-- [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
+* [Deploying App-V for Windows 10](appv-deploying-appv.md)
+* [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 946c1b15fd..79da7a2972 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -36,7 +36,7 @@ Explains how to configure the App-V client to enable only administrators to publ
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for using an ESD and App-V
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 68e3cdbb61..58d77d2a5a 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -6,29 +6,26 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Deploying the App-V Sequencer and configuring the client
+>Applies to: Windows 10, version 1607
-# Deploying the App-V Sequencer and Configuring the Client
-
-**Applies to**
-- Windows 10, version 1607
-
-The App-V Sequencer and client enable administrators to virtualize and run virtualized applications.
+The App-V Sequencer and client let administrators to virtualize and run virtual applications.
## Enable the client
-The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server.
+The App-V client is the component that runs a virtualized application on a target computer. The client lets users interact with icons and file types, starting virtualized applications. The client can also get the virtual application content from the management server.
-> [!NOTE]
-> In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
+>[!NOTE]
+>In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-## Client Configuration Settings
+## Client configuration settings
-The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About Client Configuration Settings](appv-client-configuration-settings.md).
+The App-V client stores its configuration in the registry. Understanding the format used in the data registry can help you learn useful information about the client. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About client configuration settings](appv-client-configuration-settings.md).
## Configure the client by using the ADMX template and Group Policy
@@ -36,28 +33,26 @@ You can use Group Policy to configure the client settings for the App-V client a
To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
-1. Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions**
-
-2. Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ **
+1. Save the **.admx** file to the following directory: ```Windows\PolicyDefinitions```
+2. Save the **.adml** file to the following directory: ```Windows\PolicyDefinitions\```
After you have completed the preceding steps, you can use Group Policy to configure the client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
## Understanding Shared Content Store mode for App-V clients
-The App-V Shared Content Store (SCS) mode enables the SCS App-V clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
+App-V Shared Content Store (SCS) mode lets SCS App-V clients run virtualized applications without having to save any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
-> [!IMPORTANT]
-> If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet.
+>[!IMPORTANT]
+>If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet.
Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V client to stream the required virtualized package data across the network.
The SCS mode is helpful in the following scenarios:
-- Virtual desktop infrastructure (VDI) deployments
+* Virtual desktop infrastructure (VDI) deployments
+* Remote Desktop Services deployments
-- Remote Desktop Services deployments
-
-To use SCS in your environment, you must configure the App-V client to run in SCS mode (it will not use SCS mode by default).
+To use SCS in your environment, you must configure the App-V client to run in SCS mode, as it does not use SCS mode by default.
There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V client in SCS mode. This can be accomplished with Windows PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using Windows PowerShell commands. The package would not stream across the network because it would be locally stored.
@@ -65,15 +60,14 @@ There might be cases when the administrator pre-loads some virtual applications
Use the following steps to locate and configure the Group Policy setting for the SCS Mode for App-V clients.
-1. In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+1. In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+2. Enable the **Set the Shared Content Mode (SCS) mode** setting.
-2. Enable the **Set the Shared Content Mode (SCS) mode** setting.
-
-### Configure an individual client to use the SCS mode
+### Configure an individual client to use SCS mode
To configure the App-V client to run in SCS mode, on the client, enter the following Windows PowerShell command:
-```
+```PowerShell
Set-AppvClientConfiguration -SharedContentStoreMode 1
```
@@ -83,15 +77,17 @@ The Sequencer is a tool that is used to convert standard applications into virtu
For a list of changes in the App-V Sequencer, see [What's new in App-V](appv-about-appv.md).
-To deploy the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+To deploy the sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md).
-## App-V Client and Sequencer logs
+## App-V client and Sequencer logs
+You can use the App-V Sequencer log information to troubleshoot Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following file path is the specific path for Sequencer-related events:
-You can use the App-V Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events:
+**Event Viewer\Applications and Services Logs\Microsoft\App V**.
-**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
+>[!NOTE]
+>Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 1112538222..2b88ff503b 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -6,83 +6,79 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Deploying the App-V server
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
->**Note** If you plan to use the App-V server components in your deployment, note that they reference App-V 5.x. This is because the App-V server components have not changed in App-V for Windows 10.
+You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V security considerations](appv-security-considerations.md).
-You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md).
+>[!NOTE]
+>If you plan to use the App-V server components in your deployment, note that the version number is still listed as App-V 5.x, as the App-V server components have not changed in App-V for Windows 10.
-For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md).
+To learn more about deploying App-V for Windows 10, read [What's new in App-V](appv-about-appv.md).
->**Important** Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
+>[!IMPORTANT]
+>Before installing and configuring the App-V servers, you must specify the port or ports where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports, as the installer does not modify firewall settings.
## Download and install App-V server components
->**Note**
-If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+>[!NOTE]
+>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components, as they haven't changed since App-V 5.0 was released.
-App-V offers the following five server components, each of which serves a specific purpose in an App-V environment.
+App-V offers the following five server components, each of which serves a specific purpose in an App-V environment.
-- **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
+* **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
- >**Note** If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
-
-- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the management database.
-
-- **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server.
+ >[!NOTE]
+ >If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
+* **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. For more information about the management database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
+* **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. To learn how to configure the publishing server, see [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md).
+* **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. To learn more about App-V's reporting capabilities, see [About App-V reporting](appv-reporting.md).
+* **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. To learn more about the reporting database, see [How to deploy the App-V server](appv-deploy-the-appv-server.md).
-- **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V.
+All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
-- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the reporting database.
+* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
+* The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
+In large organizations, you might want to install more than one instance of the server components to get the following benefits.
-- The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
-
-- The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
-
-In large organizations, you might want to install more than one instance of the server components to get:
-
-- Fault tolerance for situations when one of the servers is unavailable.
-
-- High availability to balance server requests. We recommend using a network load balancer to achieve this.
-
-- Scalability to support a high load. For example, you can install additional servers behind a network load balancer.
+* Fault tolerance for situations when one of the servers is unavailable.
+* High availability to balance server requests. A network load balancer can also help you acheive this.
+* Scalability to support high loads. For example, you can install additional servers behind a network load balancer.
## App-V standalone deployment
-The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this strategy for larger deployments.
-- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+The App-V standalone deployment's topology is good for small deployments or test environments. In this implementation type, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. However, because services and associated databases will compete for the computer's resources, it's not a good idea to use the standalone deployment for larger deployments.
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+The following articles will give you more information about how to set up an App-V standalone deployment.
-## App-V Server distributed deployment
-The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V server components are deployed across multiple computers, based on the structure and requirements of the organization.
+* [How to deploy the App-V server](appv-deploy-the-appv-server.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
-- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+## App-V server distributed deployment
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+The distributed deployment topology can support a large App-V client base, allowing you to more easily manage and scale your environment. When you use this type of deployment the App-V server components are deployed across multiple computers, based on your organization's structure and requirements.
-- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
-
-- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
-
-- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to install the management and reporting databases on separate computers from the management and reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
+* [How to deploy the App-V server using a script](appv-deploy-the-appv-server-with-a-script.md)
+* [How to install the publishing server on a remote computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+* [How to install the management server on a standalone computer and connect it to the database](appv-install-the-management-server-on-a-standalone-computer.md)
## Using an Enterprise Software Distribution (ESD) solution and App-V
-You can also deploy packages by using an ESD. The full capabilities for integration will vary depending on the ESD that you use.
->**Note** The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+You can also deploy packages with an ESD. Its full integration capabilities will vary depending on which ESD you use.
-[Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+>[!NOTE]
+>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+
+* [Deploying App-V packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
## App-V Server logs
+
You can use App-V server log information to help troubleshoot the server installation and operational events while using App-V. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
@@ -92,22 +88,23 @@ Associated setup logs are saved in the following directory:
**%temp%**
## App-V reporting
+
App-V reporting allows App-V clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V client collects:
-- Information about the computer that runs the App-V client.
+* Information about the computer running the App-V client.
+* Information about virtualized packages on a specific computer running the App-V client.
+* Information about package open and shutdown for a specific user.
-- Information about virtualized packages on a specific computer that runs the App-V client.
+The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services (SSRS) to generate any necessary reports.
-- Information about package open and shutdown for a specific user.
+If you want to retrieve report information, you must use Microsoft SQL SSRS, which is available with Microsoft SQL. SSRS must be deployed separately to generate the associated reports, as it isn't automatically installed during App-V server installation.
-The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
+For more information, see [About App-V reporting](appv-reporting.md) and [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
-If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports.
+## Other App-V server resources
-For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
-
-## Other resources for the App-V server
-- [Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 2382fb9bf3..e979c7f02f 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -6,74 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Deployment Checklist
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-This checklist can be used to help you during an App-V deployment.
+This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorites while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
->**Note**
-This checklist outlines the recommended steps and items to consider when deploying App-V features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
+|Status|Task|References|Notes|
+|---|---|---|---|
+||Prepare the computing environment for App-V deployment during your planning phase.|[App-V planning checklist](appv-planning-checklist.md)||
+||Review App-V's supported configurations.|[App-V supported configurations](appv-supported-configurations.md)||
+||Run App-V Setup to deploy the required App-V features for your environment.|[How to install the sequencer](appv-install-the-sequencer.md) [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) [How to deploy the App-V server](appv-deploy-the-appv-server.md)||
-
-
-
-
-
-
-
-
-
-
-
Task
-
References
-
Notes
-
-
-
-
-
-
Complete the planning phase to prepare the computing environment for App-V deployment.
Run App-V Setup to deploy the required App-V features for your environment.
-
-Note
-
Keep track of the names of the servers and associated URLs created during installation. This information will be used throughout the installation process.
-
-
-
-
-
-
-
[How to Install the Sequencer](appv-install-the-sequencer.md)
-
[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-
[How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
-
-
-
-
-
+>[!NOTE]
+>Keep track of server names and associated URLs you create during installation. You'll need this information throughout the installation process.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 765d08ffa9..5cc4247912 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -735,7 +735,7 @@ To create the file manually, the information above in previous sections can be c
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 4201fc2dd5..3ae3740c77 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -29,4 +29,4 @@ Starting in App-V 5.0 SP3, you can configure the App-V client so that only admin
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 40e2ad2093..c21abca90a 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -41,7 +41,7 @@ Use the following procedure to configure the App-V for reporting.
ReportingServerURL
-
Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.
+
Specifies the location on the reporting server where client information is saved. For example, https://<reportingservername>:<reportingportnumber>.
Note
This is the port number that was assigned during the Reporting Server setup
@@ -82,7 +82,7 @@ Use the following procedure to configure the App-V for reporting.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 99775a8445..ff0ad45667 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -6,49 +6,37 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Enable the App-V in-box client
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
+The App-V client is the component that runs virtualized applications on user devices. Once you enable the client, users can interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
-With Windows 10, version 1607, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
+With Windows 10, version 1607, the App-V client is installed automatically. However, you'll still need to enable the client yourself to allow user devices to access and run virtual applications. You can set up the client with the Group Policy editor or with Windows PowerShell.
-**To enable the App-V client with Group Policy:**
+Here's how to enable the App-V client with Group Policy:
-1. Open the device’s **Group Policy Editor**.
+1. Open the device’s **Group Policy Editor**.
+2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+3. Run **Enables App-V Client**, then select **Enabled**.
+4. Restart the device.
-2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+Here's how to enable the App-V client with Windows PowerShell:
-3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears.
+1. Open Windows PowerShell.
+2. Enter **Enable-Appv**, then select the Enter key.
+3. Restart the device.
+4. To verify that the App-V client is working, enter **Get-AppvStatus**, then select the Enter key.
-4. Restart the device.
+Check out these articles for more information about how to configure the App-V client:
-**To enable the App-V client with Windows PowerShell:**
-
-1. Open Windows PowerShell.
-
-2. Type `Enable-Appv` and press ENTER.
-
-3. Restart the device.
-
-4. To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER.
-
-
-For information about configuring the App-V client, see:
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
-- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
-
-- [Using the client management console](appv-using-the-client-management-console.md)
-
-- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+* [Using the client management console](appv-using-the-client-management-console.md)
+* [How to configure the client to receive package and connection group updates From the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 655ab01b0e..d055f0c12d 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -47,7 +47,7 @@ Use the following links for more information about creating and managing virtual
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 9b59235639..857938e467 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -66,4 +66,4 @@ The topics in this section provide information and step-by-step procedures to he
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 447b1277d6..1003f2f5a6 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -6,73 +6,52 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 03/28/2018
+ms.date: 04/18/2018
---
+# Getting started with App-V for Windows 10
+>Applies to: Windows 10, version 1607
-# Getting Started with App-V for Windows 10
+Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-**Applies to**
-- Windows 10
-
-Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-
-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, review which versions of Windows are supported and have the necessary software preinstalled in the [App-V for Windows 10 Prerequisites](appv-prerequisites.md).
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
->**Important**
-You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade.
+>[!IMPORTANT]
+>You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade your existing App-V installation to App-V 5.0 SP2 before upgrading to App-V for Windows.
-For information about previous versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+To learn more about previous versions of App-V, see [MDOP information experience](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/index).
## Getting started with App-V for Windows 10 (new installations)
-To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table provides information about the App-V for Windows 10 components and where to find them.
+To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table describes the App-V for Windows 10 components, what they do, and where to find them.
| Component | What it does | Where to find it |
|------------|--|------|
-| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
**Note** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
- The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
- The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.
-| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). |
-| App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). |
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
+| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). |
+| App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). |
For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
+If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
## Getting started with App-V
+[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization.
-- [What's new in App-V](appv-about-appv.md)
+[Evaluating App-V](appv-evaluating-appv.md) provides information about how you can best evaluate App-V for use in your organization.
- Provides a high-level overview of App-V and how it can be used in your organization.
+[High Level Architecture for App-V](appv-high-level-architecture.md) provides a description of the App-V features and how they work together.
-- [Evaluating App-V](appv-evaluating-appv.md)
-
- Provides information about how you can best evaluate App-V for use in your organization.
-
-- [High Level Architecture for App-V](appv-high-level-architecture.md)
-
- Provides a description of the App-V features and how they work together.
-
-## Other resources for this product
-
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Other resources for this product
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 53dae3fb94..3b799fe1ab 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,85 +1,33 @@
---
-title: High Level Architecture for App-V (Windows 10)
-description: High Level Architecture for App-V
+title: High-level architecture for App-V (Windows 10)
+description: High-level Architecture for App-V.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# High-level architecture for App-V
+>Applies to: Windows 10, version 1607
-# High Level Architecture for App-V
-
-**Applies to**
-- Windows 10, version 1607
-
-Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment.
-
-## Architecture Overview
+Use the following information to simplify your Microsoft Application Virtualization (App-V) deployment.
+## Architecture overview
A typical App-V implementation consists of the following elements.
-
-
-
-
-
-
-
-
Element
-
More information
-
-
-
-
-
App-V Management Server
-
The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:
-
-
Fault Tolerance and High Availability – Installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline.
-
You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.
-
Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.
-
-
-
-
App-V Publishing Server
-
The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:
-
-
HTTP, and HTTPS
-
-
You can also help increase App-V availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.
-
-
-
App-V Reporting Server
-
The App-V Reporting server enables authorized users to run and view existing App-V reports and ad hoc reports that can help them manage the App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.
-
-
-
App-V Client
-
The App-V client enables packages created using App-V to run on target computers.
-
-
-
+|Element|Description|
+|---|---|
+|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits: **Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced. **Scalability**—you can add additional management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
+|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports HTTP and HTTPS protocols. You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and ad hoc reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Client|The App-V client enables packages created using App-V to run on target computers.|
-
-**Note**
-If you are using App-V with Electronic Software Distribution (ESD) you are not required to use the App-V Management server. However, you can still utilize the reporting and streaming functionality of App-V.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+>[!NOTE]
+>If you are using App-V with electronic software distribution (ESD), you aren't required to use the App-V Management server. However, you can still use App-V's reporting and streaming functionality.
## Related topics
-
-[Getting Started with App-V](appv-getting-started.md)
-
-
-
-
-
-
-
-
-
+- [Getting Started with App-V](appv-getting-started.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index b2d945ee06..efc8ef2948 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -139,7 +139,7 @@ Before attempting this procedure, you should read and understand the information
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index eb3ed96877..3097201087 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,100 +1,77 @@
---
-title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10)
-description: How to install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
+description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
-
-# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
->**Note**
-After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
+>[!NOTE]
+>After you complete the deployment, the administrator installing the service will need the Microsoft SQL Server name, instance name and the database name to connect to these databases.
-**To install the management database and the management server on separate computers**
+## Installing the management database and the management server on separate computers
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Management Server Database** checkbox, then selecting **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+ * If you are using a custom SQL Server instance, select **Use a custom instance** and enter the name of the instance.
+ * If you are using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, then enter the remote machine account using the following format: ```Domain\MachineAccount```.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ >[!NOTE]
+ >If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: ```Domain\AdministratorLoginName```. After that, select **Next**.
+8. To start the installation, select **Install**.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+## Installing the reporting database and the reporting server on separate computers
-4. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
+1. Copy the App-V server installation files to the computer you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. After that, select **Next**.
+4. On the **Feature selection** page, select the components you want to install by first selecting the **Reporting Server Database** checkbox, then selecting **Next**.
+5. On the **Installation Location** page, accept the default location and select **Next**.
+6. On the initial **Create new management server database** page, accept the default selections if appropriate, then select **Next**.
+ * If you're using a custom SQL Server instance, select **Use a custom instance** and enter the instance name.
+ * If you're using a custom database name, select **Custom configuration** and enter the database name.
+7. On the next **Create new management server database** page, select **Use a remote computer**, and enter the remote machine account using the following format: ```Domain\MachineAccount```.
-5. On the **Installation Location** page, accept the default location and click **Next**.
+ >[!NOTE]
+ >If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. After that, select **Next**.
+8. To start the installation, select **Install**.
-6. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
+## Installing the management and reporting databases using App-V database scripts
- If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
+1. Copy the App-V server installation files to the computer on which you want to install it on.
+2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
- If you are using a custom database name, then select **Custom configuration** and type the database name.
+ ```SQL
+ appv\_server\_setup.exe /LAYOUT /LAYOUTDIR=”InstallationExtractionLocation”
+ ```
+
+3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
-7. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
+ * The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
+ * The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
+4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
- >**Note**
- If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
+ >[!NOTE]
+ >For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
+5. Run the scripts on the computer running Microsoft SQL Server.
-8. To start the installation, click **Install**.
+## Have a suggestion for App-V?
-**To install the reporting database and the reporting server on separate computers**
-
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
-
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
-
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
-
- If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
-
- If you are using a custom database name, then select **Custom configuration** and type the database name.
-
-7. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: Domain\\MachineAccount.
-
- **Note**
- If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
-
-8. To start the installation, click **Install**.
-
-**To install the management and reporting databases using App-V database scripts**
-
-1. Copy the App-V server installation files to the computer on which you want to install it on.
-
-2. To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
-
- **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**
-
-3. After the extraction has been completed, to access the App-V database scripts and instructions readme file:
-
- - The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
-
- - The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
-
-4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
-
- **Note**
- For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).
-
-5. Run the scripts on the computer running Microsoft SQL Server.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Deploying App-V](appv-deploying-appv.md)
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index fa923602c4..2da4a3b2f6 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -6,56 +6,34 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# How to install the Management Server on a Standalone Computer and Connect it to the Database
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
-Use the following procedure to install the management server on a standalone computer and connect it to the database.
+To install the management server on a standalone computer and connect it to the database, follow these steps.
-**To install the management server on a standalone computer and connect it to the database**
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
+4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
+5. On the **Installation Location** page, accept the default location, then select **Next**.
+6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+ >[!NOTE]
+ >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance**, then enter the instance's name. Specify the **SQL Server Database name** that this management server will use, such as ```AppvManagement```.
+7. On the **Configure management server configuration** page, specify the following items:
+ * The AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+ * The **Website Name** you want to use for the management service. Accept the default if you do not have a custom name.
+ * For the **Port Binding**, specify a unique port number, such as **12345**.
+8. Select **Install**.
+9. To confirm that the setup has completed successfully, open a web browser and enter the following URL: https://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings displayed.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+## Have a suggestion for App-V?
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
-
- >**Note**
- If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
-
-7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
-
- Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
-
-8. Click **Install**.
-
-9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying App-V](appv-deploying-appv.md)
-
-
-
-
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 5a9a64344a..a67700ab9a 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -6,50 +6,35 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to install the publishing server on a remote computer
-
-# How to Install the Publishing Server on a Remote Computer
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available.
-**To install the publishing server on a separate computer**
+## Installing the publishing server on a separate computer
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Click **Next**.
+4. On the **Feature selection** page, select the **Publishing Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location, then select **Next**.
+6. On the **Configure publishing server configuration** page, specify the following items:
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ * The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+ * Specify the website name that you want to use for the publishing service. If you don't have a custom name, then use the default name.
+ * For the **Port binding**, specify a unique port number that will be used by App-V. For example, **54321**.
+7. On the **Ready to install** page, select **Install**.
+8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+ 1. Open the App-V management server console.
+ 2. In the left pane, select **Servers**, then select **Register New Server**.
+ 3. Enter the server name and a description (if required), then select **Add**.
+9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle that package to an AD group, then publish it. Using an internet browser, open the following URL: **https://publishingserver:pubport**. If the server is running correctly, information like the following example should appear.
-4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Publishing Server Configuration** page, specify the following items:
-
- - The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
-
- - Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
-
- - For the **Port Binding**, specify a unique port number that will be used by App-V, for example **54321**.
-
-7. On the **Ready to Install** page, click **Install**.
-
-8. After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
-
- 1. Open the App-V management server console.
-
- 2. In the left pane, select **Servers**, and then select **Register New Server**.
-
- 3. Type the name of this server and a description (if required) and click **Add**.
-
-9. To verify that the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
-
- ```syntax
+ ```SQL
@@ -69,18 +54,8 @@ Use the following procedure to install the publishing server on a separate compu
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying App-V](appv-deploying-appv.md)
-
-
-
-
-
-
-
-
-
+* [Deploying App-V](appv-deploying-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 99f591c3af..edf22cbc3d 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,58 +1,45 @@
---
-title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10)
+title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# How to install the reporting server on a standalone computer and connect it to the database
-
-# How to install the Reporting Server on a Standalone Computer and Connect it to the Database
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
-> **Important** Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
+>[!IMPORTANT]
+>Before performing the following procedure you should read and understand [About App-V reporting](appv-reporting.md).
-**To install the reporting server on a standalone computer and connect it to the database**
+## Install the reporting server on a standalone computer and connect it to the database
-1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+1. Copy the App-V server installation files to the computer you plan to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
+2. On the **Getting started** page, review and accept the license terms, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**. Select **Next**.
+4. On the **Feature selection** page, select the **Reporting Server** checkbox, then select **Next**.
+5. On the **Installation location** page, accept the default location and select **Next**.
+6. On the **Configure existing reporting database** page, select **Use a remote SQL Server**, then enter the machine name of the computer running Microsoft SQL Server. For example, you can name your computer **SqlServerMachine**.
-2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
+ >[!NOTE]
+ >If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server instance, select **Use the default instance**. If you're using a custom Microsoft SQL Server instance, select **Use a custom instance**, then enter the name of your custom instance. Specify the **SQL Server Database name** that this reporting server will use; for example, you can name the server **AppvReporting**.
+7. On the **Configure reporting server configuration** page.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
-
-4. On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**.
-
-5. On the **Installation Location** page, accept the default location and click **Next**.
-
-6. On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
-
- **Note**
- If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
-
-7. On the **Configure Reporting Server Configuration** page.
-
- - Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
-
- - For the **Port binding**, specify a unique port number that will be used by App-V, for example **55555**. You should also ensure that the port specified is not being used by another website.
-
-8. Click **Install**.
+ * Specify the website name you want to use for the reporting service. Leave the default unchanged if you do not have a custom name.
+ * For the **Port binding**, specify a unique, five-digit port number for App-V to use, such as **55555**. Make sure that the specified port isn't being used by another website.
+8. Select **Install**.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[About App-V Reporting](appv-reporting.md)
-
-[Deploying App-V](appv-deploying-appv.md)
-
-[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
+* [About App-V reporting](appv-reporting.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index c07313e6e7..c799df5bae 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -6,48 +6,43 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Install the App-V Sequencer
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
-> [!NOTE]
-> The computer that will run the sequencer must not have the App-V client enabled on it. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
+>[!NOTE]
+>The computer that will run the sequencer must not have the App-V client enabled. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource-intensive, so make sure the computer that will run the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
-To install the App-V Sequencer:
+## How to install the App-V Sequencer
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
-2. Click or press the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
+2. Select the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+3. To open the Sequencer, go to the **Start** menu and select **Microsoft Application Virtualization (App-V) Sequencer**.
-3. To open the Sequencer, from the **Start** menu, select **Microsoft Application Virtualization (App-V) Sequencer** .
-
-See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
+See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
## Command-line options for installing the sequencer
You can also use the command line to install the App-V sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
-| **Command** | **Description** |
+| Command | Description |
|-------------------|------------------|
-| /INSTALLDIR | Specifies the installation directory. |
-| /Log | Specifies where the installation log will be saved, the default location is **%Temp%**. For example, **C:\\Logs\\ log.log**. |
-| /q | Specifies a quiet or silent installation. |
-| /Uninstall | Specifies the removal of the sequencer. |
-| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
-| /LAYOUT | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
-| /LAYOUTDIR | Specifies the layout directory. Requires a string value. Example usage:**/LAYOUTDIR=”C:\\Application Virtualization Client”**. |
-| /? Or /h or /help | Displays associated help. |
+| **/INSTALLDIR** | Specifies the installation directory. |
+| **/Log** | Specifies where the installation log will be saved. The default location is **%Temp%**. For example, **C:\\Logs\\log.log**. |
+| **/q** | Specifies a quiet or silent installation. |
+| **/Uninstall** | Specifies the removal of the sequencer. |
+| **/ACCEPTEULA** | Accepts the license agreement. This is required for an unattended installation. For example, **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+| **/LAYOUT** | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
+| **/LAYOUTDIR** | Specifies the layout directory. Requires a string value. For example, **/LAYOUTDIR=”C:\\Application Virtualization Client”**. |
+| **/?** or **/h** or **/help** | Displays associated help. |
## To troubleshoot the App-V sequencer installation
@@ -55,8 +50,8 @@ For more information regarding the sequencer installation, you can view the erro
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index a42284d262..2a510d8f89 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -160,7 +160,7 @@ Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
-- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).
+- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
## Displaying the help for a Windows PowerShell cmdlet
@@ -174,4 +174,4 @@ To display help for a specific Windows PowerShell cmdlet:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index faf98d1a83..3db885c191 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -33,7 +33,7 @@ Additionally, ISV’s who want to explicitly virtualize or not virtualize calls
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for maintaining App-V
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 97eee09c9b..e3c9eca586 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -273,7 +273,7 @@ For more information about pending tasks, see [Upgrading an in-use App-V package
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index d355206820..a82855cb2a 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -128,7 +128,7 @@ This topic explains the following procedures:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 7822555b01..3f69438c95 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -67,7 +67,7 @@ In some previous versions of App-V, connection groups were referred to as Dynami
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for App-V connection groups
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index f08ad71d32..e74aecb295 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -250,7 +250,7 @@ There is no direct method to upgrade to a full App-V infrastructure. Use the inf
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for performing App-V migration tasks
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 0d54d46c3d..c3c5a98cac 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -147,7 +147,7 @@ This topic explains how to:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 2390fd040c..febf5efcda 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -30,7 +30,7 @@ Use the following procedure to configure the App-V client configuration.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 51ac36eeca..fc39d7dc05 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -28,7 +28,7 @@ Follow these steps to create a new management server console:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index ff65d8049c..23b04fbff1 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -6,73 +6,47 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Operations for App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
## Operations Information
-
-- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
Describes how to create, modify, and convert virtualized packages.
-
-- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator.
-
-- [Managing Connection Groups](appv-managing-connection-groups.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications.
-
-- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
Describes how to deploy App-V packages by using an ESD.
-
-- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
Describes how perform client configuration tasks using the client management console.
-
-- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
Provides instructions for migrating to App-V from a previous version.
-
-- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks.
+## Additional information
+
+- [Application Virtualization (App-V) overview](appv-for-windows.md)
+- [Getting Started with App-V](appv-getting-started.md)
+- [Planning for App-V](appv-planning-for-appv.md)
+- [Deploying App-V](appv-deploying-appv.md)
+- [Troubleshooting App-V](appv-troubleshooting.md)
+- [Technical Reference for App-V](appv-technical-reference.md)
+
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other Resources for App-V Operations
-
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting Started with App-V](appv-getting-started.md)
-
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical Reference for App-V](appv-technical-reference.md)
-
-
-
-
-
-
-
-
-
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 5fe043b48f..faf22cca11 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -271,7 +271,7 @@ For more information, see:
- [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
-In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).
**Note**
Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
@@ -444,41 +444,41 @@ In a non-persistent environment, it is unlikely these pended operations will be
The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
-
+
**.NET NGEN Blog (Highly Recommended)**
-- [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
+- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
**Windows Server and Server Roles**
Server Performance Tuning Guidelines for
-- [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
-- [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
-- [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
**Server Roles**
-- [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
+- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
-- [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
+- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
-- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
+- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
-- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx)
+- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx)
**Windows Client (Guest OS) Performance Tuning Guidance**
-- [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
-- [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
## Sequencing Steps to Optimize Packages for Publishing Performance
@@ -735,7 +735,7 @@ The following terms are used when describing concepts and actions related to App
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index e83f075640..9525003f91 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -6,78 +6,29 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# App-V Planning Checklist
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This checklist can be used to help you plan for preparing your organization for an App-V deployment.
-> [!NOTE]
-> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V deployment. It is recommended that you copy this checklist and customize it for your use.
+>[!NOTE]
+>This checklist outlines the recommended steps and a high-level list of items to consider when planning an App-V deployment. It's a good idea to copy this checklist and customize it for your use.
-
-
-
-
-
-
-
-
-
-
-
Task
-
References
-
Notes
-
-
-
-
-
-
Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.
-
[Getting Started with App-V](appv-getting-started.md)
-
-
-
-
-
Plan for App-V deployment prerequisites and prepare your computing environment.
-
[App-V Prerequisites](appv-prerequisites.md)
-
-
-
-
-
If you plan to use the App-V management server, plan for the required roles.
-
[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
-
-
-
-
-
Plan for the App-V sequencer and client so you to create and run virtualized applications.
-
[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
-
-
-
-
-
If applicable, review the options and steps for migrating from a previous version of App-V.
-
[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
-
-
-
-
-
Decide whether to configure App-V clients in Shared Content Store mode.
-
[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
-
-
-
-
+|Status|Task|References|Notes|
+|---|---|---|---|
+||Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.|[Getting started with App-V](appv-getting-started.md)||
+||Plan for App-V deployment prerequisites and prepare your computing environment.|[App-V prerequisites](appv-prerequisites.md)||
+||If you plan to use the App-V management server, plan for the required roles.|[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md)||
+||Plan for the App-V sequencer and client to create and run virtualized applications.|[Planning for the App-V Sequencer and client deployment](appv-planning-for-sequencer-and-client-deployment.md)||
+||If applicable, review the options and steps for migrating from a previous version of App-V.|[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)||
+||Decide whether to configure App-V clients in Shared Content Store mode.|[Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)||
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 965c94670f..28f695046f 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -6,145 +6,56 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning to Use Folder Redirection with App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
-This topic contains the following sections:
+## What is folder redirection?
-- [Requirements for using folder redirection](#bkmk-folder-redir-reqs)
+Folder redirection lets end users work with files that have been redirected to another folder as if the files still exist on the local drive.
-- [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg)
+* Users and administrators can redirect the path of a folder to a network location. The documents in the specified folder will be available to users from any computer in the network.
+ * For example, you can redirect the Documents folder from your computer's local hard disk to a network location. The user can then access the folder's documents from any computer on the network.
+* The new location can be a folder on either the local computer or a shared network.
+* Folder redirection immediately updates the files, while roaming data is typically synchronized when the user logs in or out of a session.
-- [How folder redirection works with App-V](#bkmk-folder-redir-works)
+## Requirements for using folder redirection with App-V
-- [Overview of folder redirection](#bkmk-folder-redir-overview)
+To use %AppData% folder redirection, you must:
-## Requirements and unsupported scenarios for using folder redirection
+* Have an App-V package that has an AppData virtual file system (VFS) folder.
+* Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.
+* Roam both or neither of the following:
+ * Files under %appdata%\Microsoft\AppV\Client\Catalog
+ * Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
+For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
-
-
-
-
-
-
-
-
Requirements
-
To use %AppData% folder redirection, you must:
-
-
Have an App-V package that has an AppData virtual file system (VFS) folder.
-
Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.
-
Roam both or neither of the following:
-
-
Files under %appdata%\Microsoft\AppV\Client\Catalog
-
Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
-
For more detail, see [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
-
-
Ensure that the following folders are available to each user who logs into the computer that is running the App-V client:
-
-
%AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).
-
%LocalAppData% is configured to the desired local folder.
-
-
-
-
-
Unsupported scenarios
-
-
Configuring %LocalAppData% as a network drive.
-
Redirecting the Start menu to a single folder for multiple users.
-
If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.
-
-
-
-
+## Unsupported scenarios for App-V folder redirection
-
+The following scenatios aren't supported by App-V:
-## How to configure folder redirection for use with App-V
+* Configuring %LocalAppData% as a network drive.
+* Redirecting the Start menu to a single folder for multiple users.
+* If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.
+## How to configure folder redirection for use with App-V
-Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
-
-## How folder redirection works with App-V
+Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, and so on. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
+## How folder redirection works with App-V
The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article.
-
-
-
-
-
-
-
-
Virtual environment state
-
Action that occurs
-
-
-
-
-
When the virtual environment starts
-
The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).
-
-
LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:
The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.
-
While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.
-
Entries to the AppData folder are made using the user context, not the system context.
-
-
-
-
-
When the virtual environment shuts down
-
The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:
To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.
-
-
-
-
-
-
-## Overview of folder redirection
-
-
-
-
-
-
-
-
-
-
Purpose
-
Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.
-
-
-
Description
-
Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.
-
-
Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.
-
The new location can be a folder on the local computer or a folder on a shared network.
-
Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.
-
-
-
-
Usage example
-
You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.
+|Virtual environment state|Action that occurs|
+|---|---|
+|When the virtual environment starts.|The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%). - LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under ```%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData``` - The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache. - While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer. - Entries to the AppData folder are made using the user context, not the system context.|
+|When the virtual environment shuts down.|The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp that indicates the last known upload is simultaneously saved as a registry key under ```HKCU\Software\Microsoft\AppV\Client\Packages\\AppDataTime```. App-V keeps the three most recent copies of the compressed data under %AppData% for redundancy.|
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 2080ab4880..eb5dc60914 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -6,102 +6,54 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for the App-V server deployment
-
-# Planning for the App-V Server Deployment
-
-**Applies to**
-- Windows Server 2016
+>Applies to: Windows Server 2016
The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
-## Planning for App-V Server Deployment
-
+## About the App-V server
The App-V server consists of the following features:
-- Management Server – provides overall management functionality for the App-V infrastructure.
+* Management Server—provides overall management functionality for the App-V infrastructure.
+* Management Database—facilitates database predeployments for App-V management.
+* Publishing Server—provides hosting and streaming functionality for virtual applications.
+* Reporting Server—provides App-V reporting services.
+* Reporting Database—facilitates database predeployments for App-V reporting.
-- Management Database – facilitates database predeployments for App-V management.
+The following list describes recommended App-V server infrastructure installation methods:
-- Publishing Server – provides hosting and streaming functionality for virtual applications.
+* Install the App-V server. For more information, see [How to deploy the App-V Server](appv-deploy-the-appv-server.md).
+* Install the database, reporting, and management features on separate computers. For more information, see [How to install the Management and Reporting databases on separate computers from the Management and Reporting services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+* Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V packages using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+* Install all server features on a single computer.
-- Reporting Server – provides App-V reporting services.
+## App-V server interaction
-- Reporting Database – facilitates database predeployments for App-V reporting.
+This section describes how the various App-V server roles interact with each other.
-The following list displays the recommended methods for installing the App-V server infrastructure:
+The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can serve different clients with different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
-- Install the App-V server. For more information, see [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).
+>[!NOTE]
+>The Management Server does not perform load balancing. The associated metadata is passed to the publishing server for use when processing client requests.
-- Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+## Server-related protocols and external features
-- Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
-
-- Install all server features on a single computer.
-
-## App-V Server Interaction
-
-
-This section contains information about how the various App-V server roles interact with each other.
-
-The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
-
-**Note**
-The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
-
-
-
-## Server-Related Protocols and External Features
-
-
-The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type.
-
-
-
-
-
-
-
-
-
-
-
-
Server Type
-
Protocols
-
External Features Needed
-
Reporting
-
-
-
-
-
-
IIS server
-
HTTP
-
HTTPS
-
This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.
-
Internal
-
-
-
-
File
-
SMB
-
This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.
-
Internal
-
-
-
-
+The following table lists server-related protocols used by the App-V servers, and also describes the reporting mechanism for each server type.
+|Server type|Protocols|External features needed|Reporting|
+|---|---|---|---|
+|IIS server|HTTP HTTPS|This server-protocol combination requires a mechanism to synchronize content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.|Internal|
+|File|SMB|This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer that's capable of file sharing or streaming.|Internal|
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-
-[Deploying the App-V Server](appv-deploying-the-appv-server.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index c6410c847f..6a3f8107da 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -6,45 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Planning for App-V
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Use this information to plan how to deploy App-V so that it does not disrupt your users or the network.
+Use the following information to plan to deploy App-V without disrupting your existing network or user experience.
## Planning information
-- [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+[Preparing your environment for App-V](appv-preparing-your-environment.md) describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
- This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
+[Planning to deploy App-V](appv-planning-to-deploy-appv.md) describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+[App-V planning checklist](appv-planning-checklist.md) is a planning checklist that can assist you with App-V deployment planning.
- This section describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
+## Other App-V planning resources
-- [App-V Planning Checklist](appv-planning-checklist.md)
-
- Planning checklist that can be used to assist in App-V deployment planning.
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
-- [Application Virtualization (App-V) overview](appv-for-windows.md)
-
-- [Getting started with App-V](appv-getting-started.md)
-
-- [Deploying App-V](appv-deploying-appv.md)
-
-- [Operations for App-V](appv-operations.md)
-
-- [Troubleshooting App-V](appv-troubleshooting.md)
-
-- [Technical reference for App-V](appv-technical-reference.md)
+* [Application Virtualization (App-V) overview](appv-for-windows.md)
+* [Getting started with App-V](appv-getting-started.md)
+* [Deploying App-V](appv-deploying-appv.md)
+* [Operations for App-V](appv-operations.md)
+* [Troubleshooting App-V](appv-troubleshooting.md)
+* [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 7b1341c67d..32232234da 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -6,133 +6,100 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for high availability with App-V Server
+>Applies to: Windows 10, version 1607
-# Planning for High Availability with App-V Server
+Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high available service level.
-**Applies to**
-- Windows 10, version 1607
+The following sections will he following sections to help you understand the options to deploy App-V in a highly available configuration.
-Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service.
+## Support for Microsoft SQL Server clustering
-Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration.
+You can run the App-V Management and Reporting databases on computers running Microsoft SQL Server clusters. However, you must install the databases using scripts.
-- [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster)
+For deployment instructions, see [How to deploy the App-V databases by using SQL scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-- [Support for IIS Network Load Balancing](#bkmk-iisloadbal)
+## Support for IIS network load balancing
-- [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode)
+You can use Internet Information Services' (IIS) network load balancing (NLB) to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services that are deployed through IIS.
-- [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring)
+Review the following articles to learn more about configuring IIS and NLB for computers running Windows Server operating systems:
-- [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson)
+* [Achieving High Availability and Scalability - ARR and NLB](https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0.
-## Support for Microsoft SQL Server clustering
+* [Network load balancing overview]() will tell you more about how to configure Microsoft Windows Server.
+ This information also applies to IIS NLB clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
-You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts.
+>[!NOTE]
+>The IIS NLB functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details have changed in Windows Server 2012. To learn how to work with these changes, see [Common management tasks and navigation in Windows]().
-For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
-
-## Support for IIS Network Load Balancing
-
-
-You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services which are deployed through IIS.
-
-Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems:
-
-- Provides information about configuring Internet Information Services (IIS) 7.0.
-
- [Achieving High Availability and Scalability - ARR and NLB](http://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb)
-
-- Configuring Microsoft Windows Server
-
- [Network Load Balancing Overview](https://technet.microsoft.com/library/hh831698(v=ws.11).aspx).
-
- This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
-
- **Note**
- The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows](https://technet.microsoft.com/library/hh831491.aspx).
-
-## Support for clustered file servers when running SCS mode
+## Support for clustered file servers when running SCS mode
Running App-V Server in Shared Content Store (SCS) mode with clustered file servers is supported.
-The following steps can be used to enable this configuration:
+To enable SCS mode configurations, follow these steps:
-- Configure the App-V client to run in Shared Content Store mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
-
-- Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
+1. Configure the App-V client to run in SCS mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+2. Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
The following steps can be used to validate the configuration:
-1. Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).
+1. Add a package on the publishing server. To learn how to add a package, see [How to add or upgrade packages by using the Management console](appv-add-or-upgrade-packages-with-the-management-console.md).
+2. Perform a publishing refresh on the computer running the App-V client and open an application.
+3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly.
-2. Perform a publishing refresh on the computer running the App-V client and open an application.
+Review the following articles to learn more about configuring Windows Server failover clusters:
-3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly.
+* [Create a failover cluster]()
+* [Use cluster shared volumes in a failover cluster]()
-Review the following for more information about configuring Windows Server Failover clusters:
-
-- [Create a Failover Cluster](https://technet.microsoft.com/library/dn505754(v=ws.11).aspx).
-
-- [Use Cluster Shared Volumes in a Failover Cluster](https://technet.microsoft.com/library/jj612868(v=ws.11).aspx).
-
-## Support for Microsoft SQL Server Mirroring
+## Support for Microsoft SQL Server mirroring
Using Microsoft SQL Server mirroring, where the App-V management server database is mirrored utilizing two SQL Server instances, for App-V management server databases is supported.
-Review the following for more information about configuring Microsoft SQL Server Mirroring:
+Review the following to learn more about how to configure Microsoft SQL Server mirroring:
-- [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx)
-
-- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx)
+* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server)
+* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx) (FIX LINK)
The following steps can be used to validate the configuration:
-1. Initiate a Microsoft SQL Server Mirroring session.
+1. Initiate a Microsoft SQL Server Mirroring session.
+2. Select **Failover** to designate a new master Microsoft SQL Server instance.
+3. Verify that the App-V management server continues to function as expected after the failover.
-2. Select **Failover** to designate a new master Microsoft SQL Server instance.
+The connection string on the management server can be modified to include ```failover partner = ```. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot).
-3. Verify that the App-V management server continues to function as expected after the failover.
+Use the following steps to modify the connection string to include ```failover partner = ```:
-The connection string on the management server can be modified to include **failover partner = <server2>**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot).
+>[!IMPORTANT]
+>This process involves changing the Windows registry with Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. Always make a backup copy of the registry files (**System.dat** and **User.dat**) before chagning the registry. Microsoft can't guarantee that problems caused by changing the registry can be resolved, so change the registry at your own risk.
-Use the following steps to modify the connection string to include **failover partner = <server2>**:
-
-**Important**
-This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
-
-
-1. Login to the management server and open **regedit**.
-
-2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
-
-3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = <server2>**.
-
-4. Restart management service using the IIS console.
-
- **Note**
- Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
+1. Log in to the management server and open **regedit**.
+2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
+3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the ```failover partner = ``` value.
+4. Restart management service using the IIS console.
+ >[!NOTE]
+ >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012]() due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
Click any of the following links for more information:
-- [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx).
+* [Prepare a mirror database for mirroring (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server).
+* [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/database-engine/database-mirroring/establish-database-mirroring-session-windows-authentication).
+* [Deprecated database engine features in SQL Server 2012]().
-- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://technet.microsoft.com/library/ms188712(v=sql.130).aspx).
+## Support for Microsoft SQL Server Always On configuration
-- [Deprecated Database Engine Features in SQL Server 2012](https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx).
-
-## Support for Microsoft SQL Server Always On configuration
-
-The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://technet.microsoft.com/library/hh510230.aspx).
+The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server).
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 44f198b58d..bcc0dd487f 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -6,38 +6,31 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning for the App-V Sequencer and Client Deployment
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations.
+Before you can use App-V, you must install the App-V Sequencer and enable the App-V client. You can also the App-V shared content store, although it isn't required. The following sections will tell you how to set these up.
## Planning for App-V Sequencer deployment
-
App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer.
-> [!NOTE]
+> [!NOTE]
> For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md).
+The computer running the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V supported configurations](appv-supported-configurations.md).
-The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md).
+Ideally, you should install the sequencer on a computer running as a virtual machine. This lets you revert the computer that's running the sequencer to a “clean” state before sequencing another application. When installing the sequencer using a virtual machine, you should do the following things:
-Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps:
-
-1. Install all associated sequencer prerequisites.
-
-2. Install the sequencer.
-
-3. Take a “snapshot” of the environment.
-
-> [!IMPORTANT]
->You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
+1. Install all associated sequencer prerequisites.
+2. Install the sequencer.
+3. Take a “snapshot” of the environment.
+>[!IMPORTANT]
+>Your corporate security team should review and approve the sequencing process plan before implementing it. For security reasons, it's a good idea to keep sequencer operations in a lab separate from the production environment. The sequencing computers must be capapble of connecting to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they shouldn't remail on the corporate network unprotected. You can protect your sequencing computers by operating them on an isolated network, behind a firewall, or by using virtual machines on an isolated virtual network. Make sure your solution follows your company's corporate security policies.
## Planning for App-V client deployment
@@ -45,28 +38,24 @@ In Windows 10, version 1607, the App-V client is included with the operating sys
## Planning for the App-V Shared Content Store (SCS)
-The App-V Shared Content Store mode allows the computer running the App-V client to run virtualized applications and none of the package contents is saved on the computer running the App-V client. Virtual applications are streamed to target computers only when requested by the client.
+The App-V Shared Content Store mode allows computers running the App-V client to run virtualized applications without saving any package contents to the App-V client computer. Virtual applications are streamed to target computers only when requested by the client.
-The following list displays some of the benefits of using the App-V Shared Content Store:
+The following list displays some of the benefits of using App-V SCS:
-- Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing
-
-- Accelerated application deployment by reduction of deployment risk
-
-- Simplified profile management
+* Reduced app-to-app and multi-user application conflicts reduces the need for regression testing
+* Reduced deployment risk accelerates application deployment
+* Simplified profile management
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-## Other resources for the App-V deployment
+## Other App-V deployment resources
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
## Related topics
-- [How to Install the Sequencer](appv-install-the-sequencer.md)
-
-- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
-
-- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+* [How to install the sequencer](appv-install-the-sequencer.md)
+* [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index ec4b6f331f..378e61401d 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,266 +1,138 @@
---
-title: Planning for Using App-V with Office (Windows 10)
+title: Planning for Deploying App-V with Office (Windows 10)
description: Planning for Using App-V with Office
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Planning for deploying App-V with Office
+>Applies to: Windows 10, version 1607
-# Planning for Using App-V with Office
+Use the following information to plan how to deploy Office within Microsoft Application Virtualization (App-V).
-**Applies to**
-- Windows 10, version 1607
+## App-V language pack support
-Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes:
-
-- [App-V support for Language Packs](#bkmk-lang-pack)
-
-- [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv)
-
-- [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting)
-
-- [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win)
-
-## App-V support for Language Packs
-
-You can use the App-V Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group.
-
->[!NOTE]
->Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
-
-## Supported versions of Microsoft Office
-See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
+You can use the App-V Sequencer to create plug-in packages for language packs, language interface packs, proofing tools, and ScreenTip languages. You can then include the plug-in packages in a connection group, along with the Office package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in language packs will interact seamlessly in the same connection group.
>[!NOTE]
->You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
+>Microsoft Visio and Microsoft Project do not support the Thai Language Pack.
->Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744)
+## Supported versions of Microsoft Office
-## Planning for using App-V with coexisting versions of Office
+For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/en-us/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click).
-You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, using Office coexistence is not recommended by Microsoft.
+>[!NOTE]
+>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744).
-Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future.
+## Using App-V with coexisting versions of Office
+
+You can simultaneously install more than one version of Microsoft Office on the same computer with a feature called “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSI) version of Office, Click-to-Run, and App-V. However, Microsoft doesn't recommend using Office coexistence.
+
+Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, in cases where issues arise during migration that you can't immediately resolve, Office coexistence can allow for faster migration to the latest Office version. Since this solution is only meant to be temporary, your organization must set up a plan to fully transition to the newer version of Office in the meantime.
### Before you implement Office coexistence
-Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence.
+Before implementing Office coexistence, review the information in the following table that corresponds to the newest version of Office that you will use in coexistence. The documentation linked here will guide you in implementing coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office.
-
-
-
-
-
-
-
-
Office version
-
Link to guidance
-
-
-
-
-
Office 2016
-
[Information about how to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408)
-
-
-
Office 2013
-
[Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)
-
-
-
Office 2010
-
[Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)
-
-
-
+|Office version|Relevant how-to guides|
+|---|---|
+|Office 2016|[How to use Outlook 2016 or 2013 and an earlier version of Outlook installed on the same computer](https://support.microsoft.com/kb/2782408)|
+|Office 2013|[How to use Office 2013 suites and programs (MSI deployment) on a computer running another version of Office](https://support.microsoft.com/kb/2784668)|
+|Office 2010|How to use Office 2010 suites and programs on a computer running another version of Office](https://support.microsoft.com/kb/2121447)|
-
-The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSI) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
+Once you've reviewed the relevant guide, this topic will supplement what you've learned with information about Office coexistence that's more specific to App-V deployments.
### Supported Office coexistence scenarios
-The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
+The following tables summarize supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
->[!NOTE]
+>[!NOTE]
>Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
-
+### Windows integrations and Office coexistence
-### Windows integrations & Office coexistence
+Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows OS, but coexistence can cause these integrations to conflict. App-V can sequence certain version of Office to exclude integrations that could be potential problem spots, isolating them from the OS and preventing compatibility or user experience issues.
-The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system.
+The following table describes the integration level of each version of Office, and which mode App-V can use to sequence them.
-
-
-
-
-
-
-
-
-
Mode in which App-V can sequence this version of Office
-
-
-
-
-
Office 2007
-
Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.
-
-
-
Office 2010
-
Integrated and non-integrated mode.
-
-
-
Office 2013
-
Always integrated. Windows operating system integrations cannot be disabled.
-
-
-
Office 2016
-
Always integrated. Windows operating system integrations cannot be disabled.
-
-
-
+|Office version|The modes App-V can sequence this version of Office with|
+|---|---|
+|Office 2007|Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.|
+|Office 2010|Integrated and non-integrated mode.|
+|Office 2013|Always integrated. Windows operating system integrations cannot be disabled.|
+|Office 2016|Always integrated. Windows operating system integrations cannot be disabled.|
-Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069).
+Microsoft recommends deploying Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
### Known limitations of Office coexistence scenarios
-The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office.
+The following sections describe issues you might encounter when using App-V to implement coexistence with Office.
### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios
-The following limitations can occur when you install the following versions of Office on the same computer:
+Limitations can occur when you install the following versions of Office on the same computer:
-- Office 2010 by using the Windows Installer-based version
+* Office 2010 with the Windows Installer-based version
+* Office 2013 or Office 2016 with App-V
-- Office 2013 or Office 2016 by using App-V
-
-After you publish Office 2013 or Office 2016 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010, it might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
+Publishing Office 2013 or Office 2016 with App-V at the same time as an earlier version of the Windows Installer-based Office 2010 might cause the Windows Installer to start. This is because either the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
To bypass the auto-registration operation for native Word 2010, follow these steps:
-1. Exit Word 2010.
+1. Exit Word 2010.
+2. Start the Registry Editor by doing the following:
-2. Start the Registry Editor by doing the following:
+ * In Windows 7k, select **Start**, type **regedit** in the Start Search box, then select the Enter key.
- - In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter.
+ * In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
- - In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter.
-
- If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**.
-
-3. Locate and then select the following registry subkey:
+ If you're prompted for an administrator password, enter the password. If you're propmted for a confirmation, select **Continue**.
+3. Locate and then select the following registry subkey:
``` syntax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
```
+4. On the **Edit** menu, select **New**, then select **DWORD Value**.
+5. Type **NoReReg**, then select the Enter key.
+6. Right-click **NoReReg**, then select **Modify**.
+7. In the **Valuedata** box, enter **1**, then select **OK**.
+8. On the File menu, select **Exit** to close Registry Editor.
-4. On the **Edit** menu, click **New**, and then click **DWORD Value**.
+## How Office integrates with Windows when you use App-V to deploy Office
-5. Type **NoReReg**, and then press Enter.
-
-6. Right-click **NoReReg** and then click **Modify**.
-
-7. In the **Valuedata** box, type **1**, and then click **OK**.
-
-8. On the File menu, click **Exit** to close Registry Editor.
-
-
-
-## How Office integrates with Windows when you use App-V to deploy Office
-
-When you deploy Office 2013 or Office 2016 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V.
+When you deploy Office 2013 or Office 2016 with App-V, Office is fully integrated with the operating system that provides end-users with the same features and functionality that Office has when deployed without App-V.
The Office 2013 or Office 2016 App-V package supports the following integration points with the Windows operating system:
-
-
-
-
-
-
-
-
Extension Point
-
Description
-
-
-
-
-
Skype for Business (formerly Lync) meeting Join Plug-in for Firefox and Chrome
-
User can join Skype meetings from Firefox and Chrome
-
-
-
Sent to OneNote Print Driver
-
User can print to OneNote
-
-
-
OneNote Linked Notes
-
OneNote Linked Notes
-
-
-
Send to OneNote Internet Explorer Add-In
-
User can send to OneNote from IE
-
-
-
Firewall Exception for Skype for Business (formerly Lync) and Outlook
-
Firewall Exception for Skype for Business (formerly Lync) and Outlook
-
-
-
MAPI Client
-
Native apps and add-ins can interact with virtual Outlook through MAPI
-
-
-
SharePoint Plug-in for Firefox
-
User can use SharePoint features in Firefox
-
-
-
Mail Control Panel Applet
-
User gets the mail control panel applet in Outlook
-
-
-
Primary Interop Assemblies
-
Support managed add-ins
-
-
-
Office Document Cache Handler
-
Allows Document Cache for Office applications
-
-
-
Outlook Protocol Search handler
-
User can search in outlook
-
-
-
Active X Controls
-
For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx).
-
-
-
OneDrive Pro Icon Overlays
-
Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders
-
-
-
Shell extensions
-
-
-
-
Shortcuts
-
-
-
-
Windows Search
-
-
-
-
+|Integration point|Description|
+|---|---|
+|Skype for Business (formerly Lync) Meeting Join plug-in for Firefox and Chrome|User can join Skype meetings from Firefox and Chrome|
+|Sent to OneNote Print Driver|User can print to OneNote|
+|OneNote Linked Notes|OneNote Linked Notes|
+|Send to OneNote Internet Explorer add-in|User can send to OneNote from IE|
+|Firewall exception for Skype for Business (formerly Lync) and Outlook|Firewall exception for Skype for Business (formerly Lync) and Outlook|
+|MAPI client|Native apps and add-ins can interact with virtual Outlook through MAPI|
+|SharePoint Plug-in for Firefox|User can use SharePoint features in Firefox|
+|Mail Control Panel Applet|User gets the mail control panel applet in Outlook|
+|Primary Interop Assemblies|Support managed add-ins|
+|Office Document Cache Handler|Allows Document Cache for Office applications|
+|Outlook Protocol Search Handler|User can search in Outlook|
+|Active X Controls|For more information on ActiveX controls, refer to [ActiveX Control API Reference]().|
+|OneDrive Pro Icon Overlays|Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders|
+|Shell extensions||
+|Shortcuts||
+|Windows Search||
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
-- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
-- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+* [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
+* [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+* [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 5e18534d50..ee75ec9087 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -6,32 +6,27 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
# Planning to Deploy App-V with an electronic software distribution system
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
+If you are using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with System Center Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
| Deployment requirement or option | Description |
-| - | - |
+|---|---|
| The App-V Management server, Management database, and Publishing server are not required. | These functions are handled by the implemented ESD solution. |
-| You can deploy the App-V Reporting server and Reporting database side by side with the ESD. | The side-by-side deployment lets you to collect data and generate reports. If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files. |
+| You can deploy the App-V Reporting server and Reporting database side-by-side with the ESD. | The side-by-side deployment lets you collect data and generate reports. If you enable the App-V client to send report information without using the App-V Reporting server, the reporting data will be stored in associated .xml files. |
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-- [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
-
-- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
-
-- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
-
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [How to deploy App-V packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+* [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index dab76ddfbf..7e9a2005e7 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -6,77 +6,51 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
-
-
# Planning to Deploy App-V for Windows 10
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
-There are a number of different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to make a deployment plan that best meets your needs.
## App-V supported configurations
-Describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
-
-[App-V Supported Configurations](appv-supported-configurations.md)
+[App-V supported configurations](appv-supported-configurations.md) describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
## App-V capacity planning
-Describes the available options for scaling your App-V deployment.
-
-[App-V Capacity Planning](appv-capacity-planning.md)
+[App-V capacity planning](appv-capacity-planning.md) describes the available options for scaling your App-V deployment.
## Planning for high availability with App-V
-Describes the available options for ensuring high availability of App-V databases and services.
-
-[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+[Planning for high availability with App-V](appv-planning-for-high-availability-with-appv.md) describes the available options for ensuring high availability of App-V databases and services.
## Planning to Deploy App-V with an Electronic Software Distribution System
-Describes the options and requirements for deploying App-V with an electronic software distribution system.
-
-[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) describes the options and requirements for deploying App-V with an electronic software distribution system.
## Planning for App-V server deployment
-Describes the planning considerations for the App-V Server components and their functions.
-
-[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+[Planning for the App-V server deployment](appv-planning-for-appv-server-deployment.md) describes the planning considerations for the App-V Server components and their functions.
## Planning for the App-V Sequencer and Client deployment
-Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages.
-
-[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
+[Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md) describes planning considerations you should make for deploying the App-V Client and the Sequencer software, which you use to create virtual applications and application packages.
## Planning for migrating from a previous version of App-V
-Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment.
-
-[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+[Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md) describes the recommended path for migrating from previous versions of App-V without disrupting your existing server configurations, packages, and clients.
## Planning for using App-V with Office
-Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office.
-
-[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
+[Planning for using App-V with Office](appv-planning-for-using-appv-with-office.md) describes the requirements for using App-V with Office and the supported scenarios, including information about coexisting versions of Office.
## Planning to use folder redirection with App-V
-Explains how folder redirection works with App-V.
-
-[Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
+[Planning to use folder redirection with App-V](appv-planning-folder-redirection-with-appv.md) explains how folder redirection works with App-V.
## Other Resources for App-V Planning
-- [Planning for App-V](appv-planning-for-appv.md)
-
-- [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
-
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+* [Planning for App-V](appv-planning-for-appv.md)
+* [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index cb6cfe9f54..045ae3eac4 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -6,32 +6,22 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# Preparing your environment for App-V
-# Preparing Your Environment for App-V
+>Applies to: Windows 10, version 1607
-**Applies to**
-- Windows 10, version 1607
-
-There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
+There are several different deployment configurations and prerequisites that you must consider before creating your deployment plan for Microsoft App-V. The following articles will help you gather the information you need to set up a deployment plan that best suits your business’ needs.
## App-V prerequisites
-- [App-V Prerequisites](appv-prerequisites.md)
-
- Lists the prerequisite software that you must install before installing App-V.
+[App-V prerequisites](appv-prerequisites.md) lists the prerequisite software that you must install before installing App-V.
## App-V security considerations
-- [App-V Security Considerations](appv-security-considerations.md)
+[App-V security considerations](appv-security-considerations.md) describes accounts, groups, log files, and other considerations for securing your App-V environment.
- Describes accounts, groups, log files, and other considerations for securing your App-V environment.
+## Other App-V planning resources
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
-## Other resources for App-V planning
-
-- [Planning for App-V](appv-planning-for-appv.md)
+* [Planning for App-V](appv-planning-for-appv.md)
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index 1181322016..f8f7d4b0e9 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -6,14 +6,11 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/18/2018
---
+# App-V for Windows 10 prerequisites
-
-# App-V for Windows 10 Prerequisites
-
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
@@ -21,559 +18,145 @@ For a list of supported operating systems and hardware requirements for the App-
## Summary of software preinstalled on each operating system
-
The following table indicates the software that is already installed for different operating systems.
-
-
-
-
-
-
-
-
Operating system
-
Prerequisite description
-
-
-
-
-
Windows 10
-
All of the prerequisite software is already installed.
-
-
-
Windows 8.1
-
All of the prerequisite software is already installed.
-
-Note
-
If you are running Windows 8, upgrade to Windows 8.1 before using App-V.
-
-
-
-
-
-
-
Windows Server 2016
-
The following prerequisite software is already installed:
-
-
Microsoft .NET Framework 4.5
-
Windows PowerShell 3.0
-
-Note
-
Installing Windows PowerShell 3.0 requires a restart.
-
-
-
-
-
-
-
-
Windows 7
-
The prerequisite software is not already installed. You must install it before you can install App-V.
-
-
-
-
-
+|Operating system|Prerequisite description|
+|---|---|
+|Windows 10|All prerequisite software is already installed.|
+|Windows 8.1|All prerequisite software is already installed. If you're running Windows 8, upgrade to Windows 8.1 before using App-V.|
+|Windows Server 2016|The following prerequisite software is already installed: - Microsoft .NET Framework 4.5 - Windows PowerShell 3.0
Installing Windows PowerShell requires a restart.|
+|Windows 7|No prerequisite software is installed. You must install the software before you can install App-V.|
## App-V Server prerequisite software
-
Install the required prerequisite software for the App-V server components.
### What to know before you start
-
-
-
-
-
-
-
-
Account for installing the App-V Server
-
The account that you use to install the App-V Server components must have:
-
-
Administrative rights on the computer on which you are installing the components.
-
The ability to query Active Directory Domain Services.
-
-
-
-
Port and firewall
-
-
Specify a port where each component will be hosted.
-
Add the associated firewall rules to allow incoming requests to the specified ports.
-
-
-
-
-
Web Distributed Authoring and Versioning (WebDAV)
-
WebDAV is automatically disabled for the Management Service.
-
-
-
Supported deployment scenarios
-
-
A stand-alone deployment, where all components are deployed on the same server.
-
A distributed deployment.
-
-
-
-
Unsupported deployment scenarios
-
-
Installing side-by-side instances of multiple App-V Server versions on the same server.
-
Installing the App-V server components on a computer that runs server core or domain controller.
-
-
-
-
+The account you use to install the App-V Server components must have:
-
+* Administrative rights on the computer on which you are installing the components.
+* The ability to query Active Directory Domain Services.
+
+You must specify a port where each component will be hosted, and add the associated firewall rules to allow incoming requests to the specified ports.
+
+Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
+
+The following are supported deployment scenarios for App-V:
+
+* A stand-alone deployment where all components are deployed on the same server.
+* A distributed deployment.
+
+The following deployment scenarios are not supported:
+
+* Installing side-by-side instances of multiple App-V Server versions on the same server.
+* Installing the App-V server components on a computer that runs server core or domain controller.
+
+|Item|Description|
+|---|---|
+|Account for installing the App-V Server|The account that you use to install the App-V Server components must have: - Administrative rights on the computer on which you are installing the components. - The ability to query Active Directory Domain Services.|
+|Port and firewall|- Specify a port where each component will be hosted. - Add the associated firewall rules to allow incoming requests to the specified ports.|
+|Web Distributed Authoring and Versioning (WebDAV)|WebDAV is automatically disabled for the Management Service.|
+|Supported deployment scenarios|- A stand-alone deployment, where all components are deployed on the same server. - A distributed deployment.|
+|Unsupported deployment scenarios|- Installing side-by-side instances of multiple App-V Server versions on the same server. - Installing the App-V server components on a computer that runs server core or domain controller.|
### Management server prerequisite software
-
-
-
-
-
-
-
-
Prerequisites and required settings
-
Details
-
-
-
-
-
Supported version of SQL Server
-
For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).
Installing Windows PowerShell 3.0 requires a restart.
-
-
-
Download and install [KB2533623](http://support.microsoft.com/kb/2533623)
-
Applies to Windows 7 only.
-
-
-
[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)
-
-
-
-
64-bit ASP.NET registration
-
-
-
-
Windows Server Web Server Role
-
This role must be added to a server operating system that is supported for the Management server.
-
-
-
Web Server (IIS) Management Tools
-
Click IIS Management Scripts and Tools.
-
-
-
Web Server Role Services
-
Common HTTP Features:
-
-
Static Content
-
Default Document
-
-
Application Development:
-
-
ASP.NET
-
.NET Extensibility
-
ISAPI Extensions
-
ISAPI Filters
-
-
Security:
-
-
Windows Authentication
-
Request Filtering
-
-
Management Tools:
-
-
IIS Management Console
-
-
-
-
Default installation location
-
%PROGRAMFILES%\Microsoft Application Virtualization Server
-
-
-
Location of the Management database
-
SQL Server database name, SQL Server database instance name, and database name.
-
-
-
Management console and Management database permissions
-
A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.
-
-
-
Management service website name
-
Name for the Management console website.
-
-
-
Management service port binding
-
Unique port number for the Management service. This port cannot be used by another process on the computer.
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|Download and install [KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only.|
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server Role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features: - Static content - Default document
Security: - Windows Authentication - Request Filtering
Management Tools: - IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Location of the Management database|SQL Server database name, SQL Server database instance name, and database name.|
+|Management console and Management database permissions|A user or group that can access the Management console and database after the deployment is complete. Only these users or groups can access the Management console and database unless the Management console is used to add additional administrators.|
+|Management service website name|Name for the Management console website.|
+|Management service port binding|Unique port number for the Management service. This port cannot be used by another process on the computer.|
-> [!IMPORTANT]
-> JavaScript must be enabled on the browser that opens the Web Management Console.
+>[!IMPORTANT]
+>JavaScript must be enabled on the browser that opens the Web Management Console.
### Management server database prerequisite software
-The Management database is required only if you are using the App-V Management server.
+The Management database is only required if you use the App-V Management server.
-
[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)
-
-
-
-
Default installation location
-
%PROGRAMFILES%\Microsoft Application Virtualization Server
-
-
-
Custom SQL Server instance name (if applicable)
-
Format to use: INSTANCENAME
-
This format is based on the assumption that the installation is on the local computer.
-
If you specify the name with the format SVR\INSTANCE, the installation will fail.
-
-
-
Custom database name (if applicable)
-
Unique database name.
-
Default: AppVManagement
-
-
-
Management server location
-
Machine account on which the Management server is deployed.
-
Format to use: Domain\MachineAccount
-
-
-
Management server installation administrator
-
Account used to install the Management server.
-
Format to use: Domain\AdministratorLoginName
-
-
-
Microsoft SQL Server Service Agent
-
Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).
-
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME** This format assumes that the installation is on the local computer. If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name. Default: AppVManagement|
+|Management server location|Machine account on which the Management server is deployed. Format to use: **Domain\MachineAccount**|
+|Management server installation administrator|Account used to install the Management server. Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service Agent|Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to restart services automatically](https://technet.microsoft.com/magazine/gg313742.aspx).|
### Publishing server prerequisite software
-
[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)
-
-
-
-
64-bit ASP.NET registration
-
-
-
-
Web Server Role
-
This role must be added to a server operating system that is supported for the Management server.
-
-
-
Web Server (IIS) Management Tools
-
Click IIS Management Scripts and Tools.
-
-
-
Web Server Role Services
-
Common HTTP Features:
-
-
Static Content
-
Default Document
-
-
Application Development:
-
-
ASP.NET
-
.NET Extensibility
-
ISAPI Extensions
-
ISAPI Filters
-
-
Security:
-
-
Windows Authentication
-
Request Filtering
-
-
Management Tools:
-
-
IIS Management Console
-
-
-
-
Default installation location
-
%PROGRAMFILES%\Microsoft Application Virtualization Server
-
-
-
Management service URL
-
URL of the App-V Management service. This is the port with which the Publishing server communicates.
-
-
-
-
-
-
-
-
Installation architecture
-
Format to use for the URL
-
-
-
-
-
Management server and Publishing server are installed on the same server
-
http://localhost:12345
-
-
-
Management server and Publishing server are installed on different servers
-
http://MyAppvServer.MyDomain.com
-
-
-
-
-
-
-
-
Publishing service website name
-
Name for the Publishing website.
-
-
-
Publishing service port binding
-
Unique port number for the Publishing service. This port cannot be used by another process on the computer.
-
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|Common HTTP features: - Static content - Default document
Security: - Windows Authentication - Request Filtering
Management Tools: - IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Management service URL|URL of the App-V Management service. This is the port with which the Publishing server communicates. Management server and Publishing server are installed on the same server, use the format **https://localhost:12345**. If the Management server and Publishing server are installed on different servers, use the format **https://MyAppvServer.MyDomain.com**.|
+|Publishing service website name|Name for the Publishing website.|
+|Publishing service port binding|Unique port number for the Publishing service. This port cannot be used by another process on the computer.|
### Reporting server prerequisite software
-
-
-
-
-
-
-
-
Prerequisites and required settings
-
Details
-
-
-
-
-
Supported version of SQL Server
-
For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).
[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)
-
-
-
-
64-bit ASP.NET registration
-
-
-
-
Windows Server Web Server Role
-
This role must be added to a server operating system that is supported for the Management server.
-
-
-
Web Server (IIS) Management Tools
-
Click IIS Management Scripts and Tools.
-
-
-
Web Server Role Services
-
To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.
-
Common HTTP Features:
-
-
Static Content
-
Default Document
-
-
Application Development:
-
-
ASP.NET
-
.NET Extensibility
-
ISAPI Extensions
-
ISAPI Filters
-
-
Security:
-
-
Windows Authentication
-
Request Filtering
-
-
Management Tools:
-
-
IIS Management Console
-
-
-
-
Default installation location
-
%PROGRAMFILES%\Microsoft Application Virtualization Server
-
-
-
Reporting service website name
-
Name for the Reporting website.
-
-
-
Reporting service port binding
-
Unique port number for the Reporting service. This port cannot be used by another process on the computer.
-
-
-
-
-
+|Prerequisites and required settings|Details|
+|---|---|
+|Supported version of SQL Server|For supported versions, see [App-V supported configurations](appv-supported-configurations.md).|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|64-bit ASP.NET registration||
+|Windows Server Web Server role|This role must be added to a server operating system that is supported for the Management server.|
+|Web Server (IIS) Management Tools|Select **IIS Management Scripts and Tools**.|
+|Web Server Role Services|To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.
Common HTTP features: - Static content - Default document
Security: - Windows Authentication - Request Filtering
- Management Tools: - IIS Management Console|
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Reporting service website name|Name for the Reporting website.|
+|Reporting service port binding|Unique port number for the Reporting service. This port cannot be used by another process on the computer.|
### Reporting database prerequisite software
-The Reporting database is required only if you are using the App-V Reporting server.
-
-
[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)
-
-
-
-
Default installation location
-
%PROGRAMFILES%\Microsoft Application Virtualization Server
-
-
-
Custom SQL Server instance name (if applicable)
-
Format to use: INSTANCENAME
-
This format is based on the assumption that the installation is on the local computer.
-
If you specify the name with the format SVR\INSTANCE, the installation will fail.
-
-
-
Custom database name (if applicable)
-
Unique database name.
-
Default: AppVReporting
-
-
-
Reporting server location
-
Machine account on which the Reporting server is deployed.
-
Format to use: Domain\MachineAccount
-
-
-
Reporting server installation administrator
-
Account used to install the Reporting server.
-
Format to use: Domain\AdministratorLoginName
-
-
-
Microsoft SQL Server Service and Microsoft SQL Server Service Agent
-
Configure these services to be associated with user accounts that have access to query AD DS.
-
-
-
+You only require the Reporting database if you're using the App-V Reporting server.
+|Prerequisites and required settings|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)||
+|Default installation location|%PROGRAMFILES%\Microsoft Application Virtualization Server|
+|Custom SQL Server instance name (if applicable)|Format to use: **INSTANCENAME** his format assumes that the installation is on the local computer. If you specify the name with the format **SVR\INSTANCE**, the installation will fail.|
+|Custom database name (if applicable)|Unique database name. Default: AppVReporting|
+|Reporting server location|The Reporting server will be deployed on this machine account. Format to use: **Domain\MachineAccount**|
+|Reporting server installation administrator|Account used to install the Reporting server. Format to use: **Domain\AdministratorLoginName**|
+|Microsoft SQL Server Service and Microsoft SQL Server Service Agent|Configure these services to be associated with user accounts that have access to query AD DS.|
## Sequencer prerequisite software
+What to know before installing the prerequisites:
-**What to know before installing the prerequisites:**
+* Best practice: The computer that runs the sequencer should have the same hardware and software configurations as the computers running the virtual applications.
-- Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
+* The sequencing process is resource-intensive, so make sure that the computer running the sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications must not exceed those of the sequencer. For more information, see [App-V supported configurations](appv-supported-configurations.md).
-- The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V Supported Configurations](appv-supported-configurations.md).
-
-
Applies to Windows 7 only: Download and install the KB.
-
-
-
-
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+|Prerequisite|Details|
+|---|---|
+|[Microsoft .NET Framework 4.5.1 (Web Installer)](https://www.microsoft.com//download/details.aspx?id=40773)||
+|[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)|Installing Windows PowerShell 3.0 requires a restart.|
+|[KB2533623](https://support.microsoft.com/kb/2533623)|Applies to Windows 7 only: download and install the KB.|
## Related topics
-- [Planning for App-V](appv-planning-for-appv.md)
-- [App-V Supported Configurations](appv-supported-configurations.md)
-
-
-
-
-
-
-
-
-
+* [Planning for App-V](appv-planning-for-appv.md)
+* [App-V Supported Configurations](appv-supported-configurations.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index b826d5365e..739de9f0a3 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -25,7 +25,7 @@ After you create a connection group, you must publish it to computers that run t
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index bf8d8c0686..fb9ad9b19f 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -42,7 +42,7 @@ The ability to enable only administrators to publish or unpublish packages (desc
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index d5c5f8ec6c..c337d9ddd7 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -39,7 +39,7 @@ Use the following procedure to register or unregister a publishing server.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index cbfeb16785..96cb952b96 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -105,7 +105,7 @@ The following are known issues and workarounds for Application Virtualization (A
## Related resources list
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
@@ -114,7 +114,7 @@ For information that can help with troubleshooting App-V for Windows 10, see:
- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
- [What's new in App-V for Windows 10](appv-about-appv.md)
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 9b6c2d8902..ac04ab1fb4 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -149,13 +149,13 @@ The App-V Sequencer cannot sequence applications with filenames matching "CO_<
## Related resources list
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [The Official Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
- [Technical Reference for App-V](https://technet.microsoft.com/itpro/windows/manage/appv-technical-reference)
- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Help us to improve
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index c516639d17..afe9597029 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -6,288 +6,209 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
+# About App-V reporting
+>Applies to: Windows 10, version 1607
-# About App-V Reporting
-
-**Applies to**
-- Windows 10, version 1607
-
-Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
-
-## App-V Reporting Overview
+Application Virtualization (App-V) includes a built-in reporting feature that collects information about computers running the App-V client and virtual application package usage. You can generate reports from a centralized database with this information.
+## App-V reporting overview
The following list displays the end–to-end high-level workflow for reporting in App-V.
-1. The App-V Reporting server has the following prerequisites:
+1. The App-V Reporting server requires the following things:
- - Internet Information Service (IIS) web server role
+ * Internet Information Service (IIS) web server role
+ * Windows Authentication role (under **IIS / Security**)
+ * SQL Server installed and running with SQL Server Reporting Services (SSRS)
- - Windows Authentication role (under **IIS / Security**)
+ To confirm SQL Server Reporting Services is running, enter in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should appear.
+2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
+3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
- - SQL Server installed and running with SQL Server Reporting Services (SSRS)
+ >[!NOTE]
+ >If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
+4. After importing the App-V Windows PowerShell module using **Import-Module AppvClient** as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
- To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should display.
-
-2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
-
-3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports ](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
-
- >**Note**
- If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
-
-
-
-4. After importing the App-V Windows PowerShell module using `Import-Module AppvClient` as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
-
- ``` syntax
+ ```PowerShell
Set-AppvClientConfiguration -ReportingServerURL : -ReportingEnabled 1 -ReportingStartTime <0-23> -ReportingRandomDelay <#min>
```
- To immediately send App-V report data, run `Send-AppvClientReport` on the App-V client.
+ To immediately send App-V report data, run **Send-AppvClientReport** on the App-V client.
- For more information about configuring reporting on the App-V client, see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+ For more information about configuring reporting on the App-V client, see [About client configuration settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to enable reporting on the App-V client by using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+5. After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server, which then notifies the App-V client.
+6. When the App-V client receives the success notification, it empties the data cache to conserve space.
-5. After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V client.
-
-6. When the App-V client receives the success notification, it empties the data cache to conserve space.
-
- >**Note**
- By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
+ >[!NOTE]
+ >By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
-### App-V reporting server frequently asked questions
+### App-V reporting server frequently asked questions
-The following list displays answers to common questions about App-V reporting.
+The following sections provide answers to frequently asked questions about how App-V reporting works.
-- **What is the frequency that reporting information is sent to the reporting database?**
+#### How frequently is reporting information sent to the reporting database?
- The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.
+Frequency depends on the computer running the App-V client's reporting configuration. You must configure the frequency or interval for sending the reporting data manually, as App-V reporting is not enabled by default.
-- **What information is stored in the reporting server database?**
+#### What information is stored in the reporting server database?
- The following list displays what is stored in the reporting database:
- - The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
- - App-V Client information: version.
- - Published package list: GUID, version GUID, name.
- - Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
+The following information is stored in the reporting database:
-- **What is the average volume of information that is sent to the reporting server?**
+* The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
+* App-V client information: version.
+* Published package list: GUID, version GUID, name.
+* Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
- It depends. The following list displays the three sets of the data sent to the reporting server:
- - Operating system, and App-V client information. ~150 Bytes, every time this data is sent.
- - Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
- - Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is **DeleteOnSuccess**.
-
- So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user.
+#### What is the average volume of information that is sent to the reporting server?
-- **Can reporting be scheduled?**
+It depends. Three sets of data can be sent to the reporting server:
- Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
- - Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
- `Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting`
-
- For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
-
- - By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
-
- **Note**
- Group Policy settings override local settings configured using Windows PowerShell.
+* Operating system and App-V client information, which is about 150 Bytes every time it gets sent to the server.
+* Published package lists, which are about 7 KB per 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
+* Virtual application usage information is about 0.25 KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument called **DeleteOnSuccess** that controls if the data needs to be re-sent the next time around.
+For example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15 KB + 20 × 0.25 KB, or about 5 KB/user.
-## App-V Client Reporting
+#### Can I schedule reporting?
+Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
-To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+* Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
-### Configuring App-V Client reporting using Windows PowerShell
+ ```PowerShell
+ Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting
+ ```
+
+ For a complete list of client configuration settings, go to [About client configuration settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
+* Using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
+
+ >[!NOTE]
+ >Group Policy settings override local settings configured using Windows PowerShell.
+
+## App-V Client reporting
+
+To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About client configuration settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+
+### Configuring App-V client reporting using Windows PowerShell
The following examples show how Windows PowerShell parameters can configure the reporting features of the App-V client.
-**Note**
-The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration > Administrative Templates > System > App-V**.
+>[!NOTE]
+>The following configuration tasks can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
-**To enable reporting and to initiate data collection on the computer running the App-V client**:
+#### Enabling reporting and initiating data collection on the computer running the App-V client
-`Set-AppVClientConfiguration –ReportingEnabled 1`
+Use the following command to enable reporting and initiate date collection on the computer running the App-V client:
-**To configure the client to automatically send data to a specific reporting server**:
+```PowerShell
+Set-AppVClientConfiguration –ReportingEnabled 1
+```
-``` syntax
+#### Configuring the client to automatically send data to a specific reporting server
+
+To configure the client to automatically send data to a specific reporting server, use a command with the following format:
+
+```PowerShell
Set-AppVClientConfiguration -ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30
```
-The preceding example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+This example command configures the client to automatically send the reporting data to the reporting server URL ```http://MyReportingServer:MyPort/```. The reporting data will be sent to the URL daily between 8:00 PM and 8:30 PM, depending on the session's generated random delay.
-**To limit the size of the data cache on the client**:
+#### Limiting the size of the client's data cache
-`Set-AppvClientConfiguration –ReportingDataCacheLimit 100`
+To limit the client's data cache size, use a command with the following format:
-Configures the maximum size of the reporting cache on the computer running the App-V client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary.
+```PowerShell
+Set-AppvClientConfiguration –ReportingDataCacheLimit 100
+```
-**To configure the data block size transmitted across the network between the client and the server**:
+This example command configures the maximum size of the App-V client computer's reporting cache to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary.
-`Set-AppvClientConfiguration –ReportingDataBlockSize 10240`
+#### Configuring the data block size transmitted across the network between the client and the server
-Specifies the maximum data block that the client sends to 10240 MB.
+To configure the data block size, use a command with the following format:
+
+```PowerShell
+Set-AppvClientConfiguration –ReportingDataBlockSize 10240
+```
+
+This example command specifies the maximum size of the data block as 10,240 MB.
### Types of data collected
The following table displays the types of information you can collect by using App-V reporting.
-
-
-
-
-
-
-
-
-
Client Information
-
Package Information
-
Application Usage
-
-
-
-
-
Host Name
-
Package Name
-
Start and End Times
-
-
-
App-V Client Version
-
Package Version
-
Run Status
-
-
-
Processor Architecture
-
Package Source
-
Shutdown State
-
-
-
Operating System Version
-
Percent Cached
-
Application Name
-
-
-
Service Pack Level
-
-
Application Version
-
-
-
Operating System Type
-
-
Username
-
-
-
-
-
Connection Group
-
-
-
-
-
+|Client information|Package information|Application usage|
+|---|---|---|
+|Host name|Package name|Start and end times|
+|App-V client version|Package version|Run status|
+|Processor architecture|Package source|Shutdown state|
+|Operating system version|Percent cached|Application name|
+|Service Pack level||Application version|
+|Operating system type||Username|
+|||Connection group|
The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
### Sending data to the server
-You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings:
+You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server, use the **Set-AppvClientConfiguration** cmdlet with the following settings:
-- ReportingEnabled
-
-- ReportingServerURL
-
-- ReportingStartTime
-
-- ReportingInterval
-
-- ReportingRandomDelay
+* ReportingEnabled
+* ReportingServerURL
+* ReportingStartTime
+* ReportingInterval
+* ReportingRandomDelay
After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following Windows PowerShell cmdlet:
-`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess`
+```PowerShell
+Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess
+```
If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection.
-The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared.
+The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache will be cleared. If this is not specified, then the cache will not be cleared.
### Manual Data Collection
You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server.
-
-
-
-
-
-
-
-
With a Reporting Server
-
Without a Reporting Server
-
-
-
-
-
If you have an existing App-V reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.
-
If you do not have an existing App-V reporting Server, use the –URL parameter to send the data to a specified share. For example:
The previous example will send the reporting data to \\MyShare\MyData\ location indicated by the -URL parameter. After the data has been sent, the cache is cleared.
-
-Note
-
If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.
-
-
-
-
-
-
-
+|With a reporting server|Without a reporting server|
+|---|---|
+|f you have an existing App-V reporting server, create a customized scheduled task or script. Specify that the client sends the data to the specified location at the desired frequency.|If you do not have an existing App-V reporting Server, use the **–URL** parameter to send the data to a specified share. For example: ```Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess``` The previous example will send the reporting data to the ```\\MyShare\MyData\``` location indicated by the **-URL** parameter. After the data has been sent, the cache is cleared.|
-
+>[!NOTE]
+>If a location other than the Reporting Server is specified, the data is sent in **.xml** format with no additional processing.
-### Creating Reports
+### Creating reports
To retrieve report information and create reports using App-V you must use one of the following methods:
-- **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports.
+* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](https://docs.microsoft.com/en-us/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article.
- Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx).
-
-- **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example:
+* Scripting—You can generate reports by scripting directly against the App-V reporting database. For example:
**Stored Procedure:**
**spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
- To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://technet.microsoft.com/library/ms178130).
+ To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. Make sure the Microsoft SQL Server Agent is set to **AutoStart**. For more information, see [Autostart SQL Server Agent (SQL Server Management Studio)](https://docs.microsoft.com/en-us/sql/ssms/agent/autostart-sql-server-agent-sql-server-management-studio).
- The stored procedure is also created when using the App-V database scripts.
+ The stored procedure is also created when when you use the App-V database scripts.
-You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
+You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server can manage without affecting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
-
-[Deploying the App-V server](appv-deploying-the-appv-server.md)
-
-[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
-
-
-
-
-
-
-
-
-
+* [Deploying the App-V server](appv-deploying-the-appv-server.md)
+* [How to install the reporting server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index c404cdd892..16285b7ef5 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -155,7 +155,7 @@ This method lets you launch any command within the context of an App-V package,
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index b29f528873..c5286a0658 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -6,143 +6,66 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
+# App-V security considerations
-
-# App-V Security Considerations
-
-**Applies to**
-- Windows 10, version 1607
+>Applies to: Windows 10, version 1607
This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
-**Important**
-App-V is not a security product and does not provide any guarantees for a secure environment.
+>[!IMPORTANT]
+>App-V is not a security product and does not provide any guarantees for a secure environment.
-
+## The PackageStoreAccessControl (PSAC) feature has been deprecated
-## PackageStoreAccessControl (PSAC) feature has been deprecated
-
-
-Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
+Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
## General security considerations
+**Understand the security risks.** The most serious risk to App-V is from unauthorized users hijacking an App-V client's functionality, giving the hacker the ability to reconfigure key data on App-V clients. By comparison, short-term loss of App-V functionality from a denial-of-service attack would not be as catastrophic.
-**Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact.
+**Physically secure your computers**. A security strategy that doesn't consider physical security is incomplete. Anyone with physical access to an App-V server could potentially attack the entire client base, so potential physical attacks or thefts should be prevented at all cost. App-V servers should be stored in a physically secure server room with controlled access. Lock the computer with the operating system or a secured screen saver to keep computers secure when the administrators are away.
-**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012). (THIS LINK NEEDS TO BE UPDATED)
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012).
-
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://docs.microsoft.com/en-us/sql/relational-databases/security/password-policy) and [Strong Passwords](https://docs.microsoft.com/en-us/sql/relational-databases/security/strong-passwords). (THIS LINK NEEDS TO BE UPDATED)
## Accounts and groups in App-V
+A best practice for user account management is to create domain global groups and add user accounts to them. After that, add the domain global accounts to the necessary App-V local groups on the App-V servers.
-A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers.
+>[!NOTE]
+>App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
-**Note**
-App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
+### App-V server security
-
+No groups are created automatically during App-V setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
-### App-V server security
-
-No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
-
-
-
-
-
-
-
-
-
Group name
-
Details
-
-
-
-
-
App-V Management Admin group
-
Used to manage the App-V management server. This group is created during the App-V Management Server installation.
-
-Important
-
There is no method to create the group using the management console after you have completed the installation.
-
-
-
-
-
-
-
Database read/write for Management Service account
-
Provides read/write access to the management database. This account should be created during the App-V management database installation.
-
-
-
App-V Management Service install admin account
-
-Note
-
This is only required if management database is being installed separately from the service.
-
-
-
-
-
Provides public access to schema-version table in management database. This account should be created during the App-V management database installation.
-
-
-
App-V Reporting Service install admin account
-
-Note
-
This is only required if reporting database is being installed separately from the service.
-
-
-
-
-
Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.
-
-
-
-
-
+|Group name|Details|Important notes|
+|---|---|---|
+|App-V Management Admin group|Used to manage the App-V management server. This group is created during the App-V Management Server installation.|The management console can't create a new group after installation is complete.|
+|Database read/write for Management Service account|Provides read/write access to the management database. This account should be created during App-V management database installation.||
+|App-V Management Service install admin account|Provides public access to schema-version table in management database. This account should be created during App-V management database installation.|This is only required if the management database is being installed separately from the service.|
+|App-V Reporting Service install admin account|Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.|This is only required if reporting database is being installed separately from the service.|
Consider the following additional information:
-- Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+* Access to the package shares: If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+ >[!NOTE]
+ >In previous versions of App-V, package share was referred to as content share.
+* Registering publishing servers with Management Server: A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
- **Note**
- In previous versions of App-V, package share was referred to as content share.
-
-
-
-- Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
-
-### App-V package security
+### App-V package security
The following will help you plan how to ensure that virtualized packages are secure.
-- If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**.
+* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If thje file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
-## App-V log files
+## App-V log files
-
-During App-V Setup, setup log files are created in the **%temp%** folder of the installing user.
-
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+During App-V setup, setup log files are created in the **%temp%** folder of the installing user.
## Related topics
-
-[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
-
-
-
-
-
-
-
-
-
+[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 0fcb1d5719..ba31867ad8 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -6,220 +6,211 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
-
-
# Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
-**Applies to**
-- Windows 10, version 1607 and later
+>Applies to: Windows 10, version 1607 and later
In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
-**To review or do before you start sequencing**
+## Before you start sequencing
-1. Determine the type of virtualized application package you want to create:
+1. Determine the type of virtualized application package you want to create:
| Application type | Description |
- | - | - |
+ |---|---|
| Standard | Creates a package that contains an application or a suite of applications. This is the preferred option for most application types. |
| Add-on or plug-in | Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups. |
- | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups. |
+ | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages through connection groups. |
-2. Copy all required installation files to the computer that is running the sequencer.
+2. Copy all required installation files to the computer that is running the sequencer.
-3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
+3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
-4. Review the following items:
+4. Review the following items:
- - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+ - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+ - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
- - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
+>[!NOTE]
+>The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where *x* is any numeral. Error 0x8007139F will be generated.
->[!NOTE]
->The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where x is any numeral. Error 0x8007139F will be generated.
+## Sequence a new standard application
-**To sequence a new standard application**
+1. On the computer that runs the sequencer, select **All Programs**, and then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-1. On the computer that runs the sequencer, click **All Programs**, and then click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**. Select **Create Package (default)**, and then select **Next**.
-2. In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
-3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
-4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
+4. On the **Type of Application** page, select the **Standard Application (default)** check box, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the application.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application.
- >[!NOTE]
+ >[!NOTE]
>If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
-
- If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**.
-6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+ If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then select **Next**.
- Click **Next**.
+6. On the **Package Name** page, specify a name for the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console. Once you're done, select **Next**.
-7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+7. On the **Installation** page, when the sequencer and application installer are ready, you can install the application so that the sequencer can monitor the installation process.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
-
- Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
-8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
+ Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, then select **Next**.
-9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+8. On the **Installation** page, wait while the sequencer configures the virtualized application package.
- >[!NOTE]
+9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then select **Run All**. To run specific programs, select the program or programs, and then select **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+ >[!NOTE]
>To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
-
- Click **Next**.
-10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+ Select **Next**.
-11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
+10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
- - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+11. The **Customize** page is displayed. If you've finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
- - Specify the operating systems that can run this package.
+ - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+ - Specify the operating systems that can run this package.
- Click **Next**.
+ Once you're ready, select **Next**.
-12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then select **Next**.
- >[!NOTE]
- >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+ >[!NOTE]
+ >If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened. After that, depending on how the background loading is configured, it will load the rest of the application.
-13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
+13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. After that, select **Next**.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>Make sure that the operating systems you specify here are supported by the application you are sequencing.
-
-14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before saving it. Select **Next**.
To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
- >[!IMPORTANT]
+ >[!IMPORTANT]
>The system does not support non-printable characters in **Comments** and **Descriptions**.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
-15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. After that, select **Create**.
- The package is now available in the sequencer.
+15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file located in the directory where the package was created.
- >[!IMPORTANT]
- >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
-
+ Your package should now be available in the sequencer.
-**To sequence an add-on or plug-in application**
+ >[!IMPORTANT]
+ >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
->[!NOTE]
+## Sequence an add-on or plug-in application
+
+>[!NOTE]
>Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
+>For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that's running the sequencer. You should also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
->For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
+1. On the computer that runs the sequencer, first, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
-2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
-3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
-4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
+4. On the **Type of Application** page, select **Add-on or Plug-in**, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
-6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, select **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
-7. Click **Next**.
+7. Select **Next**.
-8. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
+8. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
-9. Click **Next**.
+9. Select **Next**.
-10. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+10. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then select **Next**.
-11. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+11. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, select **Next**.
12. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
- - Optimize how the package will run across a slow or unreliable network.
+ - Optimize how the package will run across a slow or unreliable network.
+ - Specify the operating systems that can run this package.
- - Specify the operating systems that can run this package.
+ When you're finished, select **Next**.
- Click **Next**.
+13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all applications to run. After all applications have run, close each application. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Select **Next**.
-13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
+ >[!NOTE]
+ >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, select **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
- >[!NOTE]
- >If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+14. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Select **Next**.
-12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
+15. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
-13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+ To save the package immediately, select **Save the package now**. Optionally, add a **Description** for the package. Descriptions are useful for identifying the version and other important information about the package.
- To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
-
- >[!IMPORTANT]
+ >[!IMPORTANT]
>The system does not support non-printable characters in Comments and Descriptions.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
-**To sequence a middleware application**
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
-1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+### Sequence a middleware application
-2. In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+1. On the computer that runs the sequencer, select **All Programs**, then select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
-3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+2. In the sequencer, select **Create a New Virtual Application Package**, select **Create Package (default)**, and then select **Next**.
- >[!IMPORTANT]
+3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, select **Refresh** to display the updated information. After you have resolved all potential issues, select **Next**.
+
+ >[!IMPORTANT]
>If you are required to disable virus scanning software, you should first scan the computer that runs the App-V Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
-4. On the **Type of Application** page, select **Middleware**, and then click **Next**.
+4. On the **Type of Application** page, select **Middleware**, and then select **Next**.
-5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+5. On the **Select Installer** page, select **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, then select **Next**.
-6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
-7. Click **Next**.
+7. Select **Next**.
-8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+8. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, select **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then select **Next**.
9. On the **Installation** page, wait while the sequencer configures the virtual application package.
-10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+10. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, select **Next**.
-11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
+11. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Once you're done, select **Next**.
-12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+12. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Select **Next**.
To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
- >[!IMPORTANT]
- >The system does not support non-printable characters in Comments and Descriptions.
-
- The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+ >[!IMPORTANT]
+ >The system does not support non-printable characters in comments and descriptions.
-13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
+ The default **Save Location** is also displayed on this page. To change the default location, select **Browse** and specify the new location. Select **Create**.
- The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+13. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then select **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
- >[!IMPORTANT]
- >After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+ The package is now available in the sequencer. To edit the package properties, select **Edit \[Package Name\]**.
+
+ >[!IMPORTANT]
+ >After you have successfully created a virtual application package, you can't run the virtual application package on the computer that is running the sequencer.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
+
- [Install the App-V Sequencer](appv-install-the-sequencer.md)
- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 8d8eb13511..8a03631883 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -71,4 +71,4 @@ In Windows 10, version 1703, running the new-appvsequencerpackage or the update-
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index e1e458b316..3a0c6514b4 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -6,158 +6,87 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 04/16/2018
---
-
-
# App-V Supported Configurations
-**Applies to**
-- Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2
+>Applies to: Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2
-This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md).
+This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V prerequisites](appv-prerequisites.md).
## App-V Server system requirements
-This section lists the operating system and hardware requirements for all of the App-V server components.
+This section lists the operating system and hardware requirements for all App-V server components.
### Unsupported App-V server scenarios
The App-V server does not support the following scenarios:
-- Deployment to a computer that runs the Server Core installation option.
-
-- Deployment to a computer that runs a previous version of the App-V server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the Application Virtualization Management Service (HWS) 4.x is not supported.
-
-- Deployment to a computer that runs Microsoft SQL Server Express edition.
-
-- Deployment to a domain controller.
-
-- Short paths. If you plan to use a short path, you must create a new volume.
+* Deployment to a computer that runs the Server Core installation option.
+* Deployment to a computer that runs a previous version of the App-V server components. You can only install App-V side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server. This scenario doesn't support side-by-side deployment of App-V and the Application Virtualization Management Service (HWS) 4.x.
+* Deployment to a computer running Microsoft SQL Server Express edition.
+* Deployment to a domain controller.
+* Short paths. If you plan to use a short path, you must create a new volume.
### Management server operating system requirements
-The App-V Management server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+You can install the App-V Management server on a server running Windows Server 2008 R2 with SP1 or later.
-> [!IMPORTANT]
-> Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported.
-
-
+>[!IMPORTANT]
+>Deploying a Management server role to a computer with Remote Desktop Services enabled is not supported.
### Management server hardware requirements
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—1 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 1 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Management server database requirements
-The following table lists the SQL Server versions that are supported for the App-V Management database installation.
+The following table lists the SQL Server versions that the App-V Management database installation supports.
-
-
-
-
-
-
-
-
-
SQL Server version
-
Service pack
-
System architecture
-
-
-
-
-
Microsoft SQL Server 2014
-
-
32-bit or 64-bit
-
-
-
Microsoft SQL Server 2012
-
SP2
-
32-bit or 64-bit
-
-
-
Microsoft SQL Server 2008 R2
-
SP3
-
32-bit or 64-bit
-
-
-
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
-
### Publishing server operating system requirements
The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
-
### Publishing server hardware requirements
App-V adds no additional requirements beyond those of Windows Server.
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—2 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space, not including the content directory
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Reporting server operating system requirements
-The App-V Reporting server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+You can install the App-V Reporting server on a server running Windows Server 2008 R2 with SP1 or later.
### Reporting server hardware requirements
App-V adds no additional requirements beyond those of Windows Server.
-- Processor—1.4 GHz or faster, 64-bit (x64) processor
-
-- RAM—2 GB RAM (64-bit)
-
-- Disk space—200 MB available hard disk space
+* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
+* 2 GB RAM (64-bit).
+* 200 MB of available hard disk space, not including the content directory.
### Reporting server database requirements
The following table lists the SQL Server versions that are supported for the App-V Reporting database installation.
-
-
-
-
-
-
-
-
-
SQL Server version
-
Service pack
-
System architecture
-
-
-
-
-
Microsoft SQL Server 2014
-
-
32-bit or 64-bit
-
-
-
Microsoft SQL Server 2012
-
SP2
-
32-bit or 64-bit
-
-
-
Microsoft SQL Server 2008 R2
-
SP3
-
32-bit or 64-bit
-
-
-
+|SQL Server version|Service pack|System architecture|
+|---|---|---|
+|Microsoft SQL Server 2014||32-bit or 64-bit|
+|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
+|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
-
-
-## App-V client requirements and Remote Desktop Services client requirements
+## App-V client and Remote Desktop Services client requirements
With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
@@ -165,76 +94,27 @@ Similarly, the App-V Remote Desktop Services (RDS) client is included with Windo
## Sequencer system requirements
+The following table lists the operating systems that the App-V Sequencer installation supports.
-The following table lists the operating systems that are supported for the App-V Sequencer installation.
-
-
-
-
-
-
-
-
-
-
Operating system
-
Service pack
-
System architecture
-
-
-
-
-
Microsoft Windows Server 2012 R2
-
-
64-bit
-
-
-
Microsoft Windows Server 2012
-
-
64-bit
-
-
-
Microsoft Windows Server 2008 R2
-
SP1
-
64-bit
-
-
-
Microsoft Windows 10
-
-
32-bit and 64-bit
-
-
-
Microsoft Windows 8.1
-
-
32-bit and 64-bit
-
-
-
Microsoft Windows 8
-
-
32-bit and 64-bit
-
-
-
Microsoft Windows 7
-
SP1
-
32-bit and 64-bit
-
-
-
-
+|Operating system|Service pack|System architecture|
+|---|---|---|
+|Microsoft Windows Server 2012 R2||64-bit|
+|Microsoft Windows Server 2012||64-bit|
+|Microsoft Windows Server 2008 R2|SP1|64-bit|
+|Microsoft Windows 10||32-bit and 64-bit|
+|Microsoft Windows 8.1||32-bit and 64-bit|
+|Microsoft Windows 8||32-bit and 64-bit|
+|Microsoft Windows 7|SP1|32-bit and 64-bit|
### Sequencer hardware requirements
-See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements.
+See the Windows or Windows Server documentation for the hardware requirements.
-## Supported versions of System Center Configuration Manager
+## Supported versions of System Center Configuration Manager
The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
-## Have a suggestion for App-V?
-
-
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
-
## Related topics
-- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
-- [App-V Prerequisites](appv-prerequisites.md)
+* [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+* [App-V prerequisites](appv-prerequisites.md)
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index f93b0e90ca..81b431ddac 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -39,7 +39,7 @@ This section provides reference information related to managing App-V.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 3fbc1956ed..242fdc9cf7 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -29,7 +29,7 @@ Use the following procedure to transfer the access and default package configura
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index c1e0968b82..c3011b5f88 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -17,7 +17,7 @@ ms.date: 04/19/2017
For information that can help with troubleshooting App-V for Windows 10, see:
-- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
- [Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
@@ -42,4 +42,4 @@ For information that can help with troubleshooting App-V for Windows 10, see:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 2cd95ea922..9331c1584b 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -72,7 +72,7 @@ Once you’ve enabled the in-box App-V client, you need to configure it to point
Type the following cmdlet in a Windows PowerShell window:
-`Add-AppvPublishingServer -Name AppVServer -URL http:// appvserver:2222`
+`Add-AppvPublishingServer -Name AppVServer -URL https:// appvserver:2222`
**To modify client settings to point to an existing App-V publishing server with Group Policy**
@@ -96,4 +96,4 @@ Type the following cmdlet in a Windows PowerShell window:
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 1372c4e630..54b1306b2e 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -82,7 +82,7 @@ The client management console contains the following described main tabs.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index ffb8290ae7..fdf7299db8 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -33,7 +33,7 @@ Use the following procedure to view and configure default package extensions.
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index 60f321a711..46b0feb4f1 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -154,7 +154,7 @@ In your publishing metadata query, enter the string values that correspond to th
## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md
index ed841489c6..933bf0e0ab 100644
--- a/windows/application-management/change-history-for-application-management.md
+++ b/windows/application-management/change-history-for-application-management.md
@@ -15,6 +15,10 @@ ms.date: 10/24/2017
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## RELEASE: Windows 10, version 1803
+
+The topics in this library have been updated for Windows 10, version 1803.
+
## October 2017
New or changed topic | Description
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 4d6181abe1..1ff3bfb5ab 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
-ms.date: 11/09/2017
+ms.date: 04/23/2018
---
# Enable or block Windows Mixed Reality apps in the enterprise
@@ -17,27 +17,39 @@ ms.date: 11/09/2017
- Windows 10
-Windows 10, version 1709 (also known as the Fall Creators Update), introduces [Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/). Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block).
+
+[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows 10 Feature on Demand (FOD)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows 10 PC needs a new feature, it can request the feature package from Windows Update.
+
+Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block).
## Enable Windows Mixed Reality in WSUS
-To enable users to download the Windows Mixed Reality software for devices running Windows 10, version 1703, enterprises using WSUS can approve Windows Mixed Reality package by unblocking **KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems**.
-
-Enterprises devices running Windows 10, version 1709, will not be able to install Windows Mixed Reality Feature on Demand (FOD) directly from WSUS. Instead, use one of the following options to install Windows Mixed Reality software:
+1. [Check your version of Windows 10.](https://support.microsoft.com/help/13443/windows-which-operating-system)
-- Manually install the Mixed Reality software
-
- - [Download the Microsoft Windows Holographic Desktop Feature on Demand package.](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
-
- - Open a command prompt as administrator and run the following command to install the package:
-
- `dism /online /add-package /packagepath:"path to the cab file"`
-
- - Go to **Settings** > **Update & Security** > **Windows Update** and **Check for updates**.
-
-- IT admin can create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx)
+ >[!NOTE]
+ >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
+
+2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
+
+ a. Download [the FOD .cab file for Windows 10, version 1803](http://download.microsoft.com/download/C/5/E/C5E2B78C-9BE2-437A-9675-00545BCB2DE4/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab) or [the FOD .cab file for Windows 10, version 1709]
+ (http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+
+ >[!NOTE]
+ >You must download the FOD .cab file that matches your operating system version.
+
+ b. Use `Add-Package` to add Windows Mixed Reality FOD to the image.
+
+ ```
+ Add-Package
+ Dism /Image:C:\test\offline /Add-Package /PackagePath:*path to the cab file*
+ ```
+
+ c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
+
+
+IT admins can also create [Side by side feature store (shared folder)](https://technet.microsoft.com/library/jj127275.aspx) to allow access to the Windows Mixed Reality FOD.
diff --git a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png
index e46232fa42..23671d20f1 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png and b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png
index c3f21cb31d..463a784f95 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and b/windows/client-management/mdm/images/provisioning-csp-wifi.png differ
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 4fe82b932b..72566a2607 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -110,7 +110,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
3. Type in your Azure AD username. This is the email address you use to log into Microsoft Office 365 and similar services.
- If the tenant is a cloud-only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
+ If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant is not configured for auto-enrollment, you will have to go through the enrollment flow a second time to connect your device to MDM. After you complete the flow, your device will be connected to your organization’s Azure AD domain.
@@ -142,7 +142,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
-7. If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+7. If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
@@ -194,7 +194,7 @@ All Windows 10-based devices can be connected to a work or school account. You
-5. If the tenant is a cloud only tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+5. If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 74bed4f1aa..6348228427 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/12/2018
---
# NetworkProxy CSP
@@ -31,38 +31,41 @@ The following diagram shows the NetworkProxy configuration service provider in t
**./Vendor/MSFT/NetworkProxy**
-
The root node for the NetworkProxy configuration service provider..
+The root node for the NetworkProxy configuration service provider..
+
+**ProxySettingsPerUser**
+Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide; set to 1 for proxy configuratio per user.
**AutoDetect**
-
Automatically detect settings. If enabled, the system tries to find the path to a PAC script.
-
Valid values:
+Automatically detect settings. If enabled, the system tries to find the path to a PAC script.
+Valid values:
0 - Disabled
1 (default) - Enabled
-
The data type is int. Supported operations are Get and Replace.
+The data type is int. Supported operations are Get and Replace.
**SetupScriptUrl**
-
Address to the PAC script you want to use.
-
The data type is string. Supported operations are Get and Replace.
+Address to the PAC script you want to use.
+The data type is string. Supported operations are Get and Replace.
**ProxyServer**
-
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
-
Supported operation is Get.
+Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
+Supported operation is Get.
**ProxyAddress**
-
Address to the proxy server. Specify an address in the format <server>[“:”<port>].
-
The data type is string. Supported operations are Get and Replace.
+Address to the proxy server. Specify an address in the format <server>[“:”<port>].
+The data type is string. Supported operations are Get and Replace.
**Exceptions**
-
Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries.
-
The data type is string. Supported operations are Get and Replace.
+Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries.
+The data type is string. Supported operations are Get and Replace.
**UseProxyForLocalAddresses**
-
Specifies whether the proxy server should be used for local (intranet) addresses.
-
Valid values:
+Specifies whether the proxy server should be used for local (intranet) addresses.
+Valid values:
0 (default) - Do not use proxy server for local addresses
1 - Use proxy server for local addresses
-
The data type is int. Supported operations are Get and Replace.
+The data type is int. Supported operations are Get and Replace.
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 31bc357659..6270e63cb6 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 04/06/2018
+ms.date: 04/11/2018
---
# What's new in MDM enrollment and management
@@ -1170,6 +1170,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
KioskBrowser/BlockedUrlExceptions
KioskBrowser/BlockedUrls
KioskBrowser/DefaultURL
+
KioskBrowser/EnableEndSessionButton
KioskBrowser/EnableHomeButton
KioskBrowser/EnableNavigationButtons
KioskBrowser/RestartOnIdleTime
@@ -1348,6 +1349,13 @@ For details about Microsoft mobile device management protocols for Windows 10 s
UntrustedCertificates
+
+
[NetworkProxy CSP](\networkproxy--csp.md)
+
Added the following node in Windows 10, version 1803:
+
+
ProxySettingsPerUser
+
+
@@ -1639,10 +1647,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
+
[NetworkProxy CSP](\networkproxy--csp.md)
+
Added the following node in Windows 10, version 1803:
WirelessDisplay/AllowProjectionFromPC
@@ -3719,12 +3940,15 @@ The following diagram shows the Policy configuration service provider in tree fo
- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
- [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
+- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
- [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
- [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
- [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
+- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
+- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
- [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
- [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
- [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
@@ -3763,6 +3987,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
+- [Browser/PreventTabPreloading](./policy-csp-browser.md#browser-preventtabpreloading)
- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
@@ -3777,6 +4002,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
+- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
@@ -4136,6 +4362,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
- [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
- [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
- [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
@@ -4148,6 +4375,9 @@ The following diagram shows the Policy configuration service provider in tree fo
- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
+- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
+- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
+- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
@@ -4169,6 +4399,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
- [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
+- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
- [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
- [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
- [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
@@ -4202,7 +4436,9 @@ The following diagram shows the Policy configuration service provider in tree fo
- [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
- [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
- [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
+- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
- [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
+- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
@@ -4367,6 +4603,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
- [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
- [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
+- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
@@ -4498,6 +4735,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
- [Settings/AllowDateTime](#settings-allowdatetime)
- [Settings/AllowVPN](#settings-allowvpn)
+- [System/AllowFontProviders](#system-allowfontproviders)
- [System/AllowLocation](#system-allowlocation)
- [System/AllowTelemetry](#system-allowtelemetry)
- [Update/AllowAutoUpdate](#update-allowautoupdate)
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 774334df19..02d3d2895e 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - ApplicationDefaults
@@ -189,20 +189,14 @@ If you do not configure this policy setting, the default behavior depends on the
ADMX Info:
- GP English name: *Configure web-to-app linking with app URI handlers*
- GP name: *EnableAppUriHandlers*
+- GP path: *System/Group Policy*
- GP ADMX file name: *GroupPolicy.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 4abd17e1d1..082ad6881d 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - ApplicationManagement
@@ -597,20 +597,14 @@ This policy setting is designed for less restrictive environments. It can be use
ADMX Info:
- GP English name: *Allow user control over installs*
- GP name: *EnableUserControl*
+- GP path: *Windows Components/Windows Installer*
- GP ADMX file name: *MSI.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
-
@@ -661,25 +655,20 @@ If you disable or do not configure this policy setting, the system applies the c
Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.
Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure.
+
ADMX Info:
- GP English name: *Always install with elevated privileges*
- GP name: *AlwaysInstallElevated*
+- GP path: *Windows Components/Windows Installer*
- GP ADMX file name: *MSI.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
-
@@ -729,7 +718,9 @@ Most restricted value is 1.
ADMX Info:
+- GP English name: *Only display the private store within the Microsoft Store*
- GP name: *RequirePrivateStoreOnly*
+- GP path: *Windows Components/Store*
- GP ADMX file name: *WindowsStore.admx*
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 7e6fb10c8d..386d22dfe2 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - AppRuntime
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
**AppRuntime/AllowMicrosoftAccountsToBeOptional**
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 76ccab305a..514ff83491 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03//2018
+ms.date: 04/16/2018
---
# Policy CSP - Browser
@@ -2191,10 +2191,17 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code.
+Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code.
+
+ADMX Info:
+- GP English name: *Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed*
+- GP name: *PreventTabPreloading*
+- GP path: *Windows Components/Microsoft Edge*
+- GP ADMX file name: *MicrosoftEdge.admx*
+
The following list shows the supported values:
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 431c59baa4..9c86945186 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - Cellular
@@ -92,8 +92,10 @@ If an app is open when this Group Policy object is applied on a device, employee
ADMX Info:
+- GP English name: *Let Windows apps access cellular data*
- GP name: *LetAppsAccessCellularData*
- GP element: *LetAppsAccessCellularData_Enum*
+- GP path: *Network/WWAN Service/Cellular Data Access*
- GP ADMX file name: *wwansvc.admx*
@@ -150,8 +152,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
ADMX Info:
+- GP English name: *Let Windows apps access cellular data*
- GP name: *LetAppsAccessCellularData*
- GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List*
+- GP path: *Network/WWAN Service/Cellular Data Access*
- GP ADMX file name: *wwansvc.admx*
@@ -200,8 +204,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
ADMX Info:
+- GP English name: *Let Windows apps access cellular data*
- GP name: *LetAppsAccessCellularData*
- GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List*
+- GP path: *Network/WWAN Service/Cellular Data Access*
- GP ADMX file name: *wwansvc.admx*
@@ -250,8 +256,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
ADMX Info:
+- GP English name: *Let Windows apps access cellular data*
- GP name: *LetAppsAccessCellularData*
- GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List*
+- GP path: *Network/WWAN Service/Cellular Data Access*
- GP ADMX file name: *wwansvc.admx*
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index e347fbd029..edd5e6b205 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - CredentialsDelegation
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
**CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials**
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index cf43d37c41..9b31c6322f 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - DeliveryOptimization
@@ -1219,8 +1219,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i
ADMX Info:
+- GP English name: *Maximum Background Download Bandwidth (percentage)*
- GP name: *PercentageMaxBackgroundBandwidth*
- GP element: *PercentageMaxBackgroundBandwidth*
+- GP path: *Windows Components/Delivery Optimization*
- GP ADMX file name: *DeliveryOptimization.admx*
@@ -1231,6 +1233,15 @@ ADMX Info:
**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead.
@@ -1282,8 +1293,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i
ADMX Info:
+- GP English name: *Maximum Foreground Download Bandwidth (percentage)*
- GP name: *PercentageMaxForegroundBandwidth*
- GP element: *PercentageMaxForegroundBandwidth*
+- GP path: *Windows Components/Delivery Optimization*
- GP ADMX file name: *DeliveryOptimization.admx*
@@ -1388,7 +1401,7 @@ The following list shows the supported values:
-Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
> [!TIP]
@@ -1454,7 +1467,7 @@ This policy allows an IT Admin to define the following:
-Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
+Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
> [!TIP]
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 1a791a7b71..4ffde366c7 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - DeviceLock
@@ -1036,6 +1036,29 @@ GP Info:
**DeviceLock/PreventEnablingLockScreenCamera**
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 89b92cd690..6c9a23cd61 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 04/02/2018
+ms.date: 04/16/2018
---
# Policy CSP - EventLogService
@@ -200,7 +200,7 @@ ADMX Info:
This policy setting specifies the maximum size of the log file in kilobytes.
-If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 51935ec669..38e01b4868 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - Experience
@@ -436,6 +436,15 @@ The following list shows the supported values:
**Experience/AllowSaveAsOfOfficeFiles**
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
This policy is deprecated.
@@ -503,6 +512,15 @@ The following list shows the supported values:
**Experience/AllowSharingOfOfficeFiles**
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
This policy is deprecated.
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 9216df0e67..df185f9924 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - FileExplorer
@@ -35,6 +35,29 @@ ms.date: 03/12/2018
**FileExplorer/TurnOffDataExecutionPreventionForExplorer**
+
+
@@ -76,7 +79,6 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
@@ -123,7 +125,6 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
@@ -170,7 +171,6 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
@@ -187,6 +187,58 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
+
+**KioskBrowser/EnableEndSessionButton**
+
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
4
+
4
+
4
+
4
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Enables kiosk browser's end session button. When the policy is enabled, the kiosk browser enables a button to reset the browser by navigating back to the default URL and clearing the browsing data (cache, cookies, etc). When the user clicks on the button, the app will prompt the user for confirmation to end the session.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**KioskBrowser/EnableHomeButton**
@@ -217,7 +269,6 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
@@ -264,7 +315,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
@@ -311,7 +361,6 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation but
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
-> * User
> * Device
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 5c860249fc..15c57e928a 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/16/2018
+ms.date: 04/16/2018
---
# Policy CSP - LanmanWorkstation
@@ -78,20 +78,14 @@ Insecure guest logons are used by file servers to allow unauthenticated access t
ADMX Info:
- GP English name: *Enable insecure guest logons*
- GP name: *Pol_EnableInsecureGuestLogons*
+- GP path: *Network/Lanman Workstation*
- GP ADMX file name: *LanmanWorkstation.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 8759b6d49a..bed4009f6a 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - MSSecurityGuide
@@ -47,6 +47,29 @@ ms.date: 03/12/2018
**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon**
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index bd162cb868..e5838dc453 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/15/2018
+ms.date: 04/16/2018
---
# Policy CSP - Notifications
@@ -80,29 +80,28 @@ If you enable this policy setting, notifications can still be raised by applicat
If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications.
No reboots or service restarts are required for this policy setting to take effect.
+
ADMX Info:
- GP English name: *Turn off notifications network usage*
- GP name: *NoCloudNotification*
+- GP path: *Start Menu and Taskbar/Notifications*
- GP ADMX file name: *WPN.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
Validation:
1. Enable policy
2. Reboot machine
3. Ensure that you can't receive a notification from Facebook app while FB app isn't running
+
+
+
@@ -191,6 +190,7 @@ The following list shows the supported values:
4
+
@@ -211,22 +211,20 @@ If you enable this policy setting, applications and system features will not be
If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user.
No reboots or service restarts are required for this policy setting to take effect.
+
ADMX Info:
- GP English name: *Turn off tile notifications*
- GP name: *NoTileNotification*
+- GP path: *Start Menu and Taskbar/Notifications*
- GP ADMX file name: *WPN.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
Validation:
1. Enable policy
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index fc85260394..9b6886930d 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - Power
@@ -57,6 +57,29 @@ ms.date: 03/12/2018
**Power/AllowStandbyStatesWhenSleepingOnBattery**
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
@@ -191,7 +214,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
@@ -255,7 +278,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
@@ -319,7 +342,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
@@ -383,7 +406,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
@@ -571,7 +594,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
@@ -635,7 +658,7 @@ ADMX Info:
-Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 7fee0be3b0..4ac73d9f96 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -65,7 +65,7 @@ ms.date: 03/12/2018
-Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled.
+Added in Windows 10, version 1803. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Disabled.
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 07ba3d94de..5f1af3e3c0 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - TextInput
@@ -680,29 +680,6 @@ The following list shows the supported values:
**TextInput/AllowLinguisticDataCollection**
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
-
-
-
-
-
-
-
-
-
-
-
-
-
[Scope](./policy-configuration-service-provider.md#policy-scope):
@@ -717,21 +694,16 @@ The following list shows the supported values:
ADMX Info:
+- GP English name: *Improve inking and typing recognition*
- GP name: *AllowLinguisticDataCollection*
+- GP path: *Windows Components/Text Input*
- GP ADMX file name: *TextInput.admx*
This setting supports a range of values between 0 and 1.
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 70198e988d..5462333ba5 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - Update
@@ -917,6 +917,15 @@ The following list shows the supported values:
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
@@ -2138,6 +2147,15 @@ ADMX Info:
**Update/PhoneUpdateRestrictions**
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index c5ac238f1d..4f33bd0bdf 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/16/2018
---
# Policy CSP - WindowsConnectionManager
@@ -32,6 +32,29 @@ ms.date: 03/12/2018
**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
@@ -270,6 +293,29 @@ To validate on Desktop, do the following:
**WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart**
+
+
+
+
[Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index a533138079..65e4a03576 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/16/2018
---
# WiFi CSP
@@ -31,6 +31,9 @@ The following image shows the WiFi configuration service provider in tree format
The following list shows the characteristics and parameters.
+**Device or User profile**
+For user profile, use ./User/Vendor/MSFT/Wifi path and for device profile, use ./Device/Vendor/MSFT/Wifi path.
+
**Profile**
Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase in case of WEP or WPA2 networks.
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index e123d33d74..80bd272f42 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -94,7 +94,16 @@ Added in Windows 10, version 1803. This policy setting allows you to determine w
- 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.
**Status**
-
Returns status on Application Guard installation and pre-requisites. Value type is integer. Supported operation is Get.
+
Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. Value type is integer. Supported operation is Get.
+
+Bit 0 - Set to 1 when WDAG is enabled into enterprise manage mode
+Bit 1 - Set to 1 when the client machine is Hyper-V capable
+Bit 2 - Set to 1 when the client machine has a valid OS license and SKU
+Bit 3 - Set to 1 when WDAG installed on the client machine
+Bit 4 - Set to 1 when required Network Isolation Policies are configured
+Bit 5 - Set to 1 when the client machine meets minimum hardware requirements
+
+
**InstallWindowsDefenderApplicationGuard**
Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 9768a7eb0b..21616cfe36 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -3,9 +3,9 @@
## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-## [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
-## [Windows 10, version 1709 diagnostic data for the Full telemetry level](windows-diagnostic-data.md)
-## [Windows 10, version 1703 diagnostic data for the Full telemetry level](windows-diagnostic-data-1703.md)
+## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
+## [Windows 10, version 1709 diagnostic data for the Full level](windows-diagnostic-data.md)
+## [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
## [Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md)
@@ -17,7 +17,7 @@
### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
#### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md)
#### [Use AppLocker to create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-applocker.md)
-#### [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
+### [Assigned Access configuration (kiosk) XML reference](kiosk-xml.md)
## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md)
@@ -72,6 +72,7 @@
### [PowerShell cmdlets for provisioning Windows 10 (reference)](provisioning-packages/provisioning-powershell.md)
### [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md)
### [Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md)
+#### [AccountManagement](wcd/wcd-accountmanagement.md)
#### [Accounts](wcd/wcd-accounts.md)
#### [ADMXIngestion](wcd/wcd-admxingestion.md)
#### [ApplicationManagement](wcd/wcd-applicationmanagement.md)
@@ -113,7 +114,8 @@
#### [OtherAssets](wcd/wcd-otherassets.md)
#### [Personalization](wcd/wcd-personalization.md)
#### [Policies](wcd/wcd-policies.md)
-#### [ProvisioningCommands](wcd/wcd-provisioningcommands.md)
+#### [ProvisioningCommands](wcd/wcd-provisioningcommands.md)
+#### [RcsPresence](wcd/wcd-rcspresence.md)
#### [SharedPC](wcd/wcd-sharedpc.md)
#### [Shell](wcd/wcd-shell.md)
#### [SMISettings](wcd/wcd-smisettings.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index b328c042ce..1668b99505 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,18 +8,26 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
-ms.date: 04/04/2018
+ms.date: 04/23/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## RELEASE: Windows 10, version 1803
+
+The topics in this library have been updated for Windows 10, version 1803. The following new topics have been added:
+
+- Windows Configuration Designer setting: [AccountManagement](wcd/wcd-accountmanagement.md)
+- Windows Configuration Designer setting: [RcsPresence](wcd/wcd-rcspresence.md)
+
## April 2018
New or changed topic | Description
--- | ---
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
## March 2018
diff --git a/windows/configuration/diagnostic-data-viewer-overview.md b/windows/configuration/diagnostic-data-viewer-overview.md
index fe1598c59f..4dd545540f 100644
--- a/windows/configuration/diagnostic-data-viewer-overview.md
+++ b/windows/configuration/diagnostic-data-viewer-overview.md
@@ -16,9 +16,7 @@ ms.date: 01/17/2018
**Applies to**
-- Windows 10, Windows Insider Preview
-
-[This information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
+- Windows 10, version 1803
## Introduction
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 2a03f2bf72..f8c9a70845 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.author: jdecker
-ms.date: 10/20/2017
+ms.date: 04/23/2018
---
# Guidelines for choosing an app for assigned access (kiosk mode)
@@ -42,39 +42,38 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
## Guidelines for web browsers
-Microsoft Edge and any third-party web browsers that can be set as a default browser have special permissions beyond that of most Windows apps. Microsoft Edge is not supported for assigned access.
+In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website.
-If you use a web browser as your assigned access app, consider the following tips:
+**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education).
-- You can download browsers that are optimized to be used as a kiosk from the Microsoft Store.
-- You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
- - [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
- - [WebView class](https://msdn.microsoft.com/library/windows/apps/windows.ui.xaml.controls.webview.aspx)
- - [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
+1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
+2. [Deploy **Kiosk Browser** to kiosk devices.](https://docs.microsoft.com/microsoft-store/distribute-offline-apps)
+3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md).
+
+>[!NOTE]
+>Microsoft Edge and any third-party web browsers that can be set as a default browser have special permissions beyond that of most Windows apps. Microsoft Edge is not currently supported for assigned access.
+
+
+You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
+- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
+- [WebView class](https://msdn.microsoft.com/library/windows/apps/windows.ui.xaml.controls.webview.aspx)
+- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
-**To block access to the file system from Internet Explorer's web address bar**
-1. On the Start screen, type the following:
- `gpedit.msc`
-2. Press **Enter** or click the gpedit icon to launch the group policy editor.
-3. In the group policy editor, navigate to **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar**.
-4. Select **Remove Run menu from Start Menu**, select **Disabled**, and click **Apply**. Disabling this policy prevents users from entering the following into the Internet Explorer Address Bar:
- - A UNC path (\\\\*server*\\\\*share*)
- - A local drive (C:\\)
- - A local folder (\temp)
## Secure your information
-Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting this type of apps if they provide unnecessary data access.
+Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration
-Some apps may require additional configurations before they can be used appropriately in assigned access . For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
-Check the guidelines published by your selected app and do the setup accordingly.
+Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
+
+Check the guidelines published by your selected app and set up accordingly.
## Develop your kiosk app
-Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock . The kiosk app is actually running as an above lock screen app.
+Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx).
@@ -82,7 +81,7 @@ Follow the [best practices guidance for developing a kiosk app for assigned acce
The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
- ## Learn more
+## Learn more
[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
new file mode 100644
index 0000000000..a39822d01e
--- /dev/null
+++ b/windows/configuration/kiosk-xml.md
@@ -0,0 +1,304 @@
+---
+title: Assigned Access configuration kiosk XML reference (Windows 10)
+description: XML and XSD for kiosk device configuration.
+ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
+keywords: ["lockdown", "app restrictions", "applocker"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: edu, security
+author: jdeckerms
+ms.localizationpriority: medium
+ms.date: 04/23/2018
+ms.author: jdecker
+---
+
+# Assigned Access configuration (kiosk) XML reference
+
+
+**Applies to**
+
+- Windows 10
+
+## Full XML sample
+
+>[!NOTE]
+>Updated for Windows 10, version 1803.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ]]>
+
+
+
+
+
+
+ domain\account
+
+
+
+ AzureAD\john@contoso.onmicrosoft.com
+
+
+
+ localaccount
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
+## Kiosk only sample XML
+
+```xml
+
+
+
+
+
+
+
+
+
+ singleappuser
+
+
+
+
+```
+
+
+## XSD for AssignedAccess configuration XML
+
+>[!NOTE]
+>Updated for Windows 10, version 1803.
+
+```xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 94ac63a7a7..acf6fd26ea 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
-ms.date: 02/08/2018
+ms.date: 04/23/2018
ms.author: jdecker
---
@@ -18,9 +18,14 @@ ms.author: jdecker
**Applies to**
-- Windows 10
+- Windows 10 Pro, Enterprise, and Education
+
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. In Windows 10, version 1803, you can also:
+
+- Configure [a single-app kiosk profile](#profile) in your XML file.
+- Assign [group accounts to a config profile](#config-for-group-accounts).
+- Configure [an account to sign in automatically](#config-for-autologon-account).
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app.
The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
@@ -121,7 +126,12 @@ You can start your file by pasting the following XML (or any other examples in t
#### Profile
-A profile section in the XML has the following entries:
+There are two types of profiles that you can specify in the XML:
+
+- **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
+- **Kiosk profile**: New in Windows 10, version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile will not see the desktop, but only the kiosk app running in full-screen mode.
+
+A lockdown profile section in the XML has the following entries:
- [**Id**](#id)
@@ -131,6 +141,13 @@ A profile section in the XML has the following entries:
- [**Taskbar**](#taskbar)
+A kiosk profile in the XML has the following entries:
+
+- [**Id**](#id)
+
+- [**KioskModeApp**](#kioskmodeapp)
+
+
##### Id
@@ -250,15 +267,53 @@ The following example hides the taskbar:
>[!NOTE]
>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
+##### KioskModeApp
+
+**KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML.
+
+```xml
+
+```
+
+>[!IMPORTANT]
+>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Direcotry account could potentially compromise confidential information.
+
+
#### Configs
Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
-The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
+The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.
+You can assign:
+- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
+- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
+- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only)
+
+>[!NOTE]
+>Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
+
+##### Config for AutoLogon Account
+
+When you use `` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart.
+
+```xml
+
+
+
+
+
+
+```
+
+>[!IMPORTANT]
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows}(https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
+
+##### Config for individual accounts
+
+Individual accounts are specified using ``.
-The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
- Local account can be entered as `machinename\account` or `.\account` or just `account`.
- Domain account should be entered as `domain\account`.
- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
@@ -284,10 +339,43 @@ Before applying the multi-app configuration, make sure the specified user accoun
+##### Config for group accounts
+
+Group accounts are specified using ``. Nested groups are not supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in ``, user A will not have the kiosk experience.
+
+- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute.
+
+ ```xml
+
+
+
+
+ ```
+- Domain group: Both security and distribution groups are supported. Specify the group type as **ActiveDirectoryGroup**. Use the domain name as the prefix in the name attribute.
+
+ ```xml
+
+
+
+
+ ```
+
+- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**.
+
+ ```xml
+
+
+
+
+ ```
+
+ >[!NOTE]
+ >If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+
### Add XML file to provisioning package
-Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
+Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
@@ -602,7 +690,7 @@ Lock the Taskbar | Enabled
Prevent users from adding or removing toolbars | Enabled
Prevent users from resizing the taskbar | Enabled
Remove frequent programs list from the Start Menu | Enabled
-Remove Pinned programs from the taskbar | Enabled
+Remove ‘Map Network Drive’ and ‘Disconnect Network Drive’ | Enabled
Remove the Security and Maintenance icon | Enabled
Turn off all balloon notifications | Enabled
Turn off feature advertisement balloon notifications | Enabled
@@ -626,9 +714,19 @@ Some of the MDM policies based on the [Policy configuration service provider (CS
Setting | Value | System-wide
--- | --- | ---
[Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes
+[Start/AllowPinnedFolderDocuments](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderDownloads](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderFileExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderHomeGroup](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderMusic](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderPersonalFolder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+[Start/AllowPinnedFolderPictures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
[Start/AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
-Start/HidePeopleBar | 1 - True (hide) | No
-[Start/HideChangeAccountSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes
+[Start/AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
+Start/DisableContextMenus | 1 - Context menus are hidden for Start apps | No
+[Start/HidePeopleBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidepeoplebar) | 1 - True (hide) | No
+[Start/HideChangeAccountSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes
[WindowsInkWorkspace/AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes
[Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No
[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes
diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index ddc0530800..e911b6fde5 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: high
author: brianlic-msft
ms.author: brianlic-msft
-ms.date: 03/22/2018
+ms.date: 04/09/2018
---
# Manage connections from Windows operating system components to Microsoft services
@@ -40,22 +40,30 @@ Note that **Get Help** and **Give us Feedback** links no longer work after the W
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+## What's new in Windows 10, version 1803 Enterprise edition
+
+Here's a list of changes that were made to this article for Windows 10, version 1803:
+
+- Added a policy to turn off privacy notifications
+- Added a policy to turn off configuration updates for the Books Library
+- Added a policy to turn off Address Bar drop-down list suggestions
+
## What's new in Windows 10, version 1709 Enterprise edition
Here's a list of changes that were made to this article for Windows 10, version 1709:
-- Added the Phone calls section.
-- Added the Storage Health section.
-- Added discussion of apps for websites in the Microsoft Store section.
+- Added the Phone calls section
+- Added the Storage Health section
+- Added discussion of apps for websites in the Microsoft Store section
## What's new in Windows 10, version 1703 Enterprise edition
Here's a list of changes that were made to this article for Windows 10, version 1703:
-- Added an MDM policy for Font streaming.
-- Added an MDM policy for Network Connection Status Indicator.
-- Added an MDM policy for the Micosoft Account Sign-In Assistant.
-- Added instructions for removing the Sticky Notes app.
+- Added an MDM policy for Font streaming
+- Added an MDM policy for Network Connection Status Indicator
+- Added an MDM policy for the Micosoft Account Sign-In Assistant
+- Added instructions for removing the Sticky Notes app
- Added registry paths for some Group Policies
- Added the Find My Device section
- Added the Tasks section
@@ -216,7 +224,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
-or-
-- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
-and-
@@ -228,7 +236,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
On Windows Server 2016 Nano Server:
-- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
>[!NOTE]
>CRL and OCSP network traffic is currently whitelisted and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
@@ -253,11 +261,11 @@ You can also apply the Group Policies using the following registry keys:
| Policy | Registry Path |
|------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search!AllowCortana REG_DWORD: 0|
-| Allow search and Cortana to use location | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search!AllowSearchToUseLocation REG_DWORD: 0 |
-| Do not allow web search | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search!DisableWebSearch REG_DWORD: 1 |
-| Don't search the web or display web results in Search| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search!ConnectedSearchUseWeb REG_DWORD: 0 |
-| Set what information is shared in Search | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search!ConnectedSearchPrivacy REG_DWORD: 3 |
+| Allow Cortana | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search REG_DWORD: AllowCortana Value: 0|
+| Allow search and Cortana to use location | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search REG_DWORD: AllowSearchToUseLocation Value: 0 |
+| Do not allow web search | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search REG_DWORD: DisableWebSearch Value: 1 |
+| Don't search the web or display web results in Search| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search REG_DWORD: ConnectedSearchUseWeb Value: 0 |
+| Set what information is shared in Search | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search REG_DWORD: ConnectedSearchPrivacy Value: 3 |
In Windows 10, version 1507 and Windows 10, version 1511, when you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
@@ -319,14 +327,14 @@ After that, configure the following:
-or -
-- Create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient!Enabled** and set it to 0 (zero).
+- Create a new REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient** and set it to 0 (zero).
### 4. Device metadata retrieval
To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Prevent device metadata retrieval from the Internet**.
-You can also create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata!PreventDeviceMetadataFromNetwork** to 1 (one).
+You can also create a new REG\_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
### 5. Find My Device
@@ -356,7 +364,7 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
- **true**. Font streaming is enabled.
-If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
+If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting named **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters** with a value of 1.
> [!NOTE]
> After you apply this policy, you must restart the device for it to take effect.
@@ -418,8 +426,8 @@ Use Group Policy to manage settings for Internet Explorer. You can find the Int
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. Default: Enabled You can also turn this off in the UI by clearing the **Internet Options** > **Advanced** > **Enable Suggested Sites** check box.|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the address bar. Default: Enabled|
-| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the address bar. Default: Disabled You can also turn this off in the UI by clearing the Internet Options > **Advanced** > **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the Address Bar. Default: Enabled|
+| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the Address Bar. Default: Disabled You can also turn this off in the UI by clearing the Internet Options > **Advanced** > **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. Default: Disabled|
| Prevent managing SmartScreen filter | Choose whether employees can manage the SmartScreen Filter in Internet Explorer. Default: Disabled |
@@ -427,11 +435,11 @@ Alternatively, you could use the registry to set the Group Policies.
| Policy | Registry path |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites!Enabled REG_DWORD: 0|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\AllowServicePoweredQSA REG_DWORD: 0|
-| Turn off the auto-complete feature for web addresses | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Explorer\\AutoComplete!AutoSuggest REG_SZ: **No** |
-| Turn off browser geolocation | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation!PolicyDisableGeolocation REG_DWORD: 1 |
-| Prevent managing SmartScreen filter | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\ Internet Explorer\\PhishingFilter!EnabledV9 REG_DWORD: 0 |
+| Turn on Suggested Sites| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites REG_DWORD: Enabled Value: 0|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer REG_DWORD: AllowServicePoweredQSA Value: 0|
+| Turn off the auto-complete feature for web addresses | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\AutoComplete REG_SZ: AutoSuggest Value: **No** |
+| Turn off browser geolocation | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Geolocation REG_DWORD: PolicyDisableGeolocation Value: 1 |
+| Prevent managing SmartScreen filter | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter REG_DWORD: EnabledV9 Value: 0 |
There are three more Group Policy objects that are used by Internet Explorer:
@@ -445,9 +453,9 @@ You can also use registry entries to set these Group Policies.
| Policy | Registry path |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Choose whether employees can configure Compatibility View. | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation!MSCompatibilityMode REG_DWORD: 0|
-| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead!Enabled REG_DWORD: 0|
-| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds!BackgroundSyncStatus REG_DWORD:0 |
+| Choose whether employees can configure Compatibility View. | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation REG_DWORD: MSCompatibilityMode Value: 0|
+| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead REG_DWORD: Enabled Value: 0|
+| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds REG_DWORD: BackgroundSyncStatus Value: 0|
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
@@ -477,7 +485,7 @@ To turn off Live Tiles:
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications!NoCloudApplicationNotification**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one).
In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
@@ -501,7 +509,7 @@ To turn off the Windows Mail app:
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Mail!ManualLaunchAllowed**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **ManualLaunchAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Mail** with a value of 0 (zero).
### 11. Microsoft Account
@@ -511,7 +519,7 @@ To prevent communication to the Microsoft Account cloud authentication service.
-or-
-- Create a REG\_DWORD registry setting called **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!NoConnectedUser**, with a value of 3.
+- Create a REG\_DWORD registry setting named **NoConnectedUser** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System** with a value of 3.
To disable the Microsoft Account Sign-In Assistant:
- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
@@ -530,11 +538,11 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Allow configuration updates for the Books Library | Choose whether configuration updates are done for the Books Library. Default: Not configured |
+| Allow configuration updates for the Books Library | Choose whether configuration updates are done for the Books Library. Default: Disabled |
| Configure Autofill | Choose whether employees can use autofill on websites. Default: Enabled |
| Configure Do Not Track | Choose whether employees can send Do Not Track headers. Default: Disabled |
| Configure Password Manager | Choose whether employees can save passwords locally on their devices. Default: Enabled |
-| Configure search suggestions in Address bar | Choose whether the address bar shows search suggestions. Default: Enabled |
+| Configure search suggestions in Address Bar | Choose whether the Address Bar shows search suggestions. Default: Enabled |
| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) Configure SmartScreen Filter (Windows Server 2016) | Choose whether Windows Defender SmartScreen is turned on or off. Default: Enabled |
| Allow web content on New Tab page | Choose whether a new tab page appears. Default: Enabled |
| Configure Start pages | Choose the Start page for domain-joined devices. Set this to **\** |
@@ -545,10 +553,11 @@ The Windows 10, version 1511 Microsoft Edge Group Policy names are:
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Allow address bar drop-down list suggestions | Choose whether employees can use Address Bar drop-down list suggestions. Default: Disabled |
| Turn off autofill | Choose whether employees can use autofill on websites. Default: Enabled |
| Allow employees to send Do Not Track headers | Choose whether employees can send Do Not Track headers. Default: Disabled |
| Turn off password manager | Choose whether employees can save passwords locally on their devices. Default: Enabled |
-| Turn off address bar search suggestions | Choose whether the address bar shows search suggestions. Default: Enabled |
+| Turn off Address Bar search suggestions | Choose whether the Address Bar shows search suggestions. Default: Enabled |
| Turn off the SmartScreen Filter | Choose whether SmartScreen is turned on or off. Default: Enabled |
| Open a new tab with an empty tab | Choose whether a new tab page appears. Default: Enabled |
| Configure corporate Home pages | Choose the corporate Home page for domain-joined devices. Set this to **about:blank** |
@@ -557,14 +566,15 @@ Alternatively, you can configure the Microsoft Group Policies using the followin
| Policy | Registry path |
| - | - |
-| Allow configuration updates for the Books Library | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary!AllowConfigurationUpdateForBooksLibrary REG_DWORD: **0** |
-| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!Use FormSuggest REG_SZ: **no** |
-| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!DoNotTrack REG_DWORD: 1 |
-| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!FormSuggest Passwords REG_SZ: **no** |
-| Configure search suggestions in Address bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes!ShowSearchSuggestionsGlobal REG_DWORD: 0|
-| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter!EnabledV9 REG_DWORD: 0 |
-| Allow web content on New Tab page | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes!AllowWebContentOnNewTabPage REG_DWORD: 0 |
-| Configure corporate Home pages | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI!ProvisionedHomePages REG_DWORD: 0|
+| Allow Address Bar drop-down list suggestions | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI REG_DWORD name: ShowOneBox Value: 0|
+| Allow configuration updates for the Books Library | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary REG_DWORD name: AllowConfigurationUpdateForBooksLibrary Value: 0|
+| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main REG_SZ name: Use FormSuggest Value : **no** |
+| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main REG_DWORD name: DoNotTrack REG_DWORD: 1 |
+| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main REG_SZ name: FormSuggest Passwords REG_SZ: **no** |
+| Configure search suggestions in Address Bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes REG_DWORD name: ShowSearchSuggestionsGlobal Value: 0|
+| Configure Windows Defender SmartScreen Filter (Windows 10, version 1703) | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\PhishingFilter REG_DWORD name: EnabledV9 Value: 0 |
+| Allow web content on New Tab page | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes REG_DWORD name: AllowWebContentOnNewTabPage Value: 0 |
+| Configure corporate Home pages | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI REG_DWORD name: ProvisionedHomePages Value: 0|
### 12.2 Microsoft Edge MDM policies
@@ -577,7 +587,7 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http
| Browser/AllowDoNotTrack | Choose whether employees can send Do Not Track headers. Default: Not allowed |
| Browser/AllowMicrosoftCompatbilityList | Specify the Microsoft compatibility list in Microsoft Edge. Default: Enabled |
| Browser/AllowPasswordManager | Choose whether employees can save passwords locally on their devices. Default: Allowed |
-| Browser/AllowSearchSuggestionsinAddressBar | Choose whether the address bar shows search suggestions.. Default: Allowed |
+| Browser/AllowSearchSuggestionsinAddressBar | Choose whether the Address Bar shows search suggestions.. Default: Allowed |
| Browser/AllowSmartScreen | Choose whether SmartScreen is turned on or off. Default: Allowed |
| Browser/FirstRunURL | Choose the home page for Microsoft Edge on Windows Mobile 10. Default: blank |
@@ -601,7 +611,7 @@ You can turn off NCSI by doing one of the following:
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator!NoActiveProbe**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **NoActiveProbe** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator** with a value of 1 (one).
### 14. Offline maps
@@ -611,7 +621,7 @@ You can turn off the ability to download and update offline maps.
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps!AutoDownloadAndUpdateMapData**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
-and-
@@ -619,7 +629,7 @@ You can turn off the ability to download and update offline maps.
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps!AllowUntriggeredNetworkTrafficOnSettingsPage**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **AllowUntriggeredNetworkTrafficOnSettingsPage** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
### 15. OneDrive
@@ -629,11 +639,11 @@ To turn off OneDrive in your organization:
-or-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive!DisableFileSyncNGSC**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DisableFileSyncNGSC** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive** with a value of 1 (one).
-and-
-- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\OneDrive\\PreventNetworkTrafficPreUserSignIn**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\OneDrive** with a value of 1 (one).
### 16. Preinstalled apps
@@ -816,11 +826,11 @@ To turn off **Let apps use advertising ID to make ads more interesting to you ba
-or-
-- Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo!DisabledByGroupPolicy**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
To turn off **Let websites provide locally relevant content by accessing my language list**:
@@ -828,7 +838,7 @@ To turn off **Let websites provide locally relevant content by accessing my lang
-or-
-- Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
+- Create a new REG\_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile** with a value of 1.
To turn off **Let Windows track app launches to improve Start and search results**:
@@ -836,7 +846,7 @@ To turn off **Let Windows track app launches to improve Start and search results
-or-
-- Create a REG_DWORD registry setting called **Start_TrackProgs** with value of 0 (zero) in **HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced**
+- Create a REG_DWORD registry setting named **Start_TrackProgs** in **HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced** with value of 0 (zero).
#### Windows Server 2016 and Windows 10, version 1607 and earlier options
@@ -853,11 +863,11 @@ To turn off **Let apps use my advertising ID for experiences across apps (turnin
-or-
-- Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo** with a value of 0 (zero).
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo!DisabledByGroupPolicy**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DisabledByGroupPolicy** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AdvertisingInfo** with a value of 1 (one).
To turn off **Turn on SmartScreen Filter to check web content (URLs) that Microsoft Store apps use**:
@@ -885,11 +895,11 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Micros
-or-
-- Create a REG\_DWORD registry setting called **EnableWebContentEvaluation** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **EnableWebContentEvaluation** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost** with a value of 0 (zero).
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System!EnableSmartScreen**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **EnableSmartScreen** in **HKEY\_LOCAL\_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System** with a value of 0 (zero).
To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
@@ -914,7 +924,7 @@ To turn off **Let websites provide locally relevant content by accessing my lang
-or-
-- Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
+- Create a new REG\_DWORD registry setting named **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile** with a value of 1.
To turn off **Let apps on my other devices open apps and continue experiences on this devices**:
@@ -926,13 +936,12 @@ To turn off **Let apps on my other devices open apps and continue experiences on
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System!EnableCdp**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **EnableCdp** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a value of 0 (zero).
To turn off **Let apps on my other devices use Bluetooth to open apps and continue experiences on this device**:
- Turn off the feature in the UI.
-
### 17.2 Location
In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
@@ -947,7 +956,7 @@ To turn off **Location for this device**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessLocation**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy**, with a value of 2 (two).
-or-
@@ -980,7 +989,7 @@ To turn off **Location**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\LocationAndSensors!DisableLocation**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one).
-or-
@@ -1008,7 +1017,7 @@ To turn off **Let apps use my camera**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCamera**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
-or-
@@ -1057,7 +1066,7 @@ To turn off **Let apps use my microphone**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMicrophone**, with a value of 2 (two)
+- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
To turn off **Choose apps that can use your microphone**:
@@ -1071,10 +1080,18 @@ To turn off notifications network usage:
- Set to **Enabled**.
- -or-
+ -or-
-- Create a REG\_DWORD registry setting in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications!NoCloudApplicationNotification**, with a value of 1 (one)
+- Create a REG\_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one)
+ -or-
+
+
+- Apply the Notifications/DisallowCloudNotification MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification), where:
+
+ - **0**. WNS notifications allowed
+ - **1**. No WNS notifications allowed
+
In the **Notifications** area, you can also choose which apps have access to notifications.
To turn off **Let apps access my notifications**:
@@ -1097,7 +1114,7 @@ To turn off **Let apps access my notifications**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessNotifications**, with a value of 2 (two)
+- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
### 17.6 Speech, inking, & typing
@@ -1116,15 +1133,15 @@ To turn off the functionality:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\InputPersonalization!RestrictImplicitInkCollection**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one).
-or-
-- Create a REG\_DWORD registry setting called **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings** with a value of 0 (zero).
-and-
-- Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of 0 (zero).
If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models:
@@ -1139,7 +1156,7 @@ Apply the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https:/
-or-
-- Create a REG\_DWORD registry setting called **ModelDownloadAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Preferences**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **ModelDownloadAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Preferences** with a value of 0 (zero).
### 17.7 Account info
@@ -1165,7 +1182,7 @@ To turn off **Let apps access my name, picture, and other account info**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessAccountInfo**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose the apps that can access your account info**:
@@ -1193,6 +1210,10 @@ To turn off **Choose apps that can access contacts**:
- **1**. Force allow
- **2**. Force deny
+ -or-
+
+- Create a REG\_DWORD registry setting named **LetAppsAccessContacts** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+
### 17.9 Calendar
In the **Calendar** area, you can choose which apps have access to an employee's calendar.
@@ -1217,7 +1238,7 @@ To turn off **Let apps access my calendar**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCalendar**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessCalendar** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose apps that can access calendar**:
@@ -1247,7 +1268,7 @@ To turn off **Let apps access my call history**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCallHistory**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 17.11 Email
@@ -1273,7 +1294,7 @@ To turn off **Let apps access and send email**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessEmail**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 17.12 Messaging
@@ -1299,7 +1320,7 @@ To turn off **Let apps read or send messages (text or MMS)**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose apps that can read or send messages**:
@@ -1329,7 +1350,7 @@ To turn off **Let apps make phone calls**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessPhone**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose apps that can make phone calls**:
@@ -1360,7 +1381,7 @@ To turn off **Let apps control radios**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessRadios**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose apps that can control radios**:
@@ -1389,7 +1410,7 @@ To turn off **Let apps automatically share and sync info with wireless devices t
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsSyncWithDevices**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
@@ -1420,7 +1441,7 @@ To change how frequently **Windows should ask for my feedback**:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\DataCollection!DoNotShowFeedbackNotifications**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one).
-or-
@@ -1441,7 +1462,6 @@ To change how frequently **Windows should ask for my feedback**:
| Once a week | 6048000000000 | 1 |
-
To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**:
- Click either the **Basic** or **Full** options.
@@ -1452,7 +1472,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry**, with a value of 0-3, as appropriate for your deployment (see below for the values for each level).
+- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection\\AllowTelemetry** with a value of 0-3, as appropriate for your deployment (see below for the values for each level).
> [!NOTE]
> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
@@ -1540,7 +1560,7 @@ To turn off **Let Windows and your apps use your motion data and collect motion
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMotion**, with a value of 2 (two).
+- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 17.19 Tasks
@@ -1593,10 +1613,6 @@ For Windows 10:
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
- -or-
-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessContacts**, with a value of 2 (two).
-
-or-
- Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is disabled (default) and 1 is enabled.
@@ -1607,7 +1623,7 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform!NoGenTicket**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
@@ -1631,7 +1647,7 @@ You can control if your settings are synchronized:
-or-
-- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync!DisableSettingSync**, with a value of 2 (two) and **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync!DisableSettingSyncUserOverride**, with a value of 1 (one).
+- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync!DisableSettingSyncUserOverride** with a value of 1 (one).
-or-
@@ -1647,7 +1663,7 @@ You can control if your settings are synchronized:
To turn off Messaging cloud sync:
-- Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
+- Create a REG\_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging** with a value of 0 (zero).
### 21. Teredo
@@ -1660,7 +1676,7 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
-or-
-- Create a new REG\_SZ registry setting called in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition!Teredo_State**, with a value of **Disabled**.
+- Create a new REG\_SZ registry setting named **Teredo_State** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\TCPIP\\v6Transition** with a value of **Disabled**.
-or-
@@ -1680,7 +1696,7 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha
-or-
-- Create a new REG\_DWORD registry setting called **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config**, with a value of 0 (zero).
+- Create a new REG\_DWORD registry setting named **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config** with a value of 0 (zero).
-or-
@@ -1700,7 +1716,7 @@ You can disconnect from the Microsoft Antimalware Protection Service.
-or-
-- Delete the registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates!DefinitionUpdateFileSharesSources**.
+- Delete the registry setting **named** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates**.
-or-
@@ -1714,8 +1730,6 @@ You can disconnect from the Microsoft Antimalware Protection Service.
From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0**
-
-
You can stop sending file samples back to Microsoft.
- Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
@@ -1746,7 +1760,7 @@ You can stop downloading definition updates:
-or-
-- Create a new REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates!FallbackOrder**, with a value of **FileShares**.
+- Create a new REG\_SZ registry setting named **FallbackOrder** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates!** with a value of **FileShares**.
For Windows 10 only, you can stop Enhanced Notifications:
@@ -1785,7 +1799,7 @@ If you're running Windows 10, version 1607 or later, you only need to enable the
-or-
-- Create a new REG\_DWORD registry setting in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
+- Create a new REG\_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
@@ -1794,7 +1808,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
- **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**.
> [!NOTE]
- > In Windows 10, version 1507 and Windows 10, version 1511, this setting was called **Show me tips, tricks, and more on the lock screen**.
+ > In Windows 10, version 1507 and Windows 10, version 1511, this setting was named **Show me tips, tricks, and more on the lock screen**.
- **Personalization** > **Start** > **Occasionally show suggestions in Start**.
@@ -1817,13 +1831,13 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
-or-
- - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableSoftLanding**, with a value of 1 (one).
+ - Create a new REG\_DWORD registry setting named **DisableSoftLanding** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
- **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences**.
-or-
- - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsConsumerFeatures**, with a value of 1 (one).
+ - Create a new REG\_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
For more info, see [Windows Spotlight on the lock screen](windows-spotlight.md).
@@ -1838,13 +1852,13 @@ On Windows Server 2016, this will block Microsoft Store calls from Universal Win
-or-
- - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!DisableStoreApps**, with a value of 1 (one).
+ - Create a new REG\_DWORD registry setting named **DisableStoreApps** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 1 (one).
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Store** > **Turn off Automatic Download and Install of updates**.
-or-
- - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!AutoDownload**, with a value of 2 (two).
+ - Create a new REG\_DWORD registry setting named **AutoDownload** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 2 (two).
### 26.1 Apps for websites
@@ -1880,7 +1894,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
| Max Cache Size | Lets you specify the maximum cache size as a percentage of disk size. The default value is 20, which represents 20% of the disk.|
| Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. The default value is 0, which means unlimited possible bandwidth.|
-You can also set the **Download Mode** policy by creating a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization!DODownloadMode**, with a value of 100 (one hundred).
+You can also set the **Download Mode** policy by creating a new REG\_DWORD registry setting named **DODownloadMode** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** with a value of 100 (one hundred).
### 27.3 Delivery Optimization MDM policies
@@ -1915,15 +1929,15 @@ For more info about Delivery Optimization in general, see [Windows Update Delive
You can turn off Windows Update by setting the following registry entries:
-- Add a REG\_DWORD value called **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+- Add a REG\_DWORD value named **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-and-
-- Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+- Add a REG\_DWORD value named **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-and-
-- Add a REG\_DWORD value called **UseWUServer** to **HKEY\_LOCAL\_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU** and set the value to 1.
+- Add a REG\_DWORD value named **UseWUServer** to **HKEY\_LOCAL\_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU** and set the value to 1.
-or-
@@ -1940,7 +1954,7 @@ You can turn off Windows Update by setting the following registry entries:
You can turn off automatic updates by doing one of the following. This is not recommended.
-- Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
+- Add a REG\_DWORD value named **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
-or-
diff --git a/windows/configuration/mobile-devices/provisioning-nfc.md b/windows/configuration/mobile-devices/provisioning-nfc.md
index fc11afb5d6..68d77e21b8 100644
--- a/windows/configuration/mobile-devices/provisioning-nfc.md
+++ b/windows/configuration/mobile-devices/provisioning-nfc.md
@@ -16,6 +16,7 @@ ms.date: 07/27/2017
- Windows 10 Mobile
+
Near field communication (NFC) enables Windows 10 Mobile Enterprise and Windows 10 Mobile devices to communicate with an NFC tag or another NFC-enabled transmitting device. Enterprises that do bulk provisioning can use NFC-based device provisioning to provide a provisioning package to the device that's being provisioned. NFC provisioning is simple and convenient and it can easily store an entire provisioning package.
The NFC provisioning option enables the administrator to provide a provisioning package during initial device setup (the out-of-box experience or OOBE phase). Administrators can use the NFC provisioning option to transfer provisioning information to persistent storage by tapping an unprovisioned mobile device to an NFC tag or NFC-enabled device. To use NFC for pre-provisioning a device, you must either prepare your own NFC tags by storing your provisioning package to a tag as described in this section, or build the infrastructure needed to transmit a provisioning package between an NFC-enabled device and a mobile device during OOBE.
diff --git a/windows/configuration/multi-app-kiosk-xml.md b/windows/configuration/multi-app-kiosk-xml.md
deleted file mode 100644
index 8babcdefec..0000000000
--- a/windows/configuration/multi-app-kiosk-xml.md
+++ /dev/null
@@ -1,175 +0,0 @@
----
-title: Multi-app kiosk XML reference (Windows 10)
-description: XML and XSD for multi-app kiosk device configuration.
-ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
-keywords: ["lockdown", "app restrictions", "applocker"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: edu, security
-author: jdeckerms
-ms.localizationpriority: medium
-ms.date: 08/14/2017
-ms.author: jdecker
----
-
-# Multi-app kiosk XML reference
-
-
-**Applies to**
-
-- Windows 10
-
-## Full XML sample
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ]]>
-
-
-
-
-
-
- MultiAppKioskUser
-
-
-
-
-```
-
-## XSD for AssignedAccess configuration XML
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
\ No newline at end of file
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index 20fc7040aa..96078d1791 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/13/2018
---
# Configure cellular settings for tablets and PCs
@@ -76,5 +76,39 @@ For users who work in different locations, you can configure one APN to connect
9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
+## Confirm the settings
+
+After you apply the provisioning package, you can confirm that the settings have been applied.
+
+1. On the configured device, open a command prompt as an administrator.
+
+2. Run the following command:
+
+ ```
+ netsh mbn show profiles
+ ```
+
+3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+
+ ```
+ netsh mbn show profiles name="name"
+ ```
+
+ This command will list details for that profile, including Access Point Name.
+
+
+Alternatively, you can also use the command:
+
+```
+netsh mbn show interface
+```
+
+From the results of that command, get the name of the cellular/mobile broadband interface and run:
+
+```
+netsh mbn show connection interface="name"
+```
+
+The result of that command will show details for the cellular interface, including Access Point Name.
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index c61c9169d8..24623f98ae 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -70,20 +70,22 @@ Provisioning packages can be:
The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
-
(Only device name and upgrade key)
-
Set up network
Connect to a Wi-Fi network
-
Account management
Enroll device in Active Directory,enroll device in Azure Active Directory,or create a local administrator account
-
Bulk Enrollment in Azure AD
Enroll device in Azure Active DirectoryBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup).
-
Add applications
Install applications using the provisioning package.
-
Add certificates
Include a certificate file in the provisioning package.
-
Configure kiosk account and app
Create local account to run the kiosk mode app,specify the app to run in kiosk mode
-
Configure kiosk common settings
Set tablet mode,configure welcome and shutdown screens,turn off timeout settings
(Only device name and upgrade key)
+
Set up network
Connect to a Wi-Fi network
+
Account management
Enroll device in Active Directory,enroll device in Azure Active Directory,or create a local administrator account
+
Bulk Enrollment in Azure AD
Enroll device in Azure Active DirectoryBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup).
+
Add applications
Install applications using the provisioning package.
+
Add certificates
Include a certificate file in the provisioning package.
+
Configure kiosk account and app
Create local account to run the kiosk mode app,specify the app to run in kiosk mode
+
Configure kiosk common settings
Set tablet mode,configure welcome and shutdown screens,turn off timeout settings
+
Developer Setup
Enable Developer Mode.
- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md)
- [Instructions for the kiosk wizard](../setup-kiosk-digital-signage.md#wizard)
-
+- [Instructions for the HoloLens wizard](https://docs.microsoft.com/hololens/hololens-provisioning#wizard)
>[!NOTE]
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 196d95eb81..81445be3ff 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -111,20 +111,14 @@ Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass
### Create a provisioning package for shared use
-1. [install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
+1. [Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
1. Open Windows Configuration Designer.
-
2. On the **Start page**, select **Advanced provisioning**.
-
3. Enter a name and (optionally) a description for the project, and click **Next**.
-
4. Select **All Windows desktop editions**, and click **Next**.
-
5. Click **Finish**. Your project opens in Windows Configuration Designer.
-
6. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization)
-
7. On the **File** menu, select **Save.**
8. On the **Export** menu, select **Provisioning package**.
9. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md
index c9b84f0646..b7614eab9c 100644
--- a/windows/configuration/setup-kiosk-digital-signage.md
+++ b/windows/configuration/setup-kiosk-digital-signage.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
-ms.date: 03/30/2018
+ms.date: 04/23/2018
---
# Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education
@@ -16,7 +16,7 @@ ms.date: 03/30/2018
**Applies to**
-- Windows 10
+- Windows 10 Pro, Enterprise, and Education
@@ -29,7 +29,7 @@ Some desktop devices in an enterprise serve a special purpose, such as a PC in t
**Which type of app will your kiosk run?** Your kiosk can run a Universal Windows Platform (UWP) app or a Classic Windows desktop application. When the kiosk account signs in, the kiosk app will launch automatically. If the kiosk app is closed, it will automatically restart.
>[!TIP]
->For **digital signage**, simply select a digital sign player as your kiosk app.
+>For **digital signage**, simply select a digital sign player as your kiosk app. You can also use the **Kiosk Browser** app ([new in Windows 10, version 1803)](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers) and configure it to show your online content.
**Which type of user account will be the kiosk account?** The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk.
@@ -142,8 +142,7 @@ If you do not want the kiosk account signed in automatically when the device res
To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
->[!NOTE]
->Single-app kiosk configuration using assigned access does not work on a device that is connected to more than one monitor.
+
@@ -201,6 +200,10 @@ Clear-AssignedAccess
>
>Account type: Local standard user
+>[!IMPORTANT]
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows}(https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
+
+Edit the registry to have an account automatically logged on.
When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Classic Windows application.
>[!IMPORTANT]
@@ -226,6 +229,9 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
>[!NOTE]
>If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
+>[!TIP]
+>You can also use [an XML file to configure both multi-app and single-app kiosks.](lock-down-windows-10-to-specific-apps.md)
+
@@ -281,6 +287,8 @@ The following steps explain how to configure a kiosk in Microsoft Intune. For ot
Using Shell Launcher, you can configure a kiosk device that runs a Classic Windows application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on.
>[!NOTE]
+>In Windows 10, version 1803, you can configure Shell Launcher using the **ShellLauncher** node of the [Assigned Access CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp).
+>
>You can also configure a kiosk device that runs a Classic Windows application by using the [Provision kiosk devices wizard](#wizard).
>[!WARNING]
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index c02424cee9..e8fae90b09 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -59,7 +59,7 @@ The following table lists the supported elements and attributes for the LayoutMo
| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to StartDo not use this tag with AppendDownloadOfficeTile |
+| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Do not use this tag with AppendDownloadOfficeTile |
| AppendDownloadOfficeTileParent:LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in StartDo not use this tag with AppendOfficeSuite |
### LayoutOptions
@@ -304,9 +304,23 @@ The following example shows how to add the **AppendOfficeSuite** tag to your Lay
```
+#### AppendOfficeSuiteChoice
+
+This tag is added in Windows 10, version 1803. You have two options in this tag:
+
+- ``
+- ``
+
+Use `Choice=DesktopBridgeSubscription` on devices running Windows 10, version 1803, that have Office 365 preinstalled. This will set the heading of the Office suite of tiles to **Office 365**, to highlight the Office 365 apps that you've made available on the device.
+
+Use `Choice=DesktopBridge` on devices running versions of Windows 10 earlier than version 1803, and on devices shipping with [perpetual licenses for Office](https://blogs.technet.microsoft.com/ausoemteam/2017/11/30/choosing-the-right-office-version-for-your-customers/). This will set the heading of the Office suite of tiles to **Create**.
+
+For more information, see [Customize the Office suite of tiles](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).
+
+
#### AppendDownloadOfficeTile
-You can use the **AppendDownloadOfficeTile** tag to append the Office trial installer to Start. This tag adds the Download Office tile to Start and the download tile will appear at the bottom right-hand side of the second group.
+You can use the **AppendDownloadOfficeTile** tag to append the Office trial installer to Start. This tag adds the **Download Office** tile to Start and the download tile will appear at the bottom right-hand side of the second group.
>[!NOTE]
>The OEM must have installed the Office trial installer for this tag to work.
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 318293c24d..af9099c374 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: store, mobile
author: TrudyHa
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 4/16/2018
---
# Configure access to Microsoft Store
@@ -77,6 +77,10 @@ You can also use Group Policy to manage access to Microsoft Store.
4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
+> [!Important]
+> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
+
+
## Block Microsoft Store using management tool
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 5ec8571305..301f4a7b07 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -16,8 +16,8 @@ ms.date: 03/08/2018
Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.
->**Note**
-The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
+>[!NOTE]
+>The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access.
@@ -94,13 +94,13 @@ A storage path must be configured on the client-side to tell where the personali
4. Select **Enabled**, fill in the **Settings storage path**, and click **OK**.
- - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+ - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.
**To set the storage path for UE-V with PowerShell**
1. In a PowerShell window, type **Set-uevConfiguration -SettingsStoragePath [StoragePath]** where **[StoragePath]** is the path to the location created in step 2 followed by **\%username%**.
- - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+ - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.
With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
new file mode 100644
index 0000000000..4059154f89
--- /dev/null
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -0,0 +1,54 @@
+---
+title: AccountManagement (Windows 10)
+description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.date: 04/23/2018
+---
+
+# AccountManagement (Windows Configuration Designer reference)
+
+Use these settings to configure the Account Manager service.
+
+## Applies to
+
+| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| [DeletionPolicy](#deletionpolicy) | | | | X | |
+| [EnableProfileManager](#enableprofilemanager) | | | | X | |
+| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | | X | |
+| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | | X | |
+| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | | X | |
+
+>[!NOTE]
+>Although the AccountManagement settings are available in advanced provisioning for other editions, you should only use them for HoloLens devices.
+
+
+## DeletionPolicy
+
+Use this setting to set a policy for deleting accounts.
+
+- **Delete immediately**: When the account signs out, it will be deleted immediately.
+- **Delete at storage capacity threshold**: Accounts will be deleted when available disk space falls below the threshold you set for **StorageCapacityStartDeletion**. When the available disk space reaches the threshold you set for **StorageCapacityStopDeletion**, the Account Manager will stop deleting accounts.
+- **Delete at storage capacity threshold and profile inactivity threshold**: This setting will apply the same disk space checks as noted above, and will also delete accounts if they have not signed in within the number of days specified by **ProfileInactivityThreshold**.
+
+## EnableProfileManager
+
+Set as **True** to enable automatic account management. If this is not set to **True**, no automatic account management will occur.
+
+
+## ProfileInactivityThreshold
+
+If you set **DeletionPolicy** as **Delete at storage capacity threshold and profile inactivity threshold**, use this setting to configure the number of days after which an account that has not signed in will be deleted.
+
+## StorageCapacityStartDeletion
+
+Enter the percent of total storage available for user profiles. If **DeletionPolicy** is set to **Delete at storage capacity threshold** or **Delete at storage capacity threshold and profile inactivity threshold**, profiles will be deleted when available storage capacity falls below this threshold, until the value that you set for **StorageCapacityStopDeletion** is reached. Profiles that have been inactive the longest will be deleted first.
+
+## StorageCapacityStopDeletion
+
+Enter the percent of total storage at which to stop deleting profiles. If **DeletionPolicy** is set to **Delete at storage capacity threshold** or **Delete at storage capacity threshold and profile inactivity threshold**, profiles will be deleted when available storage capacity falls below the threshold set for **StorageCapacityStartDeletion**, until the value that you set for **StorageCapacityStopDeletion** is reached. Profiles that have been inactive the longest will be deleted first.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index de3f2b1d0f..feb7e1fd05 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# Accounts (Windows Configuration Designer reference)
@@ -18,7 +18,7 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [Azure](#azure) | X | X | X | | |
+| [Azure](#azure) | X | X | X | X | |
| [ComputerAccount](#computeraccount) | X | | X | | X |
| [Users](#users) | X | | X | X | |
diff --git a/windows/configuration/wcd/wcd-applicationmanagement.md b/windows/configuration/wcd/wcd-applicationmanagement.md
index 620e90e378..8cef1f4bf4 100644
--- a/windows/configuration/wcd/wcd-applicationmanagement.md
+++ b/windows/configuration/wcd/wcd-applicationmanagement.md
@@ -15,7 +15,7 @@ ms.date: 09/12/2017
Use these settings to manage app installation and management.
>[!NOTE]
->ApplicationManagement settings are not available in Windows 10, version 1709.
+>ApplicationManagement settings are not available in Windows 10, version 1709, and later.
## Applies to
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index 683fe674f2..a7f0190a2d 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/14/2017
+ms.date: 04/23/2018
---
# AssignedAccess (Windows Configuration Designer reference)
@@ -19,7 +19,7 @@ Use this setting to configure single use (kiosk) devices.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [AssignedAccessSettings](#assignedaccesssettings) | X | | | X | |
-| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | X | | | | |
+| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | X | | | X | |
## AssignedAccessSettings
@@ -39,7 +39,7 @@ Enter the account and the application you want to use for Assigned access, using
Use this setting to configure a kiosk device that runs more than one app.
-1. [Create an assigned access configuration XML file for multiple apps.](../lock-down-windows-10-to-specific-apps.md)
+1. Create an assigned access configuration XML file for multiple apps [(desktop](../lock-down-windows-10-to-specific-apps.md) or [HoloLens)](https://docs.microsoft.com/hololens/hololens-provisioning).
2. In Windows Configuration Designer, select **MultiAppAssignedAccessSettings**.
3. Browse to and select the assigned access configuration XML file.
diff --git a/windows/configuration/wcd/wcd-automatictime.md b/windows/configuration/wcd/wcd-automatictime.md
index 703fc62918..8a63d101ea 100644
--- a/windows/configuration/wcd/wcd-automatictime.md
+++ b/windows/configuration/wcd/wcd-automatictime.md
@@ -7,21 +7,38 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# AutomaticTime (Windows Configuration Designer reference)
-Use these settings to configure automatic time updates.
+Use these settings to configure automatic time updates. Mobile devices primarily rely on Network Identify and Time zone (NITZ), which is provided by the mobile operator, to automatically update the time on the device. When NITZ is available from the cellular network, there are no issues maintaining accurate time in devices. However, for devices that do not have a SIM or have had the SIM removed for some time, or for devices that have a SIM but NITZ is not supported, the device may run into issues maintaining accurate time on the device.
+
+The OS includes support for Network Time Protocol (NTP), which enables devices to receive time when NITZ is not supported or when cellular data is not available. NTP gets the time by querying a server at a specified time interval. NTP is based on Coordinated Universal Time (UTC) and doesn't support time zone or daylight saving time so users will need to manually update the time zone after an update from NTP if users move between time zones.
## Applies to
| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
+| [EnableAutomaticTime](#enableautomatictime) | | X | | | |
+| [NetworkTimeUpdateThreshold](#networktimeupdatethreshold) | | X | | | |
+| [NTPEnabled](#ntpenabled) | | X | | | |
| [NTPRegularSyncInterval](#ntpregularsyncinterval) | | X | | | |
| [NTPRetryInterval](#ntpretryinterval) | | X | | | |
| [NTPServer](#ntpserver) | | X | | | |
+| [PreferredSlot](#preferredslot) | | X | | | |
+## EnableAutomaticTime
+
+Set to **True** to enable automatic time and to **False** to disable automatic time.
+
+## NetworkTimeUpdateThreshold
+
+Specify the difference (in number of seconds) between the NITZ information and the current device time before a device time update is triggered.
+
+## NTPEnabled
+
+Set to **True** to enable the NTP client and to **False** to disable the NTP client.
## NTPRegularSyncInterval
@@ -43,3 +60,14 @@ ntpserver1.contoso.com;ntpserver2.fabrikam.com;ntpserver3.contoso.com
```
The list should contain one or more server names. The default NTP source server value is `time.windows.com`.
+
+
+
+
+
+## PreferredSlot
+
+Specify which UICC slot will be preferred for NITZ handling on a C+G dual SIM phone.
+
+- Set to `0` to use the UICC in Slot 0 for NITZ handling.
+- Set to '1' to use the UICC in Slot 1 for NITZ handling.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 823dfa407e..59c881e8d5 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# Browser (Windows Configuration Designer reference)
@@ -19,7 +19,7 @@ Use to configure browser settings that should only be set by OEMs who are part o
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [Favorites](#favorites) | | X | | | |
-| [PartnerSearchCode](#partnersearchcode) | X | X | X | X | |
+| [PartnerSearchCode](#partnersearchcode) | X | X | X | | |
| [SearchProviders](#searchproviders) | | X | | | |
## Favorites
diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md
index 9870b6d32e..d99f8c29e0 100644
--- a/windows/configuration/wcd/wcd-calling.md
+++ b/windows/configuration/wcd/wcd-calling.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/21/2017
+ms.date: 04/23/2018
---
# Calling (Windows Configuration Designer reference)
@@ -28,13 +28,33 @@ Use to configure settings for Calling.
See [Branding for phone calls](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/branding-for-phone-calls).
+## CallIDMatchOverrides
+
+Enter a GEOID, select **Add**, and then enter the number of digits for matching caller ID.
+
+For a list of GEOID codes and default number of digits for each country/region, see [Overriding the OS default minimu number of digits for caller ID matching](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/caller-id-matching#a-href-idoverriding-os-default-min-number-digitsaoverriding-the-os-default-minimum-number-of-digits-for-caller-id-matching).
+
+## CauseCodeRegistrationTable
+
+See [Cause codes](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/cause-codes).
+
+
+## CDMAHeuristics
+
+CDMA Heuristics (on by default) makes CDMA calling more user-friendly by exposing an interface that supports multiple calls with call waiting, swapping, and three-way calling.
+
+For **CDMAPriorityCallPrefix**, enter a custom call prefix that would allow the user to override an ongoing call with a remote party mostly used in emergency services and law enforcement.
+
+Set **DisableCdmaHeuristics** to **True** to disable the built-in heuristics.
+
+
## PartnerAppSupport
See [Dialer codes to launch diagnostic applications](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/dialer-codes-to-launch-diagnostic-applications).
## PerSimSettings
-Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, click Add, and then configure the folowing settings.
+Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, select **Add**, and then configure the folowing settings.
### Critical
@@ -48,34 +68,84 @@ SimOverrideVoicemailNumber | Mobile operators can override the voicemail number
Setting | Description
--- | ---
+AllowMixedAudioVideoConferencing | Set as **True** to enable audio and video calls in the same conference.
AllowVideoConferencing | Set as **True** to enable the ability to conference video calls.
+AutoDismissUssedWaitingDialog | Set as **True** to enable automatic dismissal of "Waiting" dialog on USSD session termination.
+CallerIdBlockingPrefixList | Enter a list of prefixes which will not see the caller ID. Use a semicolon (;) as a delimiter.
DefaultCallerIdSetting | Configure the default setting for caller ID. Select between `No one`, `Only contacts`, `Every one`, and `Network default`. If set to `Network default`, set `ShowCallerIdNetworkDefaultSetting` to **True**.
DefaultEnableVideoCalling | Set as **True** to enable LTE video calling as the default setting.
+DefaultEnableVideoCapability | Set as **True** to enable LTE video capability sharing as the default setting.
+EnableSupplementaryServiceEraseToDeactivateOverride | Enables conversion of supplementary service erase commands to deactivate commands.
+IgnoreCallerIdBlockingPrefix | DO NOT USE
IgnoreMWINotifications | Set as **True** to configure the voicemail system so the phone ignores message waiting indicator (MWI) notifications.
+IgnoreProhibitedDialingPrefix | Ignore prohibited dialing prefix. An OEM/MO can specify a certain set of strings by region that when dialed will block a user's caller ID from being displayed on the device receiving the call. The list is separated by semicolon. This setting does not apply beyond Windows 10, version 1709.
IgnoreUssdExclusions | Set as **True** to ignore Unstructured Supplementary Service Data (USSD) exclusions.
+ProhibitedDialingPrefixList | A semicolon delimited list of previxes that are prohibited from being dialed.
ResetCallForwarding | When set to **True**, user is provided with an option to retry call forwarding settings query.
ShowCallerIdNetworkDefaultSetting | Indicates whether the network default setting can be allowed for outgoing caller ID.
ShowVideoCallingSwitch | Use to specify whether to show the video capability sharing switch on the mobile device's Settings screen.
+ShowVideoCapabilitySwitch | Configure the phone settings to show the video capability sharing switch.
SupressVideoCallingChargesDialog | Configure the phone settings CPL to supress the video calling charges dialog.
UssdExclusionList | List used to exclude predefined USSD entries, allowing the number to be sent as standard DTMF tones instead. Set UssdExclusionList to the list of desired exclusions, separated by semicolons. For example, setting the value to 66;330 will override 66 and 330. Leading zeros are specified by using F. For example, to override code 079, set the value to F79. If you set UssdExclusionList, you must set IgnoreUssdExclusions as well. Otherwise, the list will be ignored. See [List of USSD codes](#list-of-ussd-codes) for values.
WiFiCallingOperatorName | Enter the operator name to be shown when the phone is using WiFi calling. If you don't set a value for WiFiCallingOperatorName, the device will always display **SIMServiceProviderName Wi-Fi**, where *SIMServiceProviderName* is a string that corresponds to the SPN for the SIM on the device. If the service provider name in the SIM is not set, only **Wi-Fi** will be displayed.
+### HDAudio
+To customize call progress branding when a call is made using a specific audio codec, select the audio codec from the dropdown menu and select **Add**. Select the codec in **Available Customizations** and then enter a text string (up to 10 characters) to be used for call progress branding for calls using that codec. For more information, see [Use HD audio codec for call branding](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/use-hd-audio-codec-for-call-branding).
+
+### IMSSubscriptionUpdate
+
+These are Verizon/Sprint-only settings to allow the operator to send an OMA-DM update to the device with the given alert characteristics, which are defined between the mobile operator and OEM, which in turn will inform the device to turn on or off IMS.
+
+### RoamingNumberOverrides
+
+See [Dial string overrides when roaming](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/dial-string-overrides-when-roaming).
## PhoneSettings
Setting | Description
--- | ---
+AdjustCDMACallTime | Change the calculation of CDMA call duration to exclude the time before the call connects.
AssistedDialSetting | Turn off the international assist feature that helps users with the country codes needed for dialing international phone numbers.
CallIDMatch | Sets the number of digits that the OS will try to match against contacts for Caller ID. For any country/region that doesn't exist in the default mapping table, mobile operators can use this legacy CallIDMatch setting to specify the minimum number of digits to use for matching caller ID.
+CallRecordingOff | Indicates if call recording is turned off. Users will not see the call recording functionality when this is set to **True**.
+ConferenceCallMaximumPartyCount | Enter a number to limit the number of parties that can participate in a conference call.
ContinuousDTMFEnabled | Enable DTMF tone duration for as long as the user presses a dialpad key.
+DisableVideoUpgradeStoreNavigation | If there are no compatible video upgrade apps installed, tapping the video upgrade button will launch a dialog that will navigate to the Microsoft Store. If this option is enabled, it will show a dialog that informs the user that no video app is installed, but it will not navigate to the Microsoft Store.
DisableVoicemailPhoneNumberDisplay | Disable the display of the voicemail phone number below the Voicemail label in call progress dialog.
+DisplayNoDataMessageDuringCall | Display a message to the user indicating that there is no Internet connectivity during a phone call.
+DisplayNumberAsDialed | Display the outgoing number "as dialed" rather than "as connected".
+EnableVideoCalling | Set to **True** to enable video calling.
HideCallForwarding | Partners can hide the user option to turn on call forwarding. By default, users can decide whether to turn on call forwarding. Partners can hide this user option so that call forwarding is permanently disabled.
+HideSIMSecurityUI | Hide the SIM Security panel from phone Settings.
+LowVideoQualityTimeout | Configure the phone timer to automatically drop video when the quality is low, in milliseconds.
+MinTimeBetweenCallSwaps | Configure how often the user can swap between two active phone calls, in milliseconds.
+PromptVideoCallingCharges | Prompt user for charges associated with video calls.
ShowLongTones | Partners can make a user option visible that makes it possible to toggle between short and long DTMF tones, instead of the default continuous tones. By default, the phone supports Dual-Tone Multi-frequency (DTMF) with continuous tones. Partners can make a user option visible that makes it possible to toggle between short and long tones instead.
UseOKForUssdDialogs | OEMs can change the button label in USSD dialogs from **Close** (the default) to **OK**.
+UseVoiceDomainForEmergencyCallBranding | Use voice domain to decide whether to use **Emergency calls only** or **No service** in branding.
+VideoCallingChargesMessage | Enter text for the message informing the user about the charges associated with video calls.
+VideoCallingChargesTitle | Enter text for the title of the dialog informing the user about the charges associated with video calls.
+VideoCallingDescription | Enter text to describe the video calling feature.
+VideoCallingLabel | Enter text to describe the video calling toggle.
+VideoCapabilityDescription | Enter text to describe the video capability feature.
+VideoCapabilityLabel | Enter text to describe the video capability toggle.
+VideoTransitionTimeout | Enter the the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000.
VoLTEAudioQualityString | Partners can add a string to the call progress screen to indicate if the active call is a high quality voice over LTE (VoLTE). Set the value of VoLTEAudioQualityString to the string that you want to display in the call progress screen to indicate that the call is a VoLTE call. This string is combined with the PLMN so if the string is "VoLTE", the resulting string is "PLMN_String VoLTE". For example, the string displayed in the call progress screen can be "Litware VoLTE" if the PLMN_String is "Litware". The value you specify for VoLTEAudioQualityString must exceed 10 characters.
+## PhoneShellUI
+
+Setting | Description
+--- | ---
+EnableSoftwareProximitySensorMitigation | Enable software proximity sensor mitigation.
+
+## PhoneSmsFilter
+
+Setting | Description
+--- | ---
+AppId | Enter the app ID for your phone call/SMS filter application.
+
## SupplementaryServiceCodeOverrides
See [Dialer codes for supplementary services](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/dialer-codes-for-supplementary-services).
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index fa754b467b..934671ef78 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/21/2017
+ms.date: 04/23/2018
---
# CellCore (Windows Configuration Designer reference)
@@ -21,25 +21,22 @@ Use to configure settings for cellular data.
Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core
--- | :---: | :---: | :---: | :---: | :---:
- PerDevice: [CellConfigurations](#cellconfigurations) | | X | | |
- PerDevice: [CellData](#celldata) CellularFailover | X | X | | |
- PerDevice: [CellData](#celldata) MaxNumberOfPDPContexts | | X | | |
- PerDevice: [CellData](#celldata) ModemProfiles | | X | | |
- PerDevice: [CellData](#celldata) PersistAtImaging | | X | | |
- PerDevice: [CellUX](#cellux) | | X | | |
- PerDevice: [CGDual](#cgdual) | | X | | |
- PerDevice: [eSim](#esim) | X | X | | |
- PerDevice: [External](#external) | | X | | |
- PerDevice: [General](#general) | | X | | |
- PerDevice: [RCS](#rcs) | | X | | |
- PerDevice: [SMS](#sms) | X | X | | |
- PerDevice: [UIX](#uix) | | X | | |
+ PerDevice: [CellConfigurations](#cellconfigurations) | | X | | | |
+ PerDevice: [CellData](#celldata) | X | X | X | |
+ PerDevice: [CellUX](#cellux) | X | X | X | |
+ PerDevice: [CGDual](#cgdual) | | X | | |
+ PerDevice: [eSim](#esim) | X | X | X | |
+ PerDevice: [External](#external) | | X | | |
+ PerDevice: [General](#general) | | X | | |
+ PerDevice: [RCS](#rcs) | | X | | |
+ PerDevice: [SMS](#sms) | X | X | X | |
+ PerDevice: [UIX](#uix) | | X | | |
PerDevice: [UTK](#utk) | | X | | |
PerlMSI: [CellData](#celldata2) | | X | | |
PerIMSI: [CellUX](#cellux2) | | X | | |
PerIMSI: [General](#general2) | | X | | |
PerIMSI: [RCS](#rcs2) | | X | | |
- PerIMSI: [SMS](#sms2) | X | X | | |
+ PerIMSI: [SMS](#sms2) | X | X | X | |
PerIMSI: [UTK](#utk2) | | X | | |
PerIMSI: [VoLTE](#volte) | | X | | |
@@ -75,9 +72,11 @@ Setting | Description
--- | ---
APNAuthTypeDefault | Select between **Pap** and **Chap** for default APN authentication type.
APNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default APN IP type.
+Critical > ShowVoLTERoaming | Select **Yes** to show the VoLTE roaming control in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the control.
Critical > ShowVoLTEToggle | Select **Yes** to show the VoLTE toggle in the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to hide the toggle.
Disable2GByDefault | Select **Yes** to disable 2G by default. Select **No** to enable 2G.
Disabled2GNoticeDescription | Enter text to customize the notification for disabled 2G.
+EmbeddedUiccSlotId | ID for embedded UICC (eUICC) slot.
GenericWifiCallingErrorMessage | Enter text to customize the generic error message when a Wi-Fi calling error occurs.
Hide3GPP2ModeSelection | Select **Yes** to hide the **CDMA** option in the network **Mode** selection drop-down menu. Select **No** to show the **CDMA** option.
Hide3GPP2Selection | For 3GPP2 or CDMA phones, select **Yes** to hide the **Network Type** drop-down menu in the **SIM** settings screen. Select **No** to show **Network Type**.
@@ -118,6 +117,8 @@ ShowSpecificWifiCallingError | Select **Yes** to show a specific error message b
ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
+SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI.
+SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI.
SuppressDePersoUI | Select **Yes** to hide the perso unlock UI.
@@ -179,6 +180,7 @@ DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roamin
DisableSystemTypeSupport | Enter the system types to be removed.
DTMFOffTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), of the pause between DTMF digits. For example, a value of 120 specifies 0.12 seconds.
DTMFOnTime | Sets the length of time, in milliseconds (between 64 and 1000 inclusive), to generate the DTMF tone when a key is pressed. For example, a value of 120 specifies 0.12 seconds.
+EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.
ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
ExcludedSystemTypesPerOperator | Exclude specified system types from SIM cards that match the MCC:MNC pairs listed in **OperatorListForExcludedSystemTypes**. This setting is used only for China. Set the value to match the system type to be excluded. For more information about the RIL system types, see [RILSYSTEMTYPE](https://msdn.microsoft.com/library/windows/hardware/dn931143.aspx). For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, the ExcludedSystemTypesPerOperator value must be set to 0x18 to limit the matching MCC:MNC pairs to 2G.
LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
@@ -218,10 +220,13 @@ IncompleteMsgDeliverySeconds | Set the value, in seconds, for long to wait for a
MessageExpirySeconds | Partners can set the expiration time before the phone deletes the received parts of a long SMS message. For example, if the phone is waiting for a three-part SMS message and the first part has been received, the first part will be deleted when the time expires and the other part of the message has not arrived. If the second part of the message arrives before the time expires, the first and second parts of the message will be deleted if the last part does not arrive after the time expires. The expiration time is reset whenever the next part of the long message is received. Set MessageExpirySeconds to the number seconds that the phone should wait before deleting the received parts of a long SMS messages. This value should be in hexadecimal and must be prefixed with 0x. The default value is 0x15180, which is equivalent to 1 day or 86,400 seconds.
SmsFragmentLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsFragmentLimit to set the maximum number of bytes in the user data body of an SMS message. You must set the value between 16 (0x10) and 140 (0x8C). You must also use SmsPageLimit to set the maximum number of segments in a concatenated SMS message.
SmsPageLimit | Partners can specify a maximum length for SMS messages. This requires setting both the maximum number of SMS fragments per SMS message, from 1 to 255, and the maximum size in bytes of each SMS fragment, from 16 to 140 bytes. Use SmsPageLimit to set the maximum number of segments in a concatenated SMS message. You must set the value to 255 (0xFF) or smaller. You must also use SmsFragmentLimit to set the maximum number of bytes in the body of the SMS message.
+SmsStoreDeleteSize | Set the number of messages that can be deleted when a "message full" indication is received from the modem.
SprintFragmentInfoInBody | Partners can enable the messaging client to allow users to enter more than 160 characters per message. Messages longer than 160 characters are sent as multiple SMS messages that contain a tag at the beginning of the message in the form "(1/2)", where the first number represents the segment or part number and the second number represents the total number of segments or parts. Multiple messages are limited to 6 total segments. When enabled, the user cannot enter more characters after the 6 total segments limit is reached. Any message received with tags at the beginning is recombined with its corresponding segments and shown as one composite message.
Type3GPP > ErrorHandling > ErrorType | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error type that you added as **Transient Failure** or **Permanent Failure**.
Type3GPP > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
-Type3GPP > IMS > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.
+Type3GPP > IMS > AttemptThresholdForIMS | Set the maximum number of tries to send SMS on IMS.
+Type3GPP > IMS > RetryEnabled | Configure whether to enable one automatic retry after failure to send over IMS.
+Type 3GPP > SmsUse16BitReferenceNumbers | Configure whether to use 8-bit or 16-bit message ID (reference number) in the UDH.
Type3GPP2 > ErrorHandling > FriendlyErrorClass | Enter a name for ERRORCODE3GPP2, and click **Add**. Configure the error class that you added as **generic error**, **invalid recepient address**, or **network connectivity trouble**.
Type3GPP2 > ErrorHandling > UseReservedAsPermanent | Set the 3GPP2 permanent error type.
@@ -298,7 +303,7 @@ HideLTEAttachAPN | Select **Yes** to hide the **LTE attach APN** button on the *
HideMMSAPN | Select **Yes** to hide the **add mms apn** button on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **add mms apn** button.
HideMMSAPNIPType | Select **Yes** to hide the APN IP type selector on the MMS APN page. Select **No** to show the APN IP type selector.
HideModeSelection | Select **Yes** to hide the **Network Mode selection** drop-down menu on the **Settings** > **Cellular+SIM** > **SIM** settings page. Select **No** to show the **Network Mode selection**.
-HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI.
+HidePersoUnlock | Select **Yes** to hide the Perso unlock UI. Select **No** to show the Perso unlock UI. (Removed in Windows 10, version 1803.)
HighestSpeed2G | You can customize the listed names of the connection speeds with their own character codes. To modify "2G" to another character code, change the value of HighestSpeed2G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3G | You can customize the listed names of the connection speeds with their own character codes. To modify "3G" to another character code, change the value of HighestSpeed3G. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
HighestSpeed3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "3G Only" to another character code, change the value of HighestSpeed3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.
@@ -318,6 +323,9 @@ ShowSpecificWifiCallingError | Select **Yes** to show a specific error message b
ShowViewAPN | Select **Yes** to show the **View Internet APN** button in **Settings** > **cellular+SIM**.
ShowWifiCallingEmergencyCallWarning | Select **Yes** to show Wi-Fi emergency call warning.
ShowWifiCallingError | Select **Yes** to show Wi-Fi calling error message.
+SlotSelectionSim1Name | Enter text for the name of SIM 1 in slot selection UI. (Removed in Windows 10, version 1803.)
+SlotSelectionSim2Name | Enter text for the name of SIM 2 in slot selection UI. (Removed in Windows 10, version 1803.)
+SuppressDePersoUI | Suppress DePerso UI to unlock Perso. (Removed in Windows 10, version 1803.)
@@ -336,13 +344,14 @@ CardLock | Used to enforce either the card allow list or both the card allow and
Critical > MultivariantProvisionedSPN | Used to change the default friendly SIM names in dual SIM phones. By default, the OS displays SIM 1 or SIM 2 as the default friendly name for the SIM in slot 1 or slot 2 if the service provider name (SPN) or mobile operator name has not been set. Partners can use this setting to change the default name read from the SIM to define the SPN for SIM cards that do not contain this information or to generate the default friendly name for the SIM. The OS uses the default value as the display name for the SIM or SPN in the Start screen and other parts of the UI including the SIM settings screen. For dual SIM phones that contain SIMs from the same mobile operator, the names that appear in the UI may be similar. See [Values for MultivariantProvisionedSPN](#spn).
Critical > SimNameWithoutMSISDNENabled | Use this setting to remove the trailing MSISDN digits from the service provider name (SPN) in the phone UI. By default, the OS appends the trailing MSISDN digits to the service provider name (SPN) in the phone UI, including on the phone and messaging apps. If required by mobile operators, OEMs can use the SimNameWithoutMSISDNEnabled setting to remove the trailing MSISDN digits. However, you must use this setting together with **MultivariantProvisionedSPN** to suppress the MSISDN digits.
DisableLTESupportWhenRoaming | Set to **Yes** to disable LTE support when roaming.
+EnableIMSWhenRoaming | Set to **Yes** to enable IMS when roaming.
ExcludedSystemTypesByDefault | Set the default value for **Highest connection speed** in the **Settings** > **Cellular & SIM** > **SIM** screen by specifying the bitmask for any combination of radio technology to be excluded from the default value. The connection speed that has not been excluded will show up as the highest connection speed. On dual SIM phones that only support up to 3G connection speeds, the **Highest connection speed** option is replaced by a 3G on/off toggle based on the per-device setting. Enter the binary setting to exclude 4G (`10000`) or 3G (`01000`).
LTEEnabled | Select **Yes** to enable LTE, and **No** to disable LTE.
LTEForced | Select **Yes** to force LTE.
NetworkSuffix | To meet branding requirements for some mobile operators, you can add a suffix to the network name that is displayed on the phone. For example, you can change from ABC to ABC 3G when under 3G coverage. This feature can be applied for any radio access technology (RAT). For TD-SCDMA RAT, a 3G suffix is always appended by default, but partners can also customize this the same way as with any other RAT. In the setting name, set SYSTEMTYPE to the network type that you want to append the network name to and click **Add**:- system type 4: 2G (GSM)- system type 8: 3G (UMTS)- system type 16: LTE- system type 32: 3G (TS-SCDMA)Select the system type that you added, and enter the network name and suffix that you want displayed.
NitzFiltering | For mobile networks that can receive Network Identity and Time Zone (NITZ) information from multiple sources, partners can set the phone to ignore the time received from an LTE network. Time received from a CDMA network is not affected. Set the value of NitzFiltering to `0x10`.
-OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030.
-OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.
+OperatorListForExcludedSystemTypes | Enter a comma-separated list of MCC and MNC (MCC:MNC) for which system types should be restricted. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can specify the MCC and MNC of other specific operators that the main mobile operator wishes to limit. If the UICC's MCC and MNC matches any of the pairs that OEMs can specify for the operator, a specified RIL system type will be removed from the UICC regardless of its app types, slot position, or executor mapping. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. Set the value of the OperatorListForExcludedSystemTypes setting a comma separated list of MCC:MNC pairs for which the system types should be restricted. For example, the value can be set to 310:026,310:030 to restrict operators with an MCC:MNC of 310:026 and 310:030. (Removed in Windows 10, version 1803.)
+OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator. (Removed in Windows 10, version 1803.)
SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index c7e3a5d70c..c37e8b2381 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 10/09/2017
+ms.date: 04/23/2018
---
# Connections (Windows Configuration Designer reference)
@@ -18,7 +18,7 @@ Use to configure settings related to various types of phone connections.
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | X | X | X | X | |
+| All settings | X | X | X | | |
For each setting group:
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 0073f13e81..a51c0a8ea4 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 01/10/2018
+ms.date: 04/23/2018
---
# ConnectivityProfiles (Windows Configuration Designer reference)
@@ -18,11 +18,11 @@ Use to configure profiles that a user will connect with, such as an email accoun
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [Email](#email) | X | X | X | X | X |
-| [Exchange](#exchange) | X | X | X | X | X |
-| [KnownAccounts](#knownaccounts) | X | X | X | X | X |
+| [Email](#email) | X | X | X | | X |
+| [Exchange](#exchange) | X | X | X | | X |
+| [KnownAccounts](#knownaccounts) | X | X | X | | X |
| [VPN](#vpn) | X | X | X | X | X |
-| [WiFiSense](#wifisense) | X | X | X | X | X |
+| [WiFiSense](#wifisense) | X | X | X | | X |
| [WLAN](#wlan) | X | X | X | X | X |
## Email
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index cea28f29ea..0a883e0e0d 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# CountryAndRegion (Windows Configuration Designer reference)
@@ -18,6 +18,6 @@ Use to configure a setting that partners must customize to ship Windows devices
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| CountryCodeForExtendedCapabilityPrompts | X | X | X | X | |
+| CountryCodeForExtendedCapabilityPrompts | X | X | X | | |
You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone).
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index 5651da1065..76e200ca6a 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# DeviceFormFactor (Windows Configuration Designer reference)
@@ -18,7 +18,7 @@ Use to identify the form factor of the device.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| DeviceForm | X | X | X | X | |
+| DeviceForm | X | X | X | | |
Specifies the device form factor running Windows 10. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization.
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 48555e434c..eb4e7cf0d4 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/21/2017
+ms.date: 04/23/2018
---
# DeviceManagement (Windows Configuration Designer reference)
@@ -18,10 +18,10 @@ Use to configure device management settings.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [Accounts](#accounts) | X | X | X | X | |
-| [PGList](#pglist) | X | X | X | X | |
-| [Policies](#policies) | X | X | X | X | |
-| [TrustedProvisioningSource](#trustedprovisioningsource) | X | X | X | X | |
+| [Accounts](#accounts) | X | X | X | | |
+| [PGList](#pglist) | X | X | X | | |
+| [Policies](#policies) | X | X | X | | |
+| [TrustedProvisioningSource](#trustedprovisioningsource) | X | X | X | | |
## Accounts
@@ -76,12 +76,12 @@ The following table describes the settings you can configure for **Policies**.
| Setting | Description |
| --- | --- |
| MMS > MMSMessageRoles | Select between **SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**. If a message contains at least one of the roles in the selected role mask, then the message is processed. |
-| OMACP > NetwpinRoles | Select a policy role to specify whether OMA network PIN-signed messages will be accepted. OMA Client Provisioning Network PIN policy determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**.**Note** IMSI-based NETWPIN and USERNETWPIN may not work for dual SIM phones. The OMA-CP authentication provider only uses the IMSI from executor 0 (the current, active data SIM) when hashing these messages. OMA-CP payloads targeting executor 1 are rejected by the phone. For more information about executors, see Dual SIM. |
-| OMACP > UsernetwpinRoles | Select a policy role to specify whether the OMA user network PIN-signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**.**Note** IMSI-based NETWPIN and USERNETWPIN may not work for dual SIM phones. The OMA-CP authentication provider only uses the IMSI from executor 0 (the current, active data SIM) when hashing these messages. OMA-CP payloads targeting executor 1 are rejected by the phone. For more information about executors, see Dual SIM. |
-| OMACP > UserpinRoles | Select a policy role to specify whether the OMA user PIN or user MAC signed message will be accepted. OMA Client Provisioning User PIN policy determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**. |
+| OMACP > NetwpinRoles | (Window 10, version 1709 and earlier only) Select a policy role to specify whether OMA network PIN-signed messages will be accepted. OMA Client Provisioning Network PIN policy determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**.**Note** IMSI-based NETWPIN and USERNETWPIN may not work for dual SIM phones. The OMA-CP authentication provider only uses the IMSI from executor 0 (the current, active data SIM) when hashing these messages. OMA-CP payloads targeting executor 1 are rejected by the phone. For more information about executors, see Dual SIM. |
+| OMACP > UsernetwpinRoles | (Window 10, version 1709 and earlier only) Select a policy role to specify whether the OMA user network PIN-signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**.**Note** IMSI-based NETWPIN and USERNETWPIN may not work for dual SIM phones. The OMA-CP authentication provider only uses the IMSI from executor 0 (the current, active data SIM) when hashing these messages. OMA-CP payloads targeting executor 1 are rejected by the phone. For more information about executors, see Dual SIM. |
+| OMACP > UserpinRoles | (Window 10, version 1709 and earlier only) Select a policy role to specify whether the OMA user PIN or user MAC signed message will be accepted. OMA Client Provisioning User PIN policy determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.Available roles are: **SECROLE_OPERATOR_TIPS**, **SECROLE_KNOWN_PPG**, **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, **SECROLE_OPERATOR_TPS_OR_SECROLE_ANY_PUSH_SOURCE**, **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_OPERATOR_TPS_OR_SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**. |
| SISL > ServiceIndicationRoles | Specify the security roles that can accept SI messages. Service Indication (SI) Message policy indicates whether SI messages are accepted by specifying the security roles that can accept SI messages. An SI message is sent to the phone to notify users of new services, service updates, and provisioning services.Available roles are: **SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**. |
| SISL > ServiceLoadingRoles | Specify the security roles that can accept SL messages. Service Loading (SL) Message policy indicates whether SL messages are accepted by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the phone.Available roles are: **SECROLE_KNOWN_PPG**, **SECROLE_ANY_PUSH_SOURCE**, and **SECROLE_KNOWN_PPG_OR_SECROLE_ANY_PUSH_SOURCE**. |
-
+| WSP > WSPPushAllowed | Indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.
## TrustedProvisioningSource
In **PROVURL**, enter the URL for a Trusted Provisioning Server (TPS).
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index 991cf820c1..ac2b86436b 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# DMClient (Windows Configuration Designer reference)
@@ -18,7 +18,7 @@ Use to specify enterprise-specific mobile device management configuration settin
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| UpdateManagementServiceAddress | X | X | X | X | X |
+| UpdateManagementServiceAddress | X | X | X | | X |
For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions.
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 7cf47f5528..e8772b4c44 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# EditionUpgrade (Windows Configuration Designer reference)
@@ -18,9 +18,9 @@ Use to upgrade the edition of Windows 10 on the device. [Learn about Windows 10
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [ChangeProductKey](#changeproductkey) | X | X | | X | |
+| [ChangeProductKey](#changeproductkey) | X | X | | | |
| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | X | X | | X | |
-| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | X | X | | X | |
+| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | X | X | | | |
## ChangeProductKey
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index a28f6531bc..66c76f7446 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -7,10 +7,24 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# FirstExperience (Windows Configuration Designer reference)
-Do not configure **FirstExperience** in provisioning packages at this time. These settings will be available to configure the out-of-box experience (OOBE) to set up HoloLens in a future release.
+Use these settings to configure the out-of-box experience (OOBE) to set up HoloLens.
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | | | | X | |
+
+Setting | Description
+--- | ---
+PreferredRegion | Enter the [geographical location identifier](https://msdn.microsoft.com/library/windows/desktop/dd374073.aspx) for the region.
+PreferredTimezone | Enter the timezone. [Microsoft Time Zone Index Values](https://msdn.microsoft.com/library/ms912391.aspx)
+SkipCalibration | Initial setup of HoloLens includes a calibration step. Set to **True** to skip calibration.
+SkipTraining | Initial setup of HoloLens includes training on how to perform the gestures to operate HoloLens. Set to **True** to skip training.
+SkipWifi | Set to **True** to skip connecting to a Wi-fi network.
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index b2eff878f5..d006f87a77 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# Folders (Windows Configuration Designer reference)
@@ -18,6 +18,6 @@ Use to add files to the device.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| PublicDocuments | X | X | X | X | |
+| PublicDocuments | X | X | X | | |
Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index b94a37b66d..1d3a431a35 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/14/2017
+ms.date: 04/23/2018
---
# HotSpot (Windows Configuration Designer reference)
@@ -47,6 +47,17 @@ If Enabled is initially set to **True**, the feature is turned off and the inter
When Enabled is set to **False**, the internet sharing screen is added to Settings, although sharing is turned off by default until the user turns it on.
+## EntitlementDll
+
+Enter the path to the entitlement DLL used to make entitlement checks that verify that the device is entitled to use the Internet sharing service on a mobile operator's network.
+
+## EntitlementInterval
+
+Enter the time interval, in seconds, between entitlement checks.
+
+## EntitlementRequired
+
+Specify whether the device requires an entitlement check to determine if Internet sharing should be enabled.
## MaxBluetoothUsers
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index 62fc500f1b..48c957fe90 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# Maps (Windows Configuration Designer reference)
@@ -18,9 +18,9 @@ Use for settings related to Maps.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [ChinaVariantWin10](#chinavariantwin10) | X | X | X | X | |
-| [UseExternalStorage](#useexternalstorage) | X | X | X | X | |
-| [UseSmallerCache](#usesmallercache) | X | X | X | X | |
+| [ChinaVariantWin10](#chinavariantwin10) | X | X | X | | |
+| [UseExternalStorage](#useexternalstorage) | X | X | X | | |
+| [UseSmallerCache](#usesmallercache) | X | X | X | | |
## ChinaVariantWin10
diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md
index 1e7444531d..0a988510a7 100644
--- a/windows/configuration/wcd/wcd-messaging.md
+++ b/windows/configuration/wcd/wcd-messaging.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/21/2017
+ms.date: 04/23/2018
---
# Messaging (Windows Configuration Designer reference)
@@ -42,6 +42,10 @@ When configured as **True**, you set a LIFO message order. When configured as **
Enable this setting to allow custom line setup dialogs in the Messaging app.
+### ExtractPhoneNumbersInStrings"
+
+Set as **True** to tag any 5-or-more digit number as a tappable phone number.
+
### ShowSendingStatus
>[!NOTE]
@@ -88,7 +92,7 @@ AllowMmsIfDataIsOffWhileRoaming | **True** allows MMS if data is off while roami
### AllowSelectAllContacts
>[!NOTE]
->This setting is removed in Windows 10, version 1709.
+>This setting is removed in Windows 10, version 1709, and later.
Set to **True** to show the select all contacts/unselect all menu option to allow users to easily select multiple recipients for an SMS or MMS message. This menu option provides users with an easier way to add multiple recipients and may also meet a mandatory requirement for some mobile operator networks.
@@ -144,6 +148,7 @@ CmasAMBERAlertEnabled | **True** enables the device to receive AMBER alerts
CmasExtremeAlertEnabled | **True** enables the device to receive extreme alerts
CmasSevereAlertEnabled | **True** enables the device to receive severe alerts
EmOperatorEnabled | Select which Emergency Alerts Settings page is displayed from dropdown menu
+EtwsSoundEnabled | Set to **True** to play Earthquake & Tsunami Warning System (ETWS) sound during alert.
SevereAlertDependentOnExtremeAlert | When set as **True**, the CMAS-Extreme alert option must be on to modify CMAS-Severe alert option
@@ -160,21 +165,29 @@ AutoRetryDownload | You can configure the messaging app to automatically retry d
BroadcastChannels | You can specify one or more ports from which the device will accept cellular broadcast messages. Set the BroadcastChannels value to the port number(s) that can accept cellular broadcast messages. If you specify the same port that Windows 10 Mobile already recognizes as an Emergency Alert port (a CMAS or ETWS port number) and a cell broadcast message is received on that port, the user will only receive the message once. The message that is received will be displayed as an Emergency Alert message.
ConvertLongSMStoMMS | For networks that do support MMS and do not support segmentation of SMS messages, you can specify an automatic switch from SMS to MMS for long messages.
DefaultContentLocationUrl | For networks that require it, you can specify the default GET path within the MMSC to use when the GET URL is missing from the WAP push MMS notification. Set DefaultContentLocationUrl to specify the default GET path within the MMSC.
+EarthquakeMessageString | To override the Primary Earthquake default message, specify the EarthquakeMessageString setting value. This string will be used regardless of what language is set on the device.
+EarthquakeTsunamiMessageString| To override the Primary Tsunami and Earthquake default message, specify the EarthquakeTsunamiMessageString setting value. This string will be used regardless of what language is set on the device.
ErrorCodeEnabled | You can choose to display additional content in the conversation view when an SMS or MMS message fails to send. This content includes a specific error code in decimal format that the user can report to technical support. Common errors also include a friendly string to help the user self-diagnose and fix the problem. Set to **True** to display the error message with an explanation of the problem and the decimal-format error codes. When set to **False**, the full error message is not displayed.
+EtwsSoundFileName | Set the value to the name of a sound file.
HideMediumSIPopups | By default, when a service indication message is received with a signal-medium or signal-high setting, the phone interrupts and shows the user prompt for these messages. However, you can hide the user prompts for signal-medium messages.
ImsiAuthenticationToken | Configure whether MMS messages include the IMSI in the GET and POST header. Set ImsiAuthenticationToken to the token used as the header for authentication. The string value should match the IMSI provided by the UICC.
LimitRecipients | Set the maximum number of recipients to which a single SMS or MMS message can be sent. Enter a number between 1 and 500 to limit the maximum number of recipients.
MaxRetryCount | You can specify the number of times that the phone can retry sending the failed MMS message and photo before the user receives a notification that the photo could not be sent. Specify MaxRetryCount to specify the number of times the MMS transport will attempt resending the MMS message. This value has a maximum limit of 3.
MMSLimitAttachments | You can specify the maximum number of attachments for MMS messages, from 1 to 20. The default is 5.
+NIInfoEnabled | NIInfoEnabled
+ProxyAuthorizationToken | See [Proxy authorization for MMS.](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/proxy-authorization-for-mms)
RetrySize | For MMS messages that have photo attachments and that fail to send, you can choose to automatically resize the photo and attempt to resend the message. Specify the maximum size to use to resize the photo in KB. Minimum is 0xA (10 KB).
SetCacheControlNoTransform | When set, proxies and transcoders are instructed not to change the HTTP header and the content should not be modified. A value of 1 or 0x1 adds support for the HTTP header Cache-Control No-Transform directive. When the SetCacheControlNoTransform``Value is set to 0 or 0x0 or when the setting is not set, the default HTTP header Cache-Control No-Cache directive is used.
ShowRequiredMonthlyTest | **True** enables devices to receive CMAS Required Monthly Test (RMT) messages and have these show up on the device. **False** disables devices from receiving CMAS RMT messages.
+SIProtocols | Additional supported service indication protocol name.
SmscPanelDisabled | **True** disables the short message service center (SMSC) panel.
SMStoSMTPShortCode | Use to configure SMS messages to be sent to email addresses and phone numbers. `0` disables sending SMS messages to SMTP addresses. `1` enables sending SMS messages to SMTP addresses.
TargetVideoFormat | You can specify the transcoding to use for video files sent as attachments in MMS messages. Set TargetVideoFormat to one of the following values to configure the default transcoding for video files sent as attachments in MMS messages:- 0 or 0x0 Sets the transcoding to H.264 + AAC + MP4. This is the default set by the OS.- 1 or 0x1 Sets the transcoding to H.264 + AAC + 3GP.- 2 or 0x2 Sets the transcoding to H.263 + AMR.NB + 3GP.- 3 or 0x3 Sets the transcoding to MPEG4 + AMR.NB + 3GP.
+TsunamiMessageString | To override the Primary Tsunami default message, specify the TsunamiMessageString setting value. This string will be used regardless of what language is set on the device.
UAProf | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phone’s hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC. There are two ways to correlate a user agent profile with a given phone:- You can take the user agent string of the phone that is sent with MMS requests and use it as a hash to map to the user agent profile on the MMSC. The user agent string cannot be modified.- Alternatively, you can directly set the URI of the user agent profile on the phone.Set UAProf to the full URI of your user agent profile file. Optionally, you can also specify the custom user agent property name for MMS that is sent in the header by setting UAProfToken to either `x-wap-profile` or `profile`.
UAProfToken | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phone’s hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
UseDefaultAddress | By default, the MMS transport sends an acknowledgement to the provisioned MMS application server (MMSC). However, on some networks, the correct server to use is sent as a URL in the MMS message. In that case, a registry key must be set, or else the acknowledgement will not be received and the server will continue to send duplicate messages. **True** enables some networks to correctly acknowledge MMS messages. **False** disables the feature.
+UseInsertAddressToken | Use insert address token or local raw address.
UserAgentString | Set UserAgentString to the new user agent string for MMS in its entirely. By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber WindowsPhoneOS/OSVersion-buildNumber OEM-deviceName, in which the italicized text is replaced with the appropriate values for the phone.
UseUTF8ForUnspecifiedCharset | Some incoming MMS messages may not specify a character encoding. To properly decode MMS messages that do not specify a character encoding, you can set UTF-8 to decode the message.
WapPushTechnology | For networks that require non-standard handling of single-segment incoming MMS WAP Push notifications, you can specify that MMS messages may have some of their content truncated and that they may require special handling to reconstruct truncated field values. `1` or `0x1` enables MMS messages to have some of their content truncated. `0` or `0x0` disables MMS messages from being truncated
@@ -222,9 +235,14 @@ Set options for Rich Communications Services (RCS).
| Setting | Description |
| --- | --- |
+RcsAllowLeaveClosedGroupChats | Whether or not to allow users to leave closed group chats.
| RcsEnabled | Toggle to enable/disable RCS service. Set to **True** to enable. |
| RcsFileTransferAutoAccept | Set to **True** to auto-accept RCS incoming file transfer if the file size is less than warning file size.|
+RcsFiletransferAutoAcceptWhileRoaming | Auto-accept RCS incoming file transfer when the file size is less than the warning file size while roaming.
+RcsGroupChatCreationMode | The mode used to create new RCS group chats.
+RcsGroupChatCreationgThreadingMode | The mode used to thread newly created RCS group chats.
| RcsSendReadReceipt | Set to **True** to send read receipt to the sender when a message is read. |
+RcsTimeWindowsAfterSelfLeave | After RCS receives a self-left message, it will ignore messages during this time (in milliseconds), except self-join.
| ShowRcsEnabled | Set to **True** to show the toggle for RCS activation. |
@@ -262,6 +280,20 @@ Set TargetVideoFormat to one of the following values to configure the default tr
| 3 or 0x3 | Sets the transcoding to MPEG4 + AMR.NB + 3GP. |
+### TaiwanAlertOptions
+
+Set options for Taiwan Emergency Alerts system. For more information, see [Emergency notifications](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/emergency-notifications#taiwan-alerts).
+
+
+Setting | Description
+--- | ---
+TaiwanAlertEnabled | Receive Taiwan alerts.
+TaiwanEmergencyAlertEnabled | Receive Taiwan emergency alerts.
+TaiwanPresidentialAlertEnabled | Receive Taiwan Presidential alerts.
+TaiwanRequiredMonthlytestEnabled | Receive Taiwan Required Monthly Test alerts.
+
+
+
### UAProf
>[!NOTE]
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 25f5b58fc5..16c5d27391 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 10/16/2017
+ms.date: 04/23/2018
---
# Policies (Windows Configuration Designer reference)
@@ -26,7 +26,7 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAddingNonMicrosoftAccountManually](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | X | X | | | |
-| [AllowMicrosoftAccountConnection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | X | X | | | |
+| [AllowMicrosoftAccountConnection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | X | X | | X | |
| [AllowMicrosoftAccountSigninAssistant](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | X | X | | | |
| [DomainNamesForEmailSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | X | X | | | |
@@ -77,53 +77,61 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowAdvertising](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | X | X | X | X | X |
| [AllowDiscoverableMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | X | X | X | X | X |
| [AllowPrepairing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | X | X | X | | X |
-| [LocalDeviceName](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | | X |
-| [ServicesAllowedList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | | X | |
+| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | X | X | X | X | X |
+| [LocalDeviceName](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | X | X | X | X | X |
+| [ServicesAllowedList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | X | X | X | X | |
## Browser
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAddressBarDropdown](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | X | | | | |
-| [AllowAutofill](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | X | X | X | | |
-| [AllowBrowser](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device. | | X | | | |
-| [AllowCookies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | X | X | X | | |
+| [AllowAutofill](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | X | X | X | X | |
+| [AllowBrowser](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device. | X | | | | |
+[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | X | | | | |
+| [AllowCookies](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | X | X | X | X | |
| [AllowDeveloperTools](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | X | | | | |
-| [AllowDoNotTrack](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | X | X | X | | |
+| [AllowDoNotTrack](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | X | X | X | X | |
| [AllowExtensions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | X | | | | |
| [AllowFlash](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | X | | | | |
| [AllowFlashClickToRun](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | X | | | | |
-| [AllowInPrivate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | X | X | X | | |
+| [AllowInPrivate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | X | X | X | X | |
| [AllowMicrosoftCompatibilityList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | X | X | X | | |
-| [AllowPasswordManager](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | X | X | X | | |
-| [AllowPopups](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | X | | | | |
+| [AllowPasswordManager](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | X | X | X | X | |
+| [AllowPopups](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | X | | | X | |
| [AllowSearchEngineCustomization](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | X | | | | |
-| [AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | X | X | X | | |
-| [AllowSmartScreen](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | X | X | X | | |
+| [AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | X | X | X | X | |
+| [AllowSmartScreen](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | X | X | X | X | |
+[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | X | | | | |
| [ClearBrowsingDataOnExit](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | X | | | | |
| [ConfigureAdditionalSearchEngines](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | |
| [DisableLockdownOfStartPages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | X | | | | |
+[EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | X | | | | |
| [EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | X | | | | |
| [EnterpriseSiteListServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | X | | | | |
| [FirstRunURL](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | | X | | | |
| [HomePages](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | X | | | | |
+[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | X | | | | |
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | X | X | X | | |
| [PreventFirstRunPage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | X | | | | |
| [PreventLiveTileDataCollection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | X | X | X | | |
| [PreventSmartScreenPromptOverride](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. | X | X | X | | |
| [PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. | X | X | X | | |
+PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. | X | | | | |
| [PreventUsingLocalHostIPAddressForWebRTC](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | X | X | X | | |
+[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | X | | | | |
| [SendIntranetTraffictoInternetExplorer ](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | X | | | | |
| [SetDefaultSearchEngine](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | X | X | X | | |
-| [howMessageWhenOpeningSitesInInternetExplorer](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | X | | | | |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | X | | | | |
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | X | | | | |
+[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | X | | | | |
## Camera
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCamera](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | | |
+| [AllowCamera](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | X | |
## Connectivity
@@ -218,15 +226,15 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowIdleReturnWithoutPassword](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | X | | | |
| [AllowScreenTimeoutWhileLockedUserConfig](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | X | | | |
-| [AllowSimpleDevicePassword](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | X | X | | | |
-|[AlphanumericDevicePasswordRequired](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | X | X | | | |
-| [DevicePasswordEnabled](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | X | X | | | |
-| [DevicePasswordExpiration](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | X | X | | | |
-| [DevicePasswordHistory](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | X | X | | | |
-| [MaxDevicePasswordFailedAttempts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | X | X | | | |
-| [MaxInactivityTimeDeviceLock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | X | X | | | |
-| [MinDevicePasswordComplexCharacters](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | X | X | | | |
-| [MinDevicePasswordLength](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | X | X | | | |
+| [AllowSimpleDevicePassword](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | X | X | | X | |
+|[AlphanumericDevicePasswordRequired](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | X | X | | X | |
+| [DevicePasswordEnabled](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | X | X | | X | |
+| [DevicePasswordExpiration](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | X | X | | X | |
+| [DevicePasswordHistory](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | X | X | | X | |
+| [MaxDevicePasswordFailedAttempts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | X | X | | X | |
+| [MaxInactivityTimeDeviceLock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | X | X | | X | |
+| [MinDevicePasswordComplexCharacters](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | X | X | | X | |
+| [MinDevicePasswordLength](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | X | X | | X | |
| [ScreenTimeoutWhileLocked](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | X | | | |
@@ -243,10 +251,10 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowCopyPaste](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | X | | | |
-| [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | X | X | | | |
+| [AllowCortana](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | X | X | | X | |
| [AllowDeviceDiscovery](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | X | X | | | |
| [AllowFindMyDevice](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | X | X | | | |
-| [AllowManualMDMUnenrollment](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | X | X | | | |
+| [AllowManualMDMUnenrollment](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | X | X | | X | |
| [AllowScreenCapture](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | X | | | |
| [AllowSIMErrorDialogPromptWhenNoSIM](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | X | | | |
| [AllowSyncMySettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | X | X | | | |
@@ -275,6 +283,20 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowAdvancedGamingServices](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | X | | | | |
+## KioskBrowser
+
+These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](https://docs.microsoft.com/windows/configuration/guidelines-for-assigned-access-app#guidelines-for-web-browsers).
+
+| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | :---: |
+[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X | | | | |
+[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | X | | | | |
+[DefaultURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | X | | | | |
+[EnableHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | X | | | | |
+[EnableNavigationButtons](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | X | | | | |
+[RestartOnIdleTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | X | | | | |
+
+
## Location
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
@@ -287,17 +309,19 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | X | | | |
-| [AllowInputPersonalization](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | X | X | | | |
+| [AllowInputPersonalization](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | X | X | | X | |
## Search
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
+[AllowCloudSearch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | X | X | | | |
+[AllowCortanaInAAD](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | X | | | | |
| [AllowIndexingEncryptedStoresOrItems](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | X | X | | | |
-| [AllowSearchToUseLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | X | X | | | |
+| [AllowSearchToUseLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | X | X | | X | |
| [AllowUsingDiacritics](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | X | X | | | |
-| AllowWindowsIndexer | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consuemrs | X | X | | | |
+| [AllowWindowsIndexer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consuemrs | X | X | | | |
| [AlwaysUseAutoLangDetection](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | X | X | | | |
| [DisableBackoff](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | X | X | | | |
| [DisableRemovableDriveIndexing](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | X | X | | | |
@@ -311,12 +335,12 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | X | X | X | X | X |
+| [AllowAddProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | X | X | X | | X |
| [AllowManualRootCertificateInstallation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | X | | | |
-| [AllowRemoveProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | X | X | X | X | X |
+| [AllowRemoveProvisioningPackage](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | X | X | X | | X |
| [AntiTheftMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | X | | | |
| [RequireDeviceEncryption](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | X | X | X | X | X |
-| [RequireProvisioningPackageSignature](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | X | X | X | X | X |
+| [RequireProvisioningPackageSignature](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | X | X | X | | X |
| [RequireRetrieveHealthCertificateOnBoot](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | X | X | | | |
## Settings
@@ -325,7 +349,7 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowAutoPlay](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | X | | | |
| [AllowDataSense](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | X | | | |
-| [AllowVPN](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | X | | | |
+| [AllowVPN](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | X | | X | |
| [ConfigureTaskbarCalendar](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | X | | | | |
[PageVisiblityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | X | | | | |
@@ -343,6 +367,7 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowPinnedFolderPictures](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | X | | | | |
| [AllowPinnedFolderVideos](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | X | | | | |
+DisableContextMenus | Prevent context menus from being invoked in the Start menu. | X | | | | |
| [ForceStartSize](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | X | | | | |
| [HideAppList](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | X | | | | |
| [HideChangeAccountSettings](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | X | | | | |
@@ -368,12 +393,14 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [AllowBuildPreview](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | X | X | | | |
-| [AllowEmbeddedMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | X | X | X | X | X |
+| [AllowEmbeddedMode](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | X | X | X | | X |
| [AllowExperimentation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | X | X | | | |
| [AllowLocation](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | X | X | X | X | X |
-| [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | X | X |
-| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | | |
+| [AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | X | X | X | | X |
+| [AllowTelemetry](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | X | X | | X | |
| [AllowUserToResetPhone](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | X | X | | | |
+ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | X | X | | | |
+ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | X | X | | | |
| [DisableOneDriveFileSync](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | X | | | | |
| [LimitEnhancedDiagnosticDataWindowsAnalytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | X | X | | | |
@@ -408,28 +435,28 @@ This section describes the **Policies** settings that you can configure in [prov
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [ActiveHoursEnd](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | X | X |
-| [ActiveHoursMaxRange](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | X | X |
-| [ActiveHoursStart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | X | X |
+| [ActiveHoursEnd](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | X | X | X | | X |
+| [ActiveHoursMaxRange](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | X | X | X | | X |
+| [ActiveHoursStart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | X | X | X | | X |
| [AllowautoUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | X | X | X | X | X |
-| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)| Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | X | X |
+| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork)| Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | X | X | X | | X |
| [AllowMUUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | X | X | X | X | X |
-| [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | X | X |
+| [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | X | X | X | | X |
| [AllowUpdateService](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | X | X | X | X | X |
-| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | X | X |
-| [AutoRestartNotificationSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | X | X |
-| [AutoRestartRequiredNotificationDismissal](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | X | X |
+| [AutoRestartDeadlinePeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | X | X | X | | X |
+| [AutoRestartNotificationSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | X | X | X | | X |
+| [AutoRestartRequiredNotificationDismissal](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | X | X | X | | X |
| [BranchReadinessLevel](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | X | X | X | X | X |
-| [DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | X | X |
-| [DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | X | X |
+| [DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | X | X | X | | X |
+| [DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | X | X | X | | X |
| [DeferUpdatePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | X | X | X | X | X |
| [DeferUpgradePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) |Specify upgrade delays for up to 8 months. | X | X | X | X | X |
| [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | X | X | X | X | X |
-| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | X | X |
-| [EngagedRestartDeadline](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | X | X |
-| [EngagedRestartSnoozeSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | X | X |
-| [EngagedRestartTransitionSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | X | X |
-| [FillEmptyContentUrls](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | X | X |
+| [DisableDualScan](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | X | X | X | | X |
+| [EngagedRestartDeadline](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | X | X | X | | X |
+| [EngagedRestartSnoozeSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | X | X | X | | X |
+| [EngagedRestartTransitionSchedule](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | X | X | X | | X |
+| [FillEmptyContentUrls](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | X | X | X | | X |
| ManagePreviewBuilds | Use to enable or disable preview builds. | X | X | X | X | X |
| PhoneUpdateRestrictions | Deprecated | | X | | | |
| [RequireDeferUpgrade](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | X | X | X | X | X |
@@ -440,10 +467,10 @@ This section describes the **Policies** settings that you can configure in [prov
| [ScheduledInstallSecondWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallThirdWeek](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | X | X | X | X | X |
| [ScheduledInstallTime](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | X | X | X | X | X |
-| [ScheduleImminentRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | X | X ||
-| [ScheduleRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | X | X |
-| [SetAutoRestartNotificationDisable](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | X | X |
-| [SetEDURestart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | X | X |
+| [ScheduleImminentRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | X | X | X | | X ||
+| [ScheduleRestartWarning](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | X | X | X | | X |
+| [SetAutoRestartNotificationDisable](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | X | X | X | | X |
+| [SetEDURestart](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | X | X | X | | X |
| [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | X | X | X | X | X |
| [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | X | X | X | X | X |
diff --git a/windows/configuration/wcd/wcd-rcspresence.md b/windows/configuration/wcd/wcd-rcspresence.md
new file mode 100644
index 0000000000..325c3d2a69
--- /dev/null
+++ b/windows/configuration/wcd/wcd-rcspresence.md
@@ -0,0 +1,29 @@
+---
+title: RcsPresence (Windows 10)
+description: This section describes the RcsPresence settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.date: 04/23/2018
+---
+
+# RcsPresence (Windows Configuration Designer reference)
+
+Use these settings to configure RcsPresence.
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | | X | | | |
+
+Setting | Description
+--- | ---
+BypassvideoCapabilities | Do not use.
+MaxWaitForCapabilitiesRequestInSeconds | Maximum number of seconds to wait for a Capabilities Request to complete.
+MinAvailabilityCacheInSeconds | Number of seconds to cache result of Capabilities Request per each number, to avoid excessive network requests.
+
+
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 91e6bc382b..09a13d662b 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -14,6 +14,9 @@ ms.date: 10/16/2017
Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.
+>[!TIP]
+>You can use the [ApplicationManagement](wcd-applicationmanagement.md) settings node to configure only the account management settings without enabling shared PC mode.
+
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index fa5f2811ac..2630c9a55a 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# TabletMode (Windows Configuration Designer reference)
@@ -18,7 +18,7 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | X | X | X | X | X |
+| All settings | X | X | X | | X |
## ConvertibleSlateModePromptPreference
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index a18abf5f59..9cdf3314ce 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 10/09/2017
+ms.date: 04/23/2018
---
# UniversalAppInstall (reference)
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 5b860d2185..030b3a9e27 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -21,7 +21,7 @@ Use UniversalAppUninstall settings to uninstall or remove Windows apps.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [RemoveProvisionedApp](#removeprovisionedapp) | X | | | | |
-| [Uninstall](#uninstall) | X | X | X | X | X |
+| [Uninstall](#uninstall) | X | X | X | | X |
## RemoveProvisionedApp
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 04bb9e13f5..b4a45899d4 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# WeakCharger (reference)
@@ -20,8 +20,8 @@ Use WeakCharger settings to configure the charger notification UI.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | X | X | X | X | |
-| [NotifyOnWeakCharger](#notifyonweakcharger) | X | X | X | X | |
+| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | X | X | X | | |
+| [NotifyOnWeakCharger](#notifyonweakcharger) | X | X | X | | |
## HideWeakChargerNotifyOptionUI
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 2cdf863196..ad462fdd08 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# WindowsTeamSettings (reference)
@@ -48,6 +48,11 @@ A device account is a Microsoft Exchange account that is connected with Skype fo
| UserPrincipalName | User principal name (UPN) | To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account. |
| ValidateAndCommit | Any text | Validates the data provided and then commits the changes. This process occurs automatically after the other DeviceAccount settings are applied. The text you enter for the ValidateAndCommit setting doesn't matter. |
+## Dot3
+
+Use these settings to configure 802.1x wired authentication. For details, see [Enable 802.1x wired authentication](https://docs.microsoft.com/surface-hub/enable-8021x-wired-authentication).
+
+
## FriendlyName
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index f584777f6d..137b3f163f 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# WLAN (reference)
@@ -20,5 +20,5 @@ Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connecti
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| All settings | | | | X | |
+| All settings | | | | | |
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 553b4f2688..9f4f608ba7 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 09/06/2017
+ms.date: 04/23/2018
---
# Workplace (reference)
@@ -19,7 +19,7 @@ Use Workplace settings to configure bulk user enrollment to a mobile device mana
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
-| [Enrollments](#enrollments) | X | X | X | X | X |
+| [Enrollments](#enrollments) | X | X | X | | X |
## Enrollments
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index a3d503fd08..dd3e48f99d 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -7,7 +7,7 @@ ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
-ms.date: 10/09/2017
+ms.date: 04/23/2018
---
# Windows Configuration Designer provisioning settings (reference)
@@ -18,6 +18,7 @@ This section describes the settings that you can configure in [provisioning pack
| Setting group | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
+[AccountManagement](wcd-accountmanagement.md) | | | | X | |
| [Accounts](wcd-accounts.md) | X | X | X | X | X |
| [ADMXIngestion](wcd-admxingestion.md) | X | | | | |
| [ApplicationManagement](wcd-applicationmanagement.md) | | | | | X |
@@ -60,6 +61,7 @@ This section describes the settings that you can configure in [provisioning pack
| [Personalization](wcd-personalization.md) | X | | | | |
| [Policies](wcd-policies.md) | X | X | X | X | X |
| [ProvisioningCommands](wcd-provisioningcommands.md) | X | | | | |
+[RcsPresence](wcd-rcspresence.md) | | X | | | |
| [SharedPC](wcd-sharedpc.md) | X | | | | |
| [Shell](wcd-shell.md) | | X | | | |
| [SMISettings](wcd-smisettings.md) | X | | | | |
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index 6e1b327c7d..21c0ef9bf2 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
-ms.date: 01/26/2018
+ms.date: 04/23/2018
---
# Configure Windows Spotlight on the lock screen
@@ -64,6 +64,8 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo
| **Administrative Templates \ Windows Components \ Cloud Content \ Turn off the Windows Spotlight on Action Center** | **Experience/Allow Windows Spotlight On Action Center** | Turn off Suggestions from Microsoft that show after each clean install, upgrade, or on an on-going basis to introduce users to what is new or changed | Windows 10 Enterprise and Education, version 1703 |
| **User Configuration \ Administrative Templates \ Windows Components \ Cloud Content \ Do not use diagnostic data for tailored experiences** | **Experience/Allow Tailored Experiences With Diagnostic Data** | Prevent Windows from using diagnostic data to provide tailored experiences to the user | Windows 10 Pro, Enterprise, and Education, version 1703 |
| **User Configuration \ Administrative Templates \ Windows Components \ Cloud Content \ Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience which helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
+**User Configuration \ Administrative Templates \ Windows Components \ Cloud Content \ Turn off the Windows Spotlight on Settings** | **Experience/Allow Windows Spotlight on Settings** | Turn off the Windows Spotlight in the Settings app. | Windows 10 Enterprise and Education, version 1803 |
+
In addition to the specific policy settings for Windows Spotlight, administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image**.
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 81fe4b5d61..b0f27ea80e 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -238,6 +238,7 @@
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## [Windows Analytics](update/windows-analytics-overview.md)
+### [Windows Analytics and privacy](update/windows-analytics-privacy.md)
### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 2388a8b57a..626dd39323 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: mdt
-author: mtniehaus
-ms.date: 04/03/2018
+author: greg-lindsay
+ms.date: 04/18/2018
---
# Create a Windows 10 reference image
@@ -20,7 +20,7 @@ ms.date: 04/03/2018
Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.
->!NOTE]
+>[!NOTE]
>For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
diff --git a/windows/deployment/images/cleanup.PNG b/windows/deployment/images/cleanup.PNG
new file mode 100644
index 0000000000..783a069a36
Binary files /dev/null and b/windows/deployment/images/cleanup.PNG differ
diff --git a/windows/deployment/images/drive.PNG b/windows/deployment/images/drive.PNG
new file mode 100644
index 0000000000..fa0970ab02
Binary files /dev/null and b/windows/deployment/images/drive.PNG differ
diff --git a/windows/deployment/images/update.jpg b/windows/deployment/images/update.jpg
new file mode 100644
index 0000000000..d5ba862300
Binary files /dev/null and b/windows/deployment/images/update.jpg differ
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 92c577feea..dce1b56274 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -13,6 +13,10 @@ ms.date: 03/27/2018
# Delivery Optimization in Update Compliance
The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
+>[!Note]
+>Delivery Optimization Status is currently in development. See the [Known Issues](#known-issues) section for issues we are aware of and potential workarounds.
+
+
## Delivery Optimization Status
The Delivery Optimization Status section includes three blades:
@@ -40,3 +44,8 @@ The download sources that could be included are:
- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates.
+## Known Issues
+Delivery Optimization is currently in development. The following issues are known:
+
+- DO Download Mode is not accurately portrayed in the Device Configuration blade. There is no workaround at this time.
+
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index 6719b903ce..0b01d6d615 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -8,12 +8,12 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
-ms.date: 04/03/2018
+ms.date: 04/05/2018
---
# Frequently asked questions and troubleshooting Windows Analytics
-This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions.
+This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support.
## Troubleshooting common problems
@@ -219,46 +219,6 @@ Beyond the cost of Windows operating system licenses, there is no additional cos
Note that different Azure Log Analytics plans have different data retention periods, and the Windows Analytics solutions inherit the workspace's data retention policy. So, for example, if your workspace is on the free plan then Windows Analytics will retain the last week's worth of "daily snapshots" that are collected in the workspace.
-### How does Windows Analytics support privacy?
-
-Windows Analytics is fully committed to privacy, centering on these tenets:
-
-- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your company’s security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
-- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics
-- **Security:** Your data is protected with strong security and encryption
-- **Trust:** Windows Analytics supports the Microsoft Online Service Terms
-
-The following illustration shows how diagnostic data flows from individual devices through the Diagnostic Data Service, Azure Log Analytics storage, and to your Log Analytics workspace:
-
-[](images/WA-data-flow-v1.png)
-
-The data flow sequence is as follows:
-
-1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
-2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
-3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
-4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
-5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
-6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
-
-
-See these topics for additional background information about related privacy issues:
-
-- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
-- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
-- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
-- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields)
-- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
-- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
-- [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters)
-- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/)
-
-### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service?
-No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
-
-### Can I choose the data center location?
-Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
-
### Why do SCCM and Upgrade Readiness show different counts of devices that are ready to upgrade?
System Center Configuration Manager (SCCM) considers a device ready to upgrade if *no installed app* has an upgrade decision of “not ready” (that is, they are all "ready" or "in progress"), while Upgrade Readiness considers a device ready to upgrade only if *all* installed apps are marked “ready”.
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index 3775d77bac..cec30d4e05 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -127,7 +127,6 @@ Use a software distribution system such as System Center Configuration Manager t
### Distributing policies at scale
There are a number of policies that can be centrally managed to control Windows Analytics device configuration. All of these policies have *preference* registry key equivalents that can be set by using the deployment script. Policy settings override preference settings if both are set.
-
>[!NOTE]
>You can only set the diagnostic data level to Enhanced by using policy. For example, this is necessary for using Device Health.
@@ -155,4 +154,10 @@ For more information about Internet Explorer Security Zones, see [About URL Secu
### Distribution at scale without using the deployment script
-We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
+We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from its error checking, and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
+
+Note that it is possible to intiate a full inventory scan on a device by calling these commands:
+- CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun
+- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent
+
+For details on how to run these and how to check results, see the deployment script.
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
new file mode 100644
index 0000000000..89e9d3bc49
--- /dev/null
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -0,0 +1,52 @@
+---
+title: Windows Analytics and privacy
+description: How Windows Analytics uses data
+keywords: windows analytics, oms, privacy, data, diagnostic, operations management suite, prerequisites, requirements, updates, upgrades, log analytics, health, FAQ, problems, troubleshooting, error
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: jaimeo
+ms.author: jaimeo
+ms.date: 04/05/2018
+---
+
+# Windows Analytics and privacy
+
+Windows Analytics is fully committed to privacy, centering on these tenets:
+
+- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your company’s security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
+- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics
+- **Security:** Your data is protected with strong security and encryption
+- **Trust:** Windows Analytics supports the Microsoft Online Service Terms
+
+The following illustration shows how diagnostic data flows from individual devices through the Diagnostic Data Service, Azure Log Analytics storage, and to your Log Analytics workspace:
+
+[](images/WA-data-flow-v1.png)
+
+The data flow sequence is as follows:
+
+1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
+2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
+3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
+4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
+5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
+6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
+
+
+See these topics for additional background information about related privacy issues:
+
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
+- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965) (link downloads a PDF file)
+- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703)
+- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields)
+- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
+- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
+- [Learn about security and privacy at Microsoft datacenters](http://www.microsoft.com/datacenters)
+- [Confidence in the trusted cloud](https://azure.microsoft.com/en-us/support/trust-center/)
+
+### Can Windows Analytics be used without a direct client connection to the Microsoft Data Management Service?
+No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
+
+### Can I choose the data center location?
+Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index d11f924e4d..97d6d61817 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.date: 03/30/2018
+ms.date: 04/18/2018
ms.localizationpriority: high
---
@@ -20,32 +20,210 @@ ms.localizationpriority: high
>This is a 100 level topic (basic).
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-The following steps can resolve many Windows upgrade problems.
+The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/en-us/products/windows?os=windows-10).
+
+The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. To talk to a person about your issue, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times.
+
+You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can also just download the tool and run it with no advanced options. You must understand how to download and then run the program from an [elevated command prompt](#open-an-elevated-command-prompt).
+
+## List of fixes
-
Remove nonessential external hardware, such as docks and USB devices.
-
Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type the following command. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
-
-
chkdsk /F
-
-
-
Attempt to restore and repair system files by typing the following commands at an elevated command prompt. It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
-
-
DISM.exe /Online /Cleanup-image /Restorehealth
-
sfc /scannow
-
-
-
Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update.
-
Uninstall non-Microsoft antivirus software.
-
-
Use Windows Defender for protection during the upgrade.
-
Verify compatibility information and re-install antivirus applications after the upgrade.
-
-
Uninstall all nonessential software.
-
Update firmware and drivers.
-
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
-
Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
-
+
Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware).
+
Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive).
+
Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter).
+
Attempt to restore and repair system files. [More information](#repair-system-files).
+
Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows).
Uninstall all nonessential software. [More information](#uninstall-non-essential-software).
+
Update firmware and drivers. [More information](#update-firmware-and-drivers)
+
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected).
+
Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space).
+
+
+## Step by step instructions
+
+### Remove external hardware
+
+If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)).
+
+Unplug nonessential external hardware devices from the computer, such as:
+- Headphones
+- Joysticks
+- Printers
+- Plotters
+- Projectors
+- Scanners
+- Speakers
+- USB flash drives
+- Portable hard drives
+- Portable CD/DVD/Blu-ray drives
+- Microphones
+- Media card readers
+- Cameras/Webcams
+- Smart phones
+- Secondary monitors, keyboards, mice
+
+For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/en-us/help/4051300/windows-10-safely-remove-hardware)
+
+### Repair the system drive
+
+The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive.
+
+To check and repair errors on the system drive:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **chkdsk /F** and press ENTER.
+6. When you are prompted to schedule a check the next time the system restarts, type **Y**.
+7. See the following example
+
+ ```
+ C:\WINDOWS\system32>chkdsk /F
+ The type of the file system is NTFS.
+ Cannot lock current drive.
+
+ Chkdsk cannot run because the volume is in use by another
+ process. Would you like to schedule this volume to be
+ checked the next time the system restarts? (Y/N) Y
+
+ This volume will be checked the next time the system restarts.
+ ```
+
+8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive.
+
+### Windows Update Troubleshooter
+
+The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating.
+
+For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu).
+
+For Windows 10, the tool is [here](https://aka.ms/wudiag).
+
+To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems.
+
+You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?"
+
+If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links.
+
+### Repair system files
+
+This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93).
+
+To check and repair system files:
+
+1. Click **Start**.
+2. Type **command**.
+3. Right-click **Command Prompt** and then left-click **Run as administrator**.
+4. If you are prompted by UAC, click **Yes**.
+5. Type **sfc /scannow** and press ENTER. See the following example:
+
+ ```
+ C:\>sfc /scannow
+
+ Beginning system scan. This process will take some time.
+
+ Beginning verification phase of system scan.
+ Verification 100% complete.
+
+ Windows Resource Protection did not find any integrity violations.
+ ```
+6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
+
+ ```
+ C:\>DISM.exe /Online /Cleanup-image /Restorehealth
+
+ Deployment Image Servicing and Management tool
+ Version: 10.0.16299.15
+
+ Image Version: 10.0.16299.309
+
+ [==========================100.0%==========================] The restore operation completed successfully.
+ The operation completed successfully.
+
+ ```
+ >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
+
+
+### Update Windows
+
+You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.
+
+The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated.
+
+Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows."
+
+Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above.
+
+Click **Start**, click power options, and then restart the computer.
+
+### Uninstall non-Microsoft antivirus software
+
+Use Windows Defender for protection during the upgrade.
+
+Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program.
+
+To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal.
+
+For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10).
+
+### Uninstall non-essential software
+
+Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help.
+
+If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it.
+
+To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software.
+
+### Update firmware and drivers
+
+Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed.
+
+Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/en-us/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
+
+To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions.
+
+### Ensure that "Download and install updates" is selected
+
+When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example:
+
+
+
+### Verify disk space
+
+You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
+
+To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer.
+
+In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon.
+
+The amount of space available on the system drive will be displayed under the drive. See the following example:
+
+
+
+In the previous example, there is 703 GB of available free space on the system drive (C:).
+
+To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example:
+
+
+
+For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space).
+
+When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version.
+
+### Open an elevated command prompt
+
+To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7).
+
+Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23).
+
+If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder.
+
+If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem.
## Related topics
@@ -53,4 +231,4 @@ The following steps can resolve many Windows upgrade problems.
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+ [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index 1f7c1def87..8c1c9c5f20 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.date: 04/03/2018
+ms.date: 04/18/2018
ms.localizationpriority: high
---
@@ -16,11 +16,12 @@ ms.localizationpriority: high
**Applies to**
- Windows 10
->**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see the following topic: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
+>[!IMPORTANT]
+>This article contains technical instructions for IT administrators. If you are not an IT administrator, try some of the [quick fixes](quick-fixes.md) described in this article then contact [Microsoft Support](https://support.microsoft.com/contactus/) starting with the Virtual Agent. To talk to a person about your issue, click **Get started** to interact with the Virtual Agent, then enter "Talk to a person" two times. The Virtual Agent can also help you to resolve many Windows upgrade issues. Also see: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors) and [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
-This topic contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
+This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
-The topic was originally one page, but has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+The article was originally one page, but has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
The following four levels are assigned:
@@ -31,7 +32,7 @@ Level 400: Advanced
## In this guide
-See the following topics:
+See the following topics in this article:
- [Quick fixes](quick-fixes.md): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
@@ -57,3 +58,4 @@ See the following topics:
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
+
\ No newline at end of file
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index a460f3c8b5..32859c06fe 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.date: 03/30/2018
+ms.date: 04/11/2018
ms.localizationpriority: high
---
@@ -103,7 +103,7 @@ SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /Mode:Offline /LogsPath:D:\Dump
## Known issues
-1. Some rules can take a long time to process if the log files involved as large.
+1. Some rules can take a long time to process if the log files involved are large.
2. SetupDiag only outputs data in a text format. If another format is desired, please provide this [feedback](#feedback).
3. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause. In this case, try gathering the log files and running SetupDiag in offline mode.
diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
index a7f5d26c91..9ebd8766d6 100644
--- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
+++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
@@ -32,6 +32,9 @@ These phases are explained in greater detail [below](#the-windows-10-upgrade-pro
Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
+ >[!TIP]
+ >If you attempt to use the media creation tool with a USB drive and this fails with error 0x80004005 - 0xa001a, this is because the USB drive is using GPT partition style. The tool requires that you use MBR partition style. You can use the DISKPART command to convert the USB drive from GPT to MBR. For more information, see [Change a GUID Partition Table Disk into a Master Boot Record Disk](https://go.microsoft.com/fwlink/?LinkId=207050).
+
**Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index 252ed481b1..2c73760c08 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
-Windows 10 LTSB is not supported by Upgrade Readiness. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSB.
+While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
## Operations Management Suite
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index a1e9503aee..a937437e02 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -31,8 +31,8 @@ ms.date: 09/27/2017
During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
-**Note**
-The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
+>[!NOTE]
+>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
## Distribution channels and activation
@@ -185,7 +185,7 @@ When you know which keys you need, you must obtain them. Generally speaking, vol
### KMS host keys
-A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Support Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
+A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index ea9f6e17a8..bcb246ccb6 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -22,7 +22,7 @@ The Group Policy settings for TPM services are located at:
**Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
-The following Group Policy settings were introduced in Window 10:
+The following Group Policy settings were introduced in Window 10.
## Configure the list of blocked TPM commands
@@ -36,17 +36,11 @@ If you disable or do not configure this policy setting, only those TPM commands
- The local list of blocked TPM commands is configured outside of Group Policy by running the TPM Management Console or scripting using the **Win32\_Tpm** interface.
-For information how to enforce or ignore the default and local lists of blocked TPM commands, see
-
-- [Ignore the default list of blocked TPM commands](#ignore-the-default-list-of-blocked-tpm-commands)
-
-- [Ignore the local list of blocked TPM commands](#ignore-the-local-list-of-blocked-tpm-commands)
-
## Ignore the default list of blocked TPM commands
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
-The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column. Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column.
If you enable this policy setting, the Windows operating system will ignore the computer's default list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the local list.
@@ -56,7 +50,8 @@ If you disable or do not configure this policy setting, Windows will block the T
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
-The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.) Also see the related policy setting, [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands).
+The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.)
+
If you enable this policy setting, the Windows operating system will ignore the computer's local list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the default list.
@@ -64,10 +59,9 @@ If you disable or do not configure this policy setting, Windows will block the T
## Configure the level of TPM owner authorization information available to the operating system
-This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
+Beginning with Windows 10 version 1607 and Windows Server 2016, this policy setting is no longer used by Windows, but it continues to appear in GPEdit.msc for compatibility with previous versions.
-> [!IMPORTANT]
-> This policy setting is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
@@ -143,13 +137,6 @@ An administrator with the TPM owner password can fully reset the TPM's hardware
If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
-> [!IMPORTANT]
-> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
-
-If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
-
-If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
-
## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below.
@@ -167,6 +154,6 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t
## Related topics
-- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
-- [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
+- [Trusted Platform Module](trusted-platform-module-top-node.md)
+- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
\ No newline at end of file
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 01dbef4001..8457313a96 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -24,7 +24,7 @@ Passwords are still weak. We recommend that in addition to deploying Windows Def
Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported.
## Wi-fi and VPN Considerations
-When you enable Windows Defender Credential Guard, you can no longer use NTLM classic deployment model authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
+When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS.
## Kerberos Considerations
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index b53fb11810..2cff590539 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -112,7 +112,7 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
Set the value for this CSP to **True**.
-Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to removely reset a PIN on an Intune managed device.
+Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/device-windows-pin-reset#steps-to-reset-the-passcode) section to remotely reset a PIN on an Intune managed device.
### On-premises Deployments
@@ -122,7 +122,7 @@ Read the [Steps to reset the passcode](https://docs.microsoft.com/en-us/intune/d
* Reset from settings - Windows 10, version 1703
* Reset above Lock - Windows 10, version 1709
-On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen. Users must know or be provider their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
+On-premises deployments provide users with the ability to reset forgotton PINs either through the settings page or from above the user's lock screen. Users must know or be provided their password for authentication, must perform a second factor of authentication, and then reprovision Windows Hello for Business.
>[!IMPORTANT]
>Users must have corporate network connectivity to domain controllers and the AD FS server to reset their PINs.
@@ -145,10 +145,10 @@ On-premises deployments provide users with the ability to reset forgotton PINs e
**Requirements**
* Hybrid and On-premises Windows Hello for Business deployments
-* Domain Joined or Hybird Azure joined devices
+* Domain Joined or Hybrid Azure joined devices
* Windows 10, version 1709
-The privileged credentials scenario enables administrators to perform elevated, admistrative funcions by enrolling both their non-privileged and privileged credentials on their device.
+The privileged credentials scenario enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device.
By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session. Using the computer Group Policy setting, Allow enumeration of emulated smart card for all users, you can configure a device to all this enumeration on selected devices.
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 829934ef39..26fe73a382 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -1,20 +1,20 @@
---
title: VPN and conditional access (Windows 10)
-description: tbd
+description: The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, networking
-author: jdeckerms
+author: shortpatti
+ms.author: pashort
+ms.reviewer:
ms.localizationpriority: high
-ms.date: 07/27/2017
+ms.date: 04/17/2018
---
# VPN and conditional access
-**Applies to**
-- Windows 10
-- Windows 10 Mobile
+>Applies to: Windows 10 and Windows 10 Mobile
The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
@@ -51,6 +51,7 @@ The following client-side components are also required:
- Trusted Platform Module (TPM)
## VPN device compliance
+According to the VPNv2 CSP, these settings options are **Optional**. If you want your users to access on-premises resources, such as files on a network share, based on the credential of a certificate that was issued by an on-premises CA, and not the Cloud CA certificate, you add these settings to the VPNv2 profile. Alternatively, if you add the cloud root certs to the NTAuth store in on-prem AD, your user's cloud cert will chain and KDC will issue TGT and TGS tickets to them.
Server-side infrastructure requirements to support VPN device compliance include:
@@ -65,9 +66,9 @@ After the server side is set up, VPN admins can add the policy settings for cond
Two client-side configuration service providers are leveraged for VPN device compliance.
- VPNv2 CSP DeviceCompliance settings
- - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client will attempt to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
- - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for Kerberos authentication in the case of device compliance.
- - **Sso/Enabled**: if this field is set to **true**, the VPN client will look for a separate certificate for Kerberos authentication.
+ - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD.
+ - **Sso**: nodes under SSO can be used to choose a certificate different from the VPN authentication certificate for Kerberos authentication in the case of device compliance.
+ - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication.
- **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication.
- **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication.
- HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include:
@@ -77,13 +78,11 @@ Two client-side configuration service providers are leveraged for VPN device com
- Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
## Client connection flow
-
-
The VPN client side connection flow works as follows:
-When a Device Compliance-enabled VPN connection profile is triggered (either manually or automatically):
+When a VPNv2 Profile is configured with \ \true<\/Enabled> the VPN client uses this connection flow:
1. The VPN client calls into Windows 10’s AAD Token Broker, identifying itself as a VPN client.
2. The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies.
@@ -91,8 +90,6 @@ When a Device Compliance-enabled VPN connection profile is triggered (either man
4. Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection processing.
5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server.
-
-
## Configure conditional access
See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx) for XML configuration.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index bb2ff3ed96..bdeb514ae1 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -18,7 +18,7 @@ This topic explains how BitLocker Device Encryption can help protect data on de
For an architectural overview about how BitLocker Device Encryption works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview).
For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).
-When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies.
+When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.
Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
index b56af7542a..267a2e2428 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
@@ -336,7 +336,7 @@ To use Network Unlock you must also have a PIN configured for your computer. Whe
BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it.
Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is
-not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network.
+not available you will need to use the recovery key to unlock the computer if it can not be connected to the network.
For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index d5952e711b..961c0d224c 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -108,7 +108,7 @@ For Azure AD-joined computers, including virtual machines, the recovery password
```
PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
```
@@ -118,7 +118,7 @@ For domain-joined computers, including servers, the recovery password should be
```
PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
```
diff --git a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
new file mode 100644
index 0000000000..19fd27b480
Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png differ
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index d5c63e1673..f91ae2f8f5 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -23,24 +23,25 @@
#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md)
#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md)
#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md)
-### [Onboard endpoints and set up access](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
-#### [Configure client endpoints](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
-##### [Configure endpoints using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-##### [Configure endpoints using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-##### [Configure endpoints using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
-##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
-#### [Configure non-Windows endpoints](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-#### [Run a detection test on a newly onboarded endpoint](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune)
+##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
+#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
-#### [View the Security operations dashboard](windows-defender-atp\dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Secure score dashboard](windows-defender-atp\security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard](windows-defender-atp\threat-analytics-windows-defender-advanced-threat-protection.md)
+#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
###Investigate and remediate threats
####Alerts queue
@@ -53,6 +54,9 @@
##### [Investigate a domain](windows-defender-atp\investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](windows-defender-atp\investigate-user-windows-defender-advanced-threat-protection.md)
+
+
+
####Machines list
##### [View and organize the Machines list](windows-defender-atp\machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
@@ -84,6 +88,11 @@
####### [View deep analysis reports](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md)
+#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
###API and SIEM support
#### [Pull alerts to your SIEM tools](windows-defender-atp\configure-siem-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
@@ -172,20 +181,38 @@
##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
-### [Configure Windows Defender ATP preferences settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
-#### [Update general settings](windows-defender-atp\general-settings-windows-defender-advanced-threat-protection.md)
-#### [Enable advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
-#### [Enable preview experience](windows-defender-atp\preview-settings-windows-defender-advanced-threat-protection.md)
-#### [Configure email notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
-#### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
-#### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
-#### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
+### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
+
+####General
+##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
+
+####Permissions
+##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
+##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
+
+####APIs
+##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+####Rules
+##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+####Machine management
+##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
+
+### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
-### [Configure Windows Defender ATP time zone settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
-#### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
+#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
diff --git a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
index 96c05fcdee..846cc26a49 100644
--- a/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/applocker/requirements-to-use-applocker.md
@@ -35,7 +35,7 @@ The following table show the on which operating systems AppLocker features are s
| Version | Can be configured | Can be enforced | Available rules | Notes |
| - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps Executable Windows Installer Script DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
+| Windows 10| Yes| Yes| Packaged apps Executable Windows Installer Script DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
| Windows Server 2016 Windows Server 2012 R2 Windows Server 2012| Yes| Yes| Packaged apps Executable Windows Installer Script DLL| |
| Windows 8.1 Pro| Yes| No| N/A||
| Windows 8.1 Enterprise| Yes| Yes| Packaged apps Executable Windows Installer Script DLL| |
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index f2d774c843..0c5a957bec 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -15,18 +15,7 @@ ms.date: 04/19/2017
**Applies to**
- Windows 10
-This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
+Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista.
+There is no difference in security auditing support between 32-bit and 64-bit versions.
+Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features.
-Versions of the Windows operating system that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions.
-
-## Are there any special considerations?
-
-In addition, the following special considerations apply to the various tasks associated with advanced security auditing enhancements:
-
-- **Creating an audit policy.** To create an advanced security auditing policy, you must use a computer running any supported version of Windows. You can use the Group Policy Management Console (GPMC) on a computer running a supported version of the Windows client operating system after installing the Remote Server Administration Tools.
-- **Applying audit policy settings.** If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running any supported version of the Windows server operating system or Windows client operating system. In addition, only computers running any of these supported operating systems can provide "reason for access" reporting data.
-- **Developing an audit policy model.** To plan advanced security audit settings and global object access settings, you must use the GPMC that targets a domain controller running a supported version of the Windows server operating system.
-- **Distributing the audit policy.** After a Group Policy Object (GPO) that includes advanced security auditing settings is developed, it can be distributed by using domain controllers running any Windows Server operating system.
-However, if you cannot put client computers running a supported version of the Windows client operating system into a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced security auditing policy settings are applied only to client computers running a supported version of the Windows client operating system.
-
->**Important:** Using both the basic auditing policy settings under **Local Policies\\Audit Policy** and the advanced auditing policy settings under **Advanced Audit Policy Configuration** can cause unexpected results in audit reporting. Therefore, the two sets of audit policy settings should not be combined. If you use advanced audit policy configuration settings, you should enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.
diff --git a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md b/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
index ab3baf28eb..400d1f0540 100644
--- a/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security.md
@@ -22,30 +22,9 @@ Virtualization-based protection of code integrity (herein referred to as Hypervi
Use the following procedure to enable virtualization-based protection of code integrity:
-1. **Decide whether to use the procedures in this topic, or to use the Windows Defender Device Guard readiness tool**. To enable HVCI, you can use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or follow the procedures in this topic.
+1. Decide whether to use the procedures in this topic, or to use [the Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337).
-2. **Verify that hardware and firmware requirements are met**. Verify that your client computers have the hardware and firmware to run HVCI. For a list of requirements, see [Hardware, firmware, and software requirements for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard).
-
-3. **Enable the necessary Windows features**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-protection-of-code-integrity).
-
-4. **Enable additional features as desired**. You can use the [hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) or see [Enable virtualization-based protection of code integrity](#enable-virtualization-based-protection-of-code-integrity).
-
-## Windows feature requirements for virtualization-based protection of code integrity
-
-Make sure these operating system features are enabled before you can enable HVCI:
-
-- Beginning with Windows 10, version 1607 or Windows Server 2016:
-Hyper-V Hypervisor, which is enabled automatically. No further action is needed.
-
-- With an earlier version of Windows 10:
-Hyper-V Hypervisor and Isolated User Mode (shown in Figure 1).
-
-
-
-**Figure 1. Enable operating system features for HVCI, Windows 10, version 1511**
-
-> [!NOTE]
-> You can configure these features by using Group Policy or Dism.exe, or manually by using Windows PowerShell or the Windows Features dialog box.
+2. Verify that [hardware and firmware requirements](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-windows-defender-device-guard) are met.
## Enable virtualization-based protection of code integrity
@@ -57,16 +36,12 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
- Figure 2. Create a new OU-linked GPO
-
2. Give the new GPO a name, then right-click the new GPO, and click **Edit**.
4. Within the selected GPO, navigate to Computer Configuration\\Policies\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
- Figure 3. Enable virtualization-based security (VBS)
-
5. Select the **Enabled** button. For **Select Platform Security Level**:
- **Secure Boot** provides as much protection as a computer’s hardware can support. If the computer does not have input/output memory management units (IOMMUs), enable **Secure Boot**.
@@ -78,9 +53,7 @@ If you don't want to use the [hardware readiness tool](https://www.microsoft.com
- With earlier versions of Windows 10: Select the **Enable Virtualization Based Protection of Code Integrity** check box.
- 
-
- Figure 5. Configure HVCI, Lock setting (in Windows 10, version 1607)
+ 
7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
@@ -281,12 +254,10 @@ This field indicates whether VBS is enabled and running.
This field lists the computer name. All valid values for computer name.
-Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6.
+Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section.
-Figure 6. Windows Defender Device Guard properties in the System Summary
-
## Related topics
- [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
index 3cdfa39794..1650272c86 100644
--- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
author: brianlic-msft
-ms.date: 02/13/2018
+ms.date: 04/18/2018
---
# Steps to Deploy Windows Defender Application Control
@@ -15,7 +15,8 @@ ms.date: 02/13/2018
- Windows 10
- Windows Server 2016
-For an overview of the process described in the following procedures, see [Deploy Windows Defender Application Control: policy rules and file rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md). To understand how the deployment of Windows Defender Application Control (WDAC) fits with other steps in the Windows Defender Device Guard deployment process, see [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+For an overview of the process described in the following procedures, see [Deploy Windows Defender Application Control: policy rules and file rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md).
+
## Create a Windows Defender Application Control policy from a reference computer
@@ -60,6 +61,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
- rcsi.exe
- system.management.automation.dll
- windbg.exe
+- wmic.exe
[1]A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
@@ -77,6 +79,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
|Oddvar Moe |@Oddvarmoe|
|Alex Ionescu | @aionescu|
|Lee Christensen|@tifkin_|
+|Vladas Bulavas | Kaspersky Lab |
@@ -96,695 +99,733 @@ For October 2017, we are announcing an update to system.management.automation.dl
Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
```
-
-
- 10.0.0.0
- {A244370E-44C9-4C06-B551-F6016E563076}
- {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+-
+ 10.0.0.0
+ {A244370E-44C9-4C06-B551-F6016E563076}
+ {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}
+-
+-
+
+
+-
+
+
+-
+
+
+-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+-
+
+-
+-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+-
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+
+
+-
+-
+
+
+-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+-
+
+-
+-
+-
+-
+-
+
+
+
+
+-
+-
+-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
- 0
-
-
-```
+
+
+ 0
+
+
+ ```
To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order:
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index 75dda71497..8e5b6d0232 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -175,7 +175,7 @@ To gain the most value out of the baseline subscription we recommend to have the
- Enable disabled event channels and set the minimum size for modern event files.
- Currently, there is no GPO template for enabling or setting the maximum size for the modern event files. This must be done by using a GPO. For more info, see [Appendix C – Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc).
-The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Baseline Subscription Event Query](#bkmk-appendixf).
+The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf).
- Anti-malware events from Microsoft Antimalware or Windows Defender. This can be configured for any given anti-malware product easily if it writes to the Windows event log.
- Security event log Process Create events.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
index 4545c0e5dc..e84172c1e3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 08/26/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
---
# Prevent or allow users to locally modify Windows Defender AV policy settings
@@ -47,7 +47,7 @@ To configure these settings:
3. In the **Group Policy Management Editor** go to **Computer configuration**.
-4. Click **Policies** then **Administrative templates**.
+4. Click **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
@@ -91,12 +91,14 @@ You can disable this setting to ensure that only globally defined lists (such as
3. In the **Group Policy Management Editor** go to **Computer configuration**.
-4. Click **Policies** then **Administrative templates**.
+4. Click **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus**.
6. Double-click the **Configure local administrator merge behavior for lists** setting and set the option to **Enabled**. Click **OK**.
+> [!NOTE]
+> If you disable local list merging, it will override Controlled folder access settings in Windows Defender Exploit Guard. It also overrides any protected folders or allowed apps set by the local administrator. For more information about Controlled folder access settings, see [Enable Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard).
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index 8bfa75ff42..39660adda8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
> [!NOTE]
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
-See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines.
+See the [Customize the Windows Defender Security Center app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md) topic for instructions to add custom contact information to the notifications that users see on their machines.
**Use Group Policy to hide notifications:**
diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index fec3ab9056..c4fb7fbc8c 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -1,7 +1,7 @@
---
-title: Utilize cloud-delivered protection in Windows Defender Antivirus
-description: Cloud-delivered protection provides an advanced level of fast, robust antivirus detection.
-keywords: windows defender antivirus, antimalware, security, defender, cloud, cloud-delivered protection
+title: Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
+description: Next-gen technologies in cloud-delivered protection provide an advanced level of fast, robust antivirus detection.
+keywords: windows defender antivirus, next-gen technologies, next-gen av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@@ -9,12 +9,12 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
---
-# Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus
+# Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
**Applies to:**
@@ -24,21 +24,35 @@ ms.date: 11/20/2017
- Enterprise security administrators
-Cloud-delivered protection for Windows Defender Antivirus, also referred to as Microsoft Advanced Protection Service (MAPS), provides you with strong, fast protection in addition to our standard real-time protection.
+Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.
+To take advantage of the power and speed of these next-gen technologies, Windows Defender Antivirus works seamlessly with Microsoft cloud services. These cloud protection services, also referred to as Microsoft Advanced Protection Service (MAPS), enhances standard real-time protection, providing arguably the best antivirus defense.
>[!NOTE]
>The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
-Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds.
-
-The following video describes how it works:
+With cloud-delivered protection, next-gen technologies provide rapid identification of new threats, sometimes even before a single machine is infected. Watch the following video about Microsoft AI and Windows Defender Antivirus in action:
+
+
+To understand how next-gen technologies shorten protection delivery time through the cloud, watch the following video:
+
-Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
+Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI:
+
+- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/)
+- [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/)
+- [How artificial intelligence stopped an Emotet outbreak](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/)
+- [Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/)
+- [Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/18/windows-defender-antivirus-cloud-protection-service-advanced-real-time-defense-against-never-before-seen-malware/)
+
+## Get cloud-delivered protection
+
+Cloud-delivered protection is enabled by default. However, you may need to re-enable it if it has been disabled as part of previous organizational policies.
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index c2a9edb814..541ca154a0 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
---
# Windows Defender Antivirus in Windows 10 and Windows Server 2016
@@ -22,7 +22,7 @@ ms.date: 11/20/2017
Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
-This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
+This library of documentation is for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
For more important information about running Windows Defender on a server platform, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md).
@@ -38,7 +38,7 @@ It can be configured with:
- Group Policy
Some of the highlights of Windows Defender AV include:
-- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats
+- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
- [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
- [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index 3ccb022cec..f8fb6d41ba 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 10/12/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/11/2018
---
@@ -59,6 +59,9 @@ This topic includes the following instructions for setting up and running Window
## Enable or disable the interface on Windows Server 2016
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
+>[!NOTE]
+>You can't uninstall the Windows Defender Security Center app, but you can disable the interface with these instructions.
+
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
index 5ed68d6744..5f5563cbb6 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@@ -30,7 +30,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|-----------|------------------|-----------|
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
-|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
+|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
### Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index a9148f2252..7e437ce4b1 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -13,7 +13,8 @@ ms.date: 10/23/2017
# Windows Defender Application Guard overview
**Applies to:**
-- Windows 10 Enterprise edition, version 1709
+- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Professional edition, version 1803
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks.
@@ -27,7 +28,7 @@ If an employee goes to an untrusted site through either Microsoft Edge or Intern
### What types of devices should use Application Guard?
-Application Guard has been created to target 3 types of enterprise systems:
+Application Guard has been created to target several types of systems:
- **Enterprise desktops.** These desktops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
@@ -35,6 +36,8 @@ Application Guard has been created to target 3 types of enterprise systems:
- **Bring your own device (BYOD) mobile laptops.** These personally-owned laptops are not domain-joined, but are managed by your organization through tools like Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
+- **Personal devices.** These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
+
## In this section
|Topic |Description |
|------|------------|
@@ -42,4 +45,4 @@ Application Guard has been created to target 3 types of enterprise systems:
|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
|[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
|[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.|
-|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.|
\ No newline at end of file
+|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.|
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index fee57495f2..8b0591b338 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Turn on advanced features in Windows Defender ATP
+title: Configure advanced features in Windows Defender ATP
description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
-keywords: advanced features, preferences setup, block file
+keywords: advanced features, settings, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Turn on advanced features in Windows Defender ATP
+# Configure advanced features in Windows Defender ATP
**Applies to:**
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
@@ -31,6 +31,9 @@ Depending on the Microsoft security products that you use, some advanced feature
Turn on the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
+## Automated investigation
+When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
+
## Block file
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.
@@ -47,22 +50,50 @@ For more information, see [Investigate a user account](investigate-user-windows-
## Skype for Business integration
Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
+## Azure Advanced Threat Protection integration
+The integration with Azure Advanced Threat Protection allows you to pivot directly into another Microsoft Identity security product. Azure Advanced Threat Protection augments an investigation with additional insights about a suspected compromised account and related resources. By enabling this feature, you'll enrich the machine-based investigation capability by pivoting across the network from an identify point of view.
+
+
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature.
+
+### Enable the Windows Defender ATP integration from the Azure ATP portal
+To receive contextual machine integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
+
+1. Login to the [Azure portal](https://portal.atp.azure.com/) with a Global Administrator or Security Administrator role.
+
+2. Click **Create a workspace** or use your primary workspace.
+
+3. Toggle the Integration setting to **On** and click **Save**.
+
+When you complete the integration steps on both portals, you'll be able to see relevant alerts in the machine details or user details page.
+
## Office 365 Threat Intelligence connection
This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature.
+
To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
+## Microsoft Intune connection
+This feature is only available if you have an active Microsoft Intune (Intune) license.
+
+When you enable this feature, you'll be able to share Windows Defender ATP device information to Intune and enhance policy enforcement.
+
+>[!NOTE]
+>You'll need to enable the integration on both Intune and Windows Defender ATP to use this feature.
+
+
## Enable advanced features
1. In the navigation pane, select **Preferences setup** > **Advanced features**.
2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
3. Click **Save preferences**.
## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..49284ab1d1
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,96 @@
+---
+title: Advanced hunting best practices in Windows Defender ATP
+description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
+keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Advanced hunting query best practices Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
+
+## Performance best practices
+The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries.
+- Use time filters first. Azure Kusto is highly optimized to utilize time filters. For more information, see [Azure Kusto](https://docs.microsoft.com/connectors/kusto/).
+- Put filters that are expected to remove most of the data in the beginning of the query, following the time filter.
+- Use 'has' keyword over 'contains' when looking for full tokens.
+- Use looking in specific column rather than using full text search across all columns.
+- When joining between two tables - choose the table with less rows to be the first one (left-most).
+- When joining between two tables - project only needed columns from both sides of the join.
+
+## Query tips and pitfalls
+
+### Unique Process IDs
+Process IDs are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process.
+To address this issue, Windows Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time.
+
+
+So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime)
+
+The following example query is created to find processes that access more than 10 IP addresses over port 445 (SMB) - possibly scanning for file shares.
+
+Example query:
+```
+NetworkCommunicationEvents
+| where RemotePort == 445 and EventTime > ago(12h) and InitiatingProcessId !in (0, 4)
+| summarize RemoteIPCount=dcount(RemoteIP) by ComputerName, InitiatingProcessId, InitiatingProcessCreationTime, InitiatingProcessFileName
+| where RemoteIPCount > 10
+```
+
+The query summarizes by both InitiatingProcessId and InitiatingProcessCreationTime - to make sure the query looks at a single process, and not mixing multiple processes with the same process ID.
+
+### Using command line queries
+
+Command lines may vary - when applicable, filter on file names and do fuzzy matching.
+
+There are numerous ways to construct a command line to accomplish a task.
+
+For example, a malicious attacker could specify the process image file name without a path, with full path, without the file extension, using environment variables, add quotes, and others. In addition, the attacker can also change the order of some parameters, add multiple quotes or spaces, and much more.
+
+To create more durable queries using command lines, we recommended the following guidelines:
+- Identify the known processes (such as net.exe, psexec.exe, and others) by matching on the filename fields, instead of filtering on the command line field.
+- When querying for command line arguments, don't look for an exact match on multiple unrelated arguments in a certain order. Instead, use regular expressions or use multiple separate contains operators.
+- Use case insensitive matches. For example, use '=~', 'in~', 'contains' instead of '==', 'in' or 'contains_cs'
+- To mitigate DOS command line obfuscation techniques, consider removing quotes, replacing commas with spaces, and replacing multiple consecutive spaces with a single space. This is just the start of handling DOS obfuscation techniques, but it does mitigate the most common ones.
+
+The following example query shows various ways to construct a query that looks for the file *net.exe* to stop the Windows Defender Firewall service:
+
+```
+// Non-durable query - do not use
+ProcessCreationEvents
+| where ProcessCommandLine == "net stop MpsSvc"
+| limit 10
+
+// Better query - filters on filename, does case-insensitive matches
+ProcessCreationEvents
+| where EventTime > ago(7d) and FileName in~ ("net.exe", "net1.exe") and ProcessCommandLine contains "stop" and ProcessCommandLine contains "MpsSvc"
+
+// Best query also ignores quotes
+ProcessCreationEvents
+| where EventTime > ago(7d) and FileName in~ ("net.exe", "net1.exe")
+| extend CanonicalCommandLine=replace("\"", "", ProcessCommandLine)
+| where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc"
+```
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..db6c9b6f35
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,107 @@
+---
+title: Advanced hunting reference in Windows Defender ATP
+description: Learn about Advanced hunting table reference such as column name, data type, and description
+keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Advanced hunting reference in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+
+
+## Advanced hunting table reference
+When you run a query using Advanced hunting, a table with columns is returned as a result.
+
+Use the following table to understand what the columns represent, its data type, and their description.
+
+| Column name | Data type | Description
+:---|:--- |:---
+| AccountDomain | string | Domain of the account. |
+| AccountName | string | User name of the account. |
+| AccountSid | string | Security Identifier (SID) of the account. |
+| ActionType | string | Type of activity that triggered the event. |
+| AdditionalFields | string | Additional information about the event in JSON array format. |
+| AlertId | string | Unique identifier for the alert. |
+| ComputerName | string | Fully qualified domain name (FQDN) of the machine. |
+| EventId | int | Unique identifier used by Event Tracing for Windows (ETW) for the event type. |
+| EventTime | datetime | Date and time when the event was recorded. |
+| EventType | string | Table where the record is stored. |
+| FileName | string | Name of the file that the recorded action was applied to. |
+| FileOriginIp | string | IP address where the file was downloaded from. |
+| FileOriginReferrerUrl | string | URL of the web page that links to the downloaded file. |
+| FileOriginUrl | string | URL where the file was downloaded from. |
+| FolderPath | string | Folder containing the file that the recorded action was applied to. |
+| InitiatingProcessAccountDomain | string | Domain of the account that ran the process responsible for the event. |
+| InitiatingProcessAccountName | string | User name of the account that ran the process responsible for the event. |
+| InitiatingProcessAccountSid | string | Security Identifier (SID) of the account that ran the process responsible for the event. |
+| InitiatingProcessCommandLine | string | Command line used to run the process that initiated the event. |
+| InitiatingProcessCreationTime | datetime | Date and time when the process that initiated the event was started. |
+| InitiatingProcessFileName | string | Name of the process that initiated the event. |
+| InitiatingProcessFolderPath | string | Folder containing the process (image file) that initiated the event. |
+| InitiatingProcessId | int | Process ID (PID) of the process that initiated the event. |
+| InitiatingProcessIntegrityLevel | string | Integrity level of the process that initiated the event. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet download. These integrity levels influence permissions to resources. |
+| InitiatingProcessMd5 | string | MD5 hash of the process (image file) that initiated the event. |
+| InitiatingProcessParentCreationTime | datetime | Date and time when the parent of the process responsible for the event was started. |
+| InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event. |
+| InitiatingProcessParentName | string | Name of the parent process that spawned the process responsible for the event. |
+| InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event. |
+| InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. |
+| InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event. |
+| IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory. |
+| LocalIP | string | IP address assigned to the local machine used during communication. |
+| LocalPort | int | TCP port on the local machine used during communication. |
+| LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format. |
+| LogonType | string | Type of logon session, specifically:
- **Interactive** - User physically interacts with the machine using the local keyboard and screen.
- **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients.
- **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed.
- **Batch** - Session initiated by scheduled tasks.
- **Service** - Session initiated by services as they start.
+| MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. |
+| MachineId | string | Unique identifier for the machine in the service. |
+| MD5 | string | MD5 hash of the file that the recorded action was applied to. |
+| NetworkCardIPs | string | List of all network adapters on the machine, including their MAC addresses and assigned IP addresses, in JSON array format. |
+| OSArchitecture | string | Architecture of the operating system running on the machine. |
+| OSBuild | string | Build version of the operating system running on the machine. |
+| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
+| PreviousRegistryKey | string | Original registry key of the registry value before it was modified. |
+| PreviousRegistryValueData | string | Original data of the registry value before it was modified. |
+| PreviousRegistryValueName | string | Original name of the registry value before it was modified. |
+| PreviousRegistryValueType | string | Original data type of the registry value before it was modified. |
+| ProcessCommandline | string | Command line used to create the new process. |
+| ProcessCreationTime | datetime | Date and time the process was created. |
+| ProcessId | int | Process ID (PID) of the newly created process. |
+| ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. |
+| ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process. |
+| ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log. |
+| RegistryKey | string | Registry key that the recorded action was applied to. |
+| RegistryValueData | string | Data of the registry value that the recorded action was applied to. |
+| RegistryValueName | string | Name of the registry value that the recorded action was applied to. |
+| RegistryValueType | string | Data type, such as binary or string, of the registry value that the recorded action was applied to. |
+| RemoteIP | string | IP address that was being connected to. |
+| RemotePort | int | TCP port on the remote device that was being connected to. |
+| RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. |
+| ReportIndex | long | Event identifier that is unique among the same event type. |
+| SHA1 | string | SHA-1 of the file that the recorded action was applied to. |
+| SHA256 | string | SHA-256 of the file that the recorded action was applied to.
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)
+
+## Related topic
+- [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
+- [Advanced hunting query language best practices](/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f523b1c8d1
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,164 @@
+---
+title: Query data using Advanced hunting in Windows Defender ATP
+description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data.
+keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Query data using Advanced hunting in Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+
+Advanced hunting allows you to proactively hunt for possible threats across your organization using a powerful search and query tool. Take advantage of the following capabilities:
+
+- **Powerful query language with IntelliSense** - Built on top of a query language that gives you the flexibility you need to take hunting to the next level.
+- **Query the stored telemetry** - The telemetry data is accessible in tables for you to query. For example, you can query process creation, network communication, and many other event types.
+- **Links to portal** - Certain query results, such as machine names and file names are actually direct links to the portal, consolidating the Advanced hunting query experience and the existing portal investigation experience.
+- **Query examples** - A welcome page provides examples designed to get you started and get you familiar with the tables and the query language.
+
+To get you started in querying your data, you can use the basic or Advanced query examples that have some preloaded queries for you to understand the basic query syntax.
+
+
+
+## Use advanced hunting to query data
+
+A typical query starts with a table name followed by a series of operators separated by **|**.
+
+In the following example, we start with the table name **ProcessCreationEvents** and add piped elements as needed.
+
+
+
+First, we define a time filter to review only records from the previous seven days.
+
+We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
+
+Afterwards, we add a filter on the _ProcessCommandLine_
+Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
+
+### Use operators
+The query language is very powerful and has a lot of available operators, some of them are -
+
+- **where** - Filter a table to the subset of rows that satisfy a predicate.
+- **summarize** - Produce a table that aggregates the content of the input table.
+- **join** - Merge the rows of two tables to form a new table by matching values of the specified column(s) from each table.
+- **count** - Return the number of records in the input record set.
+- **top** - Return the first N records sorted by the specified columns.
+- **limit** - Return up to the specified number of rows.
+- **project** - Select the columns to include, rename or drop, and insert new computed columns.
+- **extend** - Create calculated columns and append them to the result set.
+- **makeset** - Return a dynamic (JSON) array of the set of distinct values that Expr takes in the group
+- **find** - Find rows that match a predicate across a set of tables.
+
+To see a live example of these operators, run them as part of the **Get started** section.
+
+## Access query language documentation
+
+For more information on the query language and supported operators, see [Query Language](https://docs.loganalytics.io/docs/Language-Reference/).
+
+## Use exposed tables in Advanced hunting
+
+The following tables are exposed as part of Advanced hunting:
+
+- **AlertEvents** - Stores alerts related information
+- **MachineInfo** - Stores machines properties
+- **ProcessCreationEvents** - Stores process creation events
+- **NetworkCommunicationEvents** - Stores network communication events
+- **FileCreationEvents** - Stores file creation, modification, and rename events
+- **RegistryEvents** - Stores registry key creation, modification, rename and deletion events
+- **LogonEvents** - Stores login events
+- **ImageLoadEvents** - Stores load dll events
+- **MiscEvents** - Stores several types of events, including Windows Defender blocks (Windows Defender Antivirus, Exploit Guard, Windows Defender SmartScreen, Windows Defender Application Guard, and Firewall), process injection events, access to LSASS processes, and others.
+
+These tables include data from the last 30 days.
+
+## Use shared queries
+Shared queries are prepopulated queries that give you a starting point on running queries on your organization's data. It includes a couple of examples that help demonstrate the query language capabilities.
+
+
+
+You can save, edit, update, or delete queries.
+
+### Save a query
+You can create or modify a query and save it as your own query or share it with users who are in the same tenant.
+
+1. Create or modify a query.
+
+2. Click the **Save query** drop-down button and select **Save as**.
+
+3. Enter a name for the query.
+
+ 
+
+4. Select the folder where you'd like to save the query.
+ - Shared queries - Allows other users in the tenant to access the query
+ - My query - Accessible only to the user who saved the query
+
+5. Click **Save**.
+
+### Update a query
+These steps guide you on modifying and overwriting an existing query.
+
+1. Edit an existing query.
+
+2. Click the **Save**.
+
+### Delete a query
+1. Right-click on a query you want to delete.
+
+ 
+
+2. Select **Delete** and confirm that you want to delete the query.
+
+## Result set capabilities in Advanced hunting
+
+The result set has several capabilities to provide you with effective investigation, including:
+
+- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal.
+- You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set.
+
+
+
+## Filter results in Advanced hunting
+In Advanced hunting, you can use the advanced filter on the output result set of the query.
+The filters provide an overview of the result set where
+each column has it's own section and shows the distinct values that appear in the column and their prevalence.
+
+You can refine your query based on the filter by clicking the "+" or "-" buttons on the values that you want to include or exclude and click **Run query**.
+
+
+
+The filter selections will resolve as an additional query term and the results will be updated accordingly.
+
+
+
+## Public Advanced Hunting query GitHub repository
+Check out the [Advanced Hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers.
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
+
+## Related topic
+- [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+- [Advanced hunting query language best practices](/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index 489d6db5d4..26eef896ca 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
---
# View and organize the Windows Defender Advanced Threat Protection Alerts queue
@@ -23,11 +23,11 @@ ms.date: 03/12/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink)
-The **Alerts queue** shows a list of alerts that were flagged from endpoints in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on.
+The **Alerts queue** shows a list of alerts that were flagged from machines in your network. Alerts are displayed in queues according to their current status. In each queue, you'll see details such as the severity of alerts and the number of machines the alerts were raised on.
Alerts are organized in queues by their workflow status or assignment:
@@ -35,14 +35,13 @@ Alerts are organized in queues by their workflow status or assignment:
- **In progress**
- **Resolved**
- **Assigned to me**
-- **Suppression rules**
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
> [!NOTE]
> By default, alerts in the queues are sorted from newest to oldest.
-
+
## Sort, filter, and group the alerts list
You can sort and filter the alerts using the available filters or clicking on a column's header that will sort the view in ascending or descending order.
@@ -64,12 +63,11 @@ You can sort and filter the alerts using the available filters or clicking on a
Alert severity | Description
:---|:---
-High (Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on endpoints.
+High (Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines.
Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
Informational (Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
-Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
#### Understanding alert severity
It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Windows Defender ATP alert severities are different because they represent different scopes.
@@ -92,7 +90,8 @@ So, for example:
- Others
>[!NOTE]
->The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender Antivirus as the default real-time protection antimalware product.
+>The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product.
+
### View
- **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
@@ -100,6 +99,22 @@ So, for example:
The grouped view allows for efficient alert triage and management.
+## Alert queue columns
+You can click on the first column to open up the **Alert management pane**. You can also select view the machine and user panes by selecting the icons beside the links.
+
+Alerts are listed with the following columns:
+
+- **Title** - Displays a brief description of the alert and its category.
+- **Machine and user** - Displays the machine name and user associated with the alert. You view the machine or user details pane or pivot the actual details page.
+- **Severity** - Displays the severity of the alert. Possible values are informational, low, medium, or high.
+- **Last activity** - Date and time for when the last action was taken on the alert.
+- **Time in queue** - Length of time the alert has been in the alerts queue.
+- **Detection source** - Displays the detection source of the alert.
+- **Status** - Current status of the alert. Possible values include new, in progress, or resolved.
+- **Investigation state** - Reflects the number of related investigations and it's current state.
+- **Assigned to** - Displays who is addressing the alert.
+- **Manage icon** - You can click on the icon to bring up the alert management pane where you can manage and see details about the alert.
+
### Use the Alert management pane
Selecting an alert brings up the **Alert management** pane where you can manage and see details about the alert.
@@ -134,14 +149,11 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
index ac64b927c8..4b947eec35 100644
--- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Assign user access to the Windows Defender ATP portal
@@ -24,18 +24,33 @@ ms.date: 10/16/2017
- Office 365
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
-Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). Use the following methods to assign security roles.
+Windows Defender ATP supports two ways to manage permissions:
-## Assign user access using Azure PowerShell
+- **Basic permissions management**: Set permissions to either full access or read-only.
+- **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+> [!NOTE]
+>If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
+
+>- Users with full access (Security Administrators) are automatically assigned the default **Global administrator** role, which also has full access. Only global administrators can manage permissions using RBAC.
+>- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
+>- After switching to RBAC, you will not be able to switch back to using basic permissions management.
+
+## Use basic permissions management
+Refer to the instructions below to use basic permissions management. You can use either Azure PowerShell or the Azure Portal.
+
+For granular control over permissions, [switch to role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+### Assign user access using Azure PowerShell
You can assign users with one of the following levels of permissions:
- Full access (Read and Write)
-- Read only access
+- Read-only access
-### Before you begin
+#### Before you begin
- Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).
> [!NOTE]
@@ -43,8 +58,6 @@ You can assign users with one of the following levels of permissions:
- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
-
-
**Full access**
Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
@@ -67,7 +80,7 @@ Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader
For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
-## Assign user access using the Azure portal
+### Assign user access using the Azure portal
1. Go to the [Azure portal](https://portal.azure.com).
@@ -86,4 +99,8 @@ For more information see, [Manage Azure AD group and role membership](https://te
+
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portalaccess-belowfoldlink)
+
+## Related topic
+- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..b0954a8441
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,63 @@
+---
+title: Experience Windows Defender ATP through simulated attacks
+description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches.
+keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: lomayor
+author: lomayor
+ms.localizationpriority: high
+ms.date: 28/02/2018
+---
+
+# Experience Windows Defender ATP through simulated attacks
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
+
+You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
+
+## Before you begin
+
+To run any of the provided simulations, you need at least [one onboarded machine](onboard-configure-windows-defender-advanced-threat-protection.md).
+
+Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario.
+
+## Run a simulation
+
+1. In **Help** > **Simulations & tutorials**, select which of the available attack scenarios you would like to simulate:
+
+ - **Scenario 1: Document drops backdoor** - simulates delivery of a socially engineered lure document. The document launches a specially crafted backdoor that gives attackers control.
+
+ - **Scenario 2: PowerShell script in fileless attack** - simulates a fileless attack that relies on PowerShell, showcasing attack surface reduction and machine learning detection of malicious memory activity.
+
+ - **Scenario 3: Automated incident response** - triggers Automated investigation, which automatically hunts for and remediates breach artifacts to scale your incident response capacity.
+
+2. Download and read the corresponding walkthrough document provided with your selected scenario.
+
+3. Download the simulation file or copy the simulation script by navigating to **Help** > **Simulations & tutorials**. You can choose to download the file or script on the test machine but it's not mandatory.
+
+4. Run the simulation file or script on the test machine as instructed in the walkthrough document.
+
+>[!NOTE]
+>Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine.
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
+
+
+## Related topics
+- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..6046993dba
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,266 @@
+---
+title: Use Automated investigations to investigate and remediate threats
+description: View the list of automated investigations, its status, detection source and other details.
+keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Use Automated investigations to investigate and remediate threats
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
+
+The Windows Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
+
+
+To address this challenge, Windows Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
+
+The Automated investigations list shows all the investigations that have been initiated automatically and shows other details such as its status, detection source, and the date for when the investigation was initiated.
+
+## Understand the Automated investigation flow
+### How the Automated investigation starts
+Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) an Automated investigation starts.
+
+The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
+
+### Details of an Automated investigation
+As the investigation proceeds, you'll be able to view the details of the investigation. Selecting a triggering alert brings you to the investigation details view where you can pivot from the **Investigation graph**, **Alerts**, **Machines**, **Threats**, **Entities**, and **Log** tabs.
+
+In the **Alerts** tab, you'll see the alert that started the investigation.
+
+The **Machines** tab shows where the alert was seen.
+
+The **Threats** tab shows the entities that were found to be malicious during the investigation.
+
+During an Automated investigation, details about each analyzed entity is categorized in the **Entities** tab. You'll be able to see the determination for each entity type, such as whether it was determined to be malicious, suspicious, or clean.
+
+The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert.
+
+If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions.
+
+### How an Automated investigation expands its scope
+
+While an investigation is running, any other alert generated from the machine will be added to an ongoing Automated investigation until that investigation is completed. In addition, if the same threat is seen on other machines, those machines are added to the investigation.
+
+If an incriminated entity is seen in another machine, the Automated investigation will expand the investigation to include that machine and a generic machine playbook will start on that machine. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+
+### How threats are remediated
+Depending on how you set up the machine groups and their level of automation, the Automated investigation will either automaticlly remediate threats or require user approval (this is the default). For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+
+The default machine group is configured for semi-automatic remediation. This means that any malicious entity that needs to be remediated requires an approval and the investigation is added to the **Pending actions** section, this can be changed to fully automatic so that no user approval is needed.
+
+When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
+
+### How an Automated investigation is completed
+When the Automated investigation completes its analysis, and all pending actions are resolved, an investigation is considered complete. It's important to understand that an investigation is only considered complete if there are no pending actions on it.
+
+
+## Manage Automated investigations
+By default, the Automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range.
+
+>[!NOTE]
+>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation.
+
+Use the **Customize columns** drop-down menu to select columns that you'd like to show or hide.
+
+From this view, you can also download the entire list in CSV format using the **Export** button, specify the number of items to show per page, and navigate between pages. You also have the flexibility to filter the list based on your preferred criteria.
+
+
+
+
+**Filters**
+You can use the following operations to customize the list of Automated investigations displayed:
+
+
+**Triggering alert**
+The alert the initiated the Automated investigation.
+
+**Status**
+An Automated investigation can be in one of the following status:
+
+Status | Description
+:---|:---
+| No threats found | No malicious entities found during the investigation.
+| Failed | A problem has interrupted the investigation, preventing it from completing. |
+| Partially remediated | A problem prevented the remediation of some malicious entities. |
+| Action required | Remediation actions require review and approval. |
+| Waiting for machine | Investigation paused. The investigation will resume as soon as the machine is available. |
+| Queued | Investigation has been queued and will resume as soon as other remediation activities are completed. |
+| Running | Investigation ongoing. Malicious entities found will be remediated. |
+| Remediated | Malicious entities found were successfully remediated. |
+| Terminated by system | Investigation was stopped due to . |
+| Terminated by user | A user stopped the investigation before it could complete. |
+| Not applicable | Automated investigations do not apply to this alert type. |
+| Partially investigated | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
+| Automated investigation not applicable to alert type | Automated investigation does not apply to this alert type. |
+| Automated investigation does not support OS | Machine is running an OS that is not supported by Automated investigation. |
+| Automated investigation unavailable for preexisting alert | Automated investigation does not apply to alerts that were generated before it was deployed. |
+| Automated investigation unavailable for suppressed alert | Automated investigation does not apply to suppressed alerts. |
+
+
+**Detection source**
+Source of the alert that initiated the Automated investigation.
+
+**Threat**
+The category of threat detected during the Automated investigation.
+
+
+**Tags**
+Filter using manually added tags that capture the context of an Automated investigation.
+
+**Machines**
+You can filter the Automated investigations list to zone in a specific machine to see other investigations related to the machine.
+
+**Machine groups**
+Apply this filter to see specific machine groups that you might have created.
+
+**Comments**
+Select between filtering the list between Automated investigations that have comments and those that don't.
+
+## Analyze Automated investigations
+You can view the details of an Automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
+
+In this view, you'll see the name of the investigation, when it started and ended.
+
+
+
+The progress ring shows two status indicators:
+- Orange ring - shows the pending portion of the investigation
+- Green ring - shows the running time portion of the investigation
+
+
+
+In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds.
+
+The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval.
+
+From this view, you can also view and add comments and tags about the investigation.
+
+### Investigation page
+The investigation page gives you a quick summary on the status, alert severity, category, and detection source.
+
+You'll also have access to the following sections that help you see details of the investigation with finer granularity:
+
+- Investigation graph
+- Alerts
+- Machines
+- Threats
+- Entities
+- Log
+- Pending actions
+
+ >[!NOTE]
+ >The Pending actions tab is only displayed if there are actual pending actions.
+
+- Pending actions history
+
+ >[!NOTE]
+ >The Pending actions history tab is only displayed when an investigation is complete.
+
+In any of the sections, you can customize columns to further expand to limit the details you see in a section.
+
+### Investigation graph
+The investigation graph provides a graphical representation of an Automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
+
+### Alerts
+Shows details such as a short description of the alert that initiated the Automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to.
+
+Additional alerts seen on a machine can be added to an Automated investigation as long as the investigation is ongoing.
+
+Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, Automated investigation details, related machine, logged-on users, and comments and history.
+
+Clicking on an alert title brings you the alert page.
+
+### Machines
+Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
+
+Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
+
+Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
+
+Clicking on an machine name brings you the machine page.
+
+### Threats
+Shows details related to threats associated with this investigation.
+
+### Entities
+Shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
+
+### Log
+Gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
+
+As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
+
+Available filters include action type, action, status, machine name, and description.
+
+You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data.
+
+### Pending actions history
+This tab is only displayed when an investigation is complete and shows all pending actions taken during the investigation.
+
+
+## Pending actions
+If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image.
+
+
+
+When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
+
+
+The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
+
+
+
+Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
+
+From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
+
+Pending actions are grouped together in the following tabs:
+- Quarantine file
+- Remove persistence
+- Stop process
+- Expand pivot
+- Quarantine service
+
+>[!NOTE]
+>The tab will only appear if there are pending actions for that category.
+
+### Approve or reject an action
+You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
+
+
+
+
+Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
+
+
+
+From the panel, you can click on the Open investigation page link to see the investigation details.
+
+You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
+
+
+
+## Related topic
+- [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
index a18a381387..6a933ada64 100644
--- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Check sensor health state in Windows Defender ATP
@@ -27,7 +27,7 @@ ms.date: 10/16/2017
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
-The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
+The sensor health tile provides information on the individual machine’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues.
diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
index 17cd076296..f56d8e3bae 100644
--- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/17/2018
---
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index c9a8873e08..668943dd4d 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,7 @@ Configuring the HP ArcSight Connector tool requires several configuration files
This section guides you in getting the necessary information to set and use the required configuration files correctly.
-- Make sure you have enabled the SIEM integration feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
- Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
- OAuth 2.0 Token refresh URL
@@ -105,7 +105,7 @@ The following steps assume that you have completed all the required steps in [Be
Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.
Refresh Token
-
You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM integration preferences setup** page or using the restutil tool.
For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). **Get your refresh token using the restutil tool:** a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the **Refresh Token** field.
+
You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.
For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). **Get your refresh token using the restutil tool:** a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the **Refresh Token** field.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 9f0f626310..6559e3e082 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Configure email notifications in Windows Defender ATP
+title: Configure alert notifications in Windows Defender ATP
description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
search.product: eADQiWindows 10XVcnh
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Configure email notifications in Windows Defender ATP
+# Configure alert notifications in Windows Defender ATP
**Applies to:**
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
@@ -38,29 +38,44 @@ You can also add or remove recipients of the email notification. New recipients
The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
-## Set up email notifications for alerts
-The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
+## Create rules for alert notifications
+You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
-1. On the navigation pane, select **Preferences setup** > **Email Notifications**.
-2. Toggle the setting between **On** and **Off**.
-3. Select the alert severity level that you’d like your recipients to receive:
- - **High** – Select this level to send notifications for high-severity alerts.
- - **Medium** – Select this level to send notifications for medium-severity alerts.
- - **Low** - Select this level to send notifications for low-severity alerts.
- - **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
-4. In **Email recipients to notify on new alerts**, type the email address then select the + sign.
-5. Click **Save preferences** when you’ve completed adding all the recipients.
-Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
+1. In the navigation pane, select **Settings** > **General** > **Alert notifications**.
+
+2. Click **Add notification rule**.
+
+3. Specify the General information:
+ - **Rule name**
+ - **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+ - **Alert severity** - Choose the alert severity level
+
+4. Click **Next**.
+
+5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
+
+6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
+
+7. Click **Save notification rule**.
Here's an example email notification:
-## Remove email recipients
+## Edit a notification rule
+1. Select the notification rule you'd like to edit.
-1. Select the trash bin icon beside the email address you’d like to remove.
-2. Click **Save preferences**.
+2. Update the General and Recipient tab information.
+
+3. CLick **Save notification rule**.
+
+
+## Delete notification rule
+
+1. Select the notification rule you'd like to delete.
+
+2. Click **Delete**.
## Troubleshoot email notifications for alerts
This section lists various issues that you may encounter when using email notifications for alerts.
@@ -74,9 +89,7 @@ This section lists various issues that you may encounter when using email notifi
3. Check your email application rules that might be catching and moving your Windows Defender ATP email notifications.
## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 05863a21ee..20a25e6d96 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP endpoints using Group Policy
-description: Use Group Policy to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using group policy, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, group policy
+title: Onboard Windows 10 machines using Group Policy to Windows Defender ATP
+description: Use Group Policy to deploy the configuration package on Windows 10 machines so that they are onboarded to the service.
+keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, group policy
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
---
-# Configure endpoints using Group Policy
+# Onboard Windows 10 machines using Group Policy
**Applies to:**
@@ -25,7 +25,7 @@ ms.date: 11/06/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
@@ -33,14 +33,18 @@ ms.date: 11/06/2017
> [!NOTE]
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
-## Onboard endpoints
-1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+## Onboard machines using Group Policy
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ b. Select Windows 10 as the operating system.
+
+ c. In the **Deployment method** field, select **Group policy**.
+
+ d. Click **Download package** and save the .zip file.
- b. Select **Group Policy**, click **Download package** and save the .zip file.
-
-2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
@@ -57,10 +61,10 @@ ms.date: 11/06/2017
9. Click **OK** and close any open GPMC windows.
>[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
## Additional Windows Defender ATP configuration settings
-For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
@@ -80,7 +84,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
5. Click **Windows components** and then **Windows Defender ATP**.
-6. Choose to enable or disable sample sharing from your endpoints.
+6. Choose to enable or disable sample sharing from your machines.
>[!NOTE]
> If you don't set a value, the default value is to enable sample collection.
@@ -93,7 +97,7 @@ In cases where high-value assets or machines are at high risk, you can configure
> [!NOTE]
> Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.
-For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
+For each machine, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
The configuration is set through the following registry key entry:
@@ -105,26 +109,28 @@ Value: Normal or Expedite
Where:
Key type is a string.
Possible values are:
-- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance
-- Expedite - sets reporting frequency from the endpoint to Expedite mode
+- Normal - sets reporting frequency from the machine to Normal mode for the optimal speed and performance balance
+- Expedite - sets reporting frequency from the machine to Expedite mode
The default value in case the registry key doesn’t exist is Normal.
-### Offboard endpoints
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard machines using Group Policy
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
> [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
- b. Click the **Endpoint offboarding** section.
+ b. Select Windows 10 as the operating system.
+
+ c. In the **Deployment method** field, select **Group policy**.
- c. Select **Group Policy**, click **Download package** and save the .zip file.
+ d. Click **Download package** and save the .zip file.
-2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machine. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
@@ -144,22 +150,22 @@ For security reasons, the package used to offboard endpoints will expire 30 days
> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
-## Monitor endpoint configuration
-With Group Policy there isn’t an option to monitor deployment of policies on the endpoints. Monitoring can be done directly on the portal, or by using the different deployment tools.
+## Monitor machine configuration
+With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
-## Monitor endpoints using the portal
+## Monitor machines using the portal
1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
2. Click **Machines list**.
-3. Verify that endpoints are appearing.
+3. Verify that machines are appearing.
> [!NOTE]
-> It can take several days for endpoints to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
+> It can take several days for machines to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the machine, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
## Related topics
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machines](run-detection-test-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 0ced4ceb82..fc37a29fbc 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure endpoints using Mobile Device Management tools
-description: Use Mobile Device Management tools to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using mdm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, mdm
+title: Onboard Windows 10 machines using Mobile Device Management tools
+description: Use Mobile Device Management tools to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, mdm
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
---
-# Configure endpoints using Mobile Device Management tools
+# Onboard Windows 10 machines using Mobile Device Management tools
**Applies to:**
@@ -23,11 +23,9 @@ ms.date: 11/06/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
-You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints.
+You can use mobile device management (MDM) solutions to configure machines. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines.
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
@@ -36,20 +34,21 @@ If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwi
For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune).
-## Configure endpoints using Microsoft Intune
+## Onboard machines using Microsoft Intune
For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
-
### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
- b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+ b. Select Windows 10 as the operating system.
- 
+ c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+
+ d. Click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
@@ -103,16 +102,17 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
-
-### Onboard and monitor endpoints using the classic Intune console
+### Onboard and monitor machines using the classic Intune console
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
- b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+ b. Select Windows 10 as the operating system.
- 
+ c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+
+ d. Click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
@@ -155,9 +155,9 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
-When the policy is deployed and is propagated, endpoints will be shown in the **Machines list**.
+When the policy is deployed and is propagated, machines will be shown in the **Machines list**.
-You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
+You can use the following onboarding policies to deploy configuration settings on machines. These policies can be sub-categorized to:
- Onboarding
- Health Status for onboarded machines
- Configuration for onboarded machines
@@ -179,31 +179,29 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
>[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that a machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
-
-
-
-### Offboard and monitor endpoints
-
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard and monitor machines using Mobile Device Management tools
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
> [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
- b. Click the **Endpoint offboarding** section.
+ b. Select Windows 10 as the operating system.
- c. Select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
+ c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+
+ d. Click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
-Offboarding - Use the offboarding policies to remove configuration settings on endpoints. These policies can be sub-categorized to:
+Offboarding - Use the offboarding policies to remove configuration settings on machines. These policies can be sub-categorized to:
- Offboarding
- Health Status for offboarded machines
- Configuration for offboarded machines
@@ -221,9 +219,9 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W
> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index f98fcf98cf..60fdf52cf6 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure non-Windows endpoints in Windows Defender ATP
-description: Configure non-Winodws endpoints so that they can send sensor data to the Windows Defender ATP service.
-keywords: configure endpoints non-Windows endpoints, macos, linux, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard non-Windows machines to the Windows Defender ATP service
+description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
+keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -9,10 +9,10 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 12/12/2017
+ms.date: 04/17/2018
---
-# Configure non-Windows endpoints
+# Onboard non-Windows machines
**Applies to:**
@@ -28,20 +28,21 @@ Windows Defender ATP provides a centralized security operations experience for W
You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work.
-## Onboard non-Windows endpoints
-You'll need to take the following steps to oboard non-Windows endpoints:
+You'll need to take the following steps to onboard non-Windows machines:
1. Turn on third-party integration
2. Run a detection test
### Turn on third-party integration
-1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**. Make sure the third-party solution is listed.
-2. Toggle the third-party provider switch button to turn on the third-party solution integration.
+2. Select Mac and Linux as the operating system.
-3. Click **Generate access token** button and then **Copy**.
+3. Turn on the third-party solution integration.
-4. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution.
+4. Click **Generate access token** button and then **Copy**.
+
+5. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution.
>[!WARNING]
@@ -52,21 +53,21 @@ Create an EICAR test file by saving the string displayed on the portal in an emp
The file should trigger a detection and a corresponding alert on Windows Defender ATP.
-### Offboard non-Windows endpoints
-To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
+## Offboard non-Windows machines
+To effectively offboard the machine from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
1. Follow the third-party documentation to opt-out on the third-party service side.
-2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
+2. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints.
+3. Turn off the third-party solution integration.
>[!WARNING]
->If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints.
+>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on machines.
## Related topics
-- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index de4aa4ddca..1da2299153 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure endpoints using System Center Configuration Manager
-description: Use System Center Configuration Manager to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using sccm, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm
+title: Onboard Windows 10 machines using System Center Configuration Manager
+description: Use System Center Configuration Manager to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines, sccm
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
---
-# Configure endpoints using System Center Configuration Manager
+# Onboard Windows 10 machines using System Center Configuration Manager
**Applies to:**
@@ -24,33 +24,38 @@ ms.date: 11/06/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- System Center 2012 Configuration Manager or later versions
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
-## Configure endpoints using System Center Configuration Manager (current branch) version 1606
-System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
+## Onboard Windows 10 machines using System Center Configuration Manager (current branch) version 1606
+System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on machines. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
>[!NOTE]
> If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version.
-## Configure endpoints using System Center Configuration Manager earlier versions
-You can use existing System Center Configuration Manager functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:
+## Onboard Windows 10 machines using System Center Configuration Manager earlier versions
+You can use existing System Center Configuration Manager functionality to create a policy to configure your machines. This is supported in the following System Center Configuration Manager versions:
- System Center 2012 Configuration Manager
- System Center 2012 R2 Configuration Manager
- System Center Configuration Manager (current branch), version 1511
- System Center Configuration Manager (current branch), version 1602
-### Onboard endpoints
+### Onboard machines using System Center Configuration Manager
+
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+ b. Select Windows 10 as the operating system.
- b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+ c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+
+ d. Click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
@@ -62,12 +67,12 @@ You can use existing System Center Configuration Manager functionality to create
> Windows Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
>[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
### Configure sample collection settings
-For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
-You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on an endpoint.
+You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
The configuration is set through the following registry key entry:
@@ -80,8 +85,8 @@ Value: 0 or 1
Where:
Key type is a D-WORD.
Possible values are:
-- 0 - doesn't allow sample sharing from this endpoint
-- 1 - allows sharing of all file types from this endpoint
+- 0 - doesn't allow sample sharing from this machine
+- 1 - allows sharing of all file types from this machine
The default value in case the registry key doesn’t exist is 1.
@@ -95,7 +100,7 @@ In cases where high-value assets or machines are at high risk, you can configure
> [!NOTE]
> Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.
-For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
+For each machine, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal.
The configuration is set through the following registry key entry:
@@ -107,26 +112,28 @@ Value: Normal or Expedite
Where:
Key type is a string.
Possible values are:
-- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance
-- Expedite - sets reporting frequency from the endpoint to Expedite mode
+- Normal - sets reporting frequency from the machine to Normal mode for the optimal speed and performance balance
+- Expedite - sets reporting frequency from the machine to Expedite mode
The default value in case the registry key doesn’t exist is Normal.
-### Offboard endpoints
+## Offboard machines using System Center Configuration Manager
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
> [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
- b. Click the **Endpoint offboarding** section.
+ b. Select Windows 10 as the operating system.
- c. Select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+ c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+
+ d. Click **Download package**, and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
@@ -138,12 +145,12 @@ For security reasons, the package used to offboard endpoints will expire 30 days
> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
-### Monitor endpoint configuration
+### Monitor machine configuration
Monitoring with SCCM consists of two parts:
-1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the endpoints in your network.
+1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the machines in your network.
-2. Checking that the endpoints are compliant with the Windows Defender ATP service (this ensures the endpoint can complete the onboarding process and can continue to report data to the service).
+2. Checking that the machines are compliant with the Windows Defender ATP service (this ensures the machine can complete the onboarding process and can continue to report data to the service).
**To confirm the configuration package has been correctly deployed:**
@@ -155,11 +162,11 @@ Monitoring with SCCM consists of two parts:
4. Review the status indicators under **Completion Statistics** and **Content Status**.
-If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the endpoints. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+If there are failed deployments (machines with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the machines. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
-**Check that the endpoints are compliant with the Windows Defender ATP service:**
+**Check that the machines are compliant with the Windows Defender ATP service:**
You can set a compliance rule for configuration item in System Center Configuration Manager to monitor your deployment.
This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted machines.
@@ -173,9 +180,9 @@ Value: “1”
For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index f1219c9897..51910b2668 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP endpoints using a local script
-description: Use a local script to deploy the configuration package on endpoints so that they are onboarded to the service.
-keywords: configure endpoints using a local script, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard Windows 10 machines using a local script
+description: Use a local script to deploy the configuration package on machines so that they are onboarded to the service.
+keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/17/2018
---
-# Configure endpoints using a local script
+# Onboard Windows 10 machines using a local script
**Applies to:**
@@ -23,26 +23,31 @@ ms.date: 11/06/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
-You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
+You can also manually onboard individual machines to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network.
> [!NOTE]
-> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
-## Onboard endpoints
+## Onboard machines
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
- b. Select **Local Script**, click **Download package** and save the .zip file.
+ b. Select Windows 10 as the operating system.
+ c. In the **Deployment method** field, select **Local Script**.
-2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
+ d. Click **Download package** and save the .zip file.
-3. Open an elevated command-line prompt on the endpoint and run the script:
+
+2. Extract the contents of the configuration package to a location on the machine you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
+
+3. Open an elevated command-line prompt on the machine and run the script:
a. Go to **Start** and type **cmd**.
@@ -54,16 +59,16 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
5. Press the **Enter** key or click **OK**.
-For information on how you can manually validate that the endpoint is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+For information on how you can manually validate that the machine is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
>[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
## Configure sample collection settings
-For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
-You can manually configure the sample sharing setting on the endpoint by using *regedit* or creating and running a *.reg* file.
+You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.
The configuration is set through the following registry key entry:
@@ -75,29 +80,31 @@ Value: 0 or 1
Where:
Name type is a D-WORD.
Possible values are:
-- 0 - doesn't allow sample sharing from this endpoint
-- 1 - allows sharing of all file types from this endpoint
+- 0 - doesn't allow sample sharing from this machine
+- 1 - allows sharing of all file types from this machine
The default value in case the registry key doesn’t exist is 1.
-## Offboard endpoints
-For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+## Offboard machines using a local script
+For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
> [!NOTE]
-> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Offboarding**.
- b. Click the **Endpoint offboarding** section.
+ b. Select Windows 10 as the operating system.
- c. Select **Group Policy**, click **Download package** and save the .zip file.
+ c. In the **Deployment method** field, select **Local Script**.
-2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+ d. Click **Download package** and save the .zip file.
-3. Open an elevated command-line prompt on the endpoint and run the script:
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the machines. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
+
+3. Open an elevated command-line prompt on the machine and run the script:
a. Go to **Start** and type **cmd**.
@@ -113,23 +120,23 @@ For security reasons, the package used to offboard endpoints will expire 30 days
> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months.
-## Monitor endpoint configuration
+## Monitor machine configuration
You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running.
Monitoring can also be done directly on the portal, or by using the different deployment tools.
-### Monitor endpoints using the portal
+### Monitor machines using the portal
1. Go to the Windows Defender ATP portal.
2. Click **Machines list**.
-3. Verify that endpoints are appearing.
+3. Verify that machines are appearing.
## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
index 06efff80c7..477529fa7d 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure non-persistent virtual desktop infrastructure (VDI) machines
+title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
-keywords: configure virtual desktop infrastructure (VDI) machine, vdi, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,15 +10,15 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Configure non-persistent virtual desktop infrastructure (VDI) machines
+# Onboard non-persistent virtual desktop infrastructure (VDI) machines
**Applies to:**
- Virtual desktop infrastructure (VDI) machines
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
@@ -40,9 +40,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
- b. Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
+ b. Select Windows 10 as the operating system.
+
+ c. In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
+
+ d. Click **Download package** and save the .zip file.
2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
@@ -67,9 +71,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
6. Test your solution:
a. Create a pool with one machine.
+
b. Logon to machine.
+
c. Logoff from machine.
+
d. Logon to machine with another user.
+
e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.
**For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
@@ -78,10 +86,10 @@ You can onboard VDI machines using a single entry or multiple entries for each m
8. Use the search function by entering the machine name and select **Machine** as search type.
## Related topics
-- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
index 4afc560682..e6d78d4bb0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP client endpoints
-description: Configure client endpoints so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: configure client endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+title: Onboard Windows 10 machines on Windows Defender ATP
+description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor
+keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Configure Windows Defender ATP client endpoints
+# Onboard Windows 10 machines
**Applies to:**
@@ -23,9 +23,9 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
-
-Endpoints in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
+Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
Windows Defender ATP supports the following deployment tools and methods:
@@ -37,11 +37,11 @@ Windows Defender ATP supports the following deployment tools and methods:
## In this section
Topic | Description
:---|:---
-[Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on endpoints.
-[Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on endpoints.
-[Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on endpoints.
-[Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
-[Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
+[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) | Use Group Policy to deploy the configuration package on machines.
+[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
+[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
+[Onboard Windows 10 machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) | Learn how to use the local script to deploy the configuration package on endpoints.
+[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) | Learn how to use the configuration package to configure VDI machines.
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index cd4942e214..ac747f99f5 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Configure endpoint proxy and Internet connection settings
+title: Configure machine proxy and Internet connection settings
description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
search.product: eADQiWindows 10XVcnh
@@ -14,7 +14,7 @@ ms.date: 10/16/2017
---
-# Configure endpoint proxy and Internet connectivity settings
+# Configure machine proxy and Internet connectivity settings
**Applies to:**
@@ -39,7 +39,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
- Web Proxy Auto-discovery Protocol (WPAD)
> [!NOTE]
-> If you're using Transparent proxy or WPAD in your network topology, you don't need special endpoint configuration settings. For more information on Windows Defender ATP URL exclusions in the proxy, see [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
+> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Windows Defender ATP URL exclusions in the proxy, see [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
- Manual static proxy configuration:
@@ -99,7 +99,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Windows Defender ATP sensor is running on.
-2. Extract the contents of WDATPConnectivityAnalyzer on the endpoint.
+2. Extract the contents of WDATPConnectivityAnalyzer on the machine.
3. Open an elevated command-line:
@@ -135,5 +135,5 @@ If at least one of the connectivity options returns a (200) status, then the Win
However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
## Related topics
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 551c97fea5..c55f7851c0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP server endpoints
-description: Configure server endpoints so that they can send sensor data to the Windows Defender ATP sensor.
-keywords: configure server endpoints, server, server onboarding, endpoint management, configure Windows ATP server endpoints, configure Windows Defender Advanced Threat Protection server endpoints
+title: Onboard servers to the Windows Defender ATP service
+description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
+keywords: onboard server, server, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -9,15 +9,16 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 04/04/2018
+ms.date: 04/17/2018
---
-# Configure Windows Defender ATP server endpoints
+# Onboard servers to the Windows Defender ATP service
**Applies to:**
- Windows Server 2012 R2
- Windows Server 2016
+- Windows Server, version 1803
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
@@ -29,8 +30,9 @@ Windows Defender ATP extends support to also include the Windows Server operatin
Windows Defender ATP supports the onboarding of the following servers:
- Windows Server 2012 R2
- Windows Server 2016
+- Windows Server, version 1803
-## Onboard server endpoints
+## Onboard Windows Server 2012 R2 and Windows Server 2016
To onboard your servers to Windows Defender ATP, you’ll need to:
@@ -38,16 +40,16 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
>[!TIP]
-> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
### Turn on Server monitoring from the Windows Defender Security Center portal
-1. In the navigation pane, select **Endpoint management** > **Servers**.
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
-
- 
+2. Select Windows server 2012, 2012R2 and 2016 as the operating system.
+
+3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
@@ -64,7 +66,8 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
Once completed, you should see onboarded servers in the portal within an hour.
-### Configure server endpoint proxy and Internet connectivity settings
+### Configure server proxy and Internet connectivity settings
+
- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway).
- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
@@ -79,21 +82,43 @@ Once completed, you should see onboarded servers in the portal within an hour.
| winatp-gw-neu.microsoft.com | 443 |
| winatp-gw-weu.microsoft.com | 443 |
+## Onboard Windows Server, version 1803
+You’ll be able to onboard in the same method available for Windows 10 client machines. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
-## Offboard server endpoints
+1. Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver).
+
+2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
+
+3. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
+
+ a. Set the following registry entry:
+ - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
+ - Name: ForceDefenderPassiveMode
+ - Value: 1
+
+ b. Run the following PowerShell command to verify that the passive mode was configured:
+ ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
+
+ c. Confirm that a recent event containing the passive mode event is found:
+ 
+
+4. Run the following command to check if Windows Defender AV is installed:
+ ```sc query Windefend```
+
+ If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
+
+## Offboard servers
You have two options to offboard servers from the service:
- Uninstall the MMA agent
- Remove the Windows Defender ATP workspace configuration
+>[!NOTE]
+>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
### Uninstall servers by uinstalling the MMA agent
To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Windows Defender ATP.
For more information, see [To disable an agent](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
->[!NOTE]
->Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
-
-
### Remove the Windows Defender ATP workspace configuration
To offboard the server, you can use either of the following methods:
@@ -110,11 +135,14 @@ To offboard the server, you can use either of the following methods:
#### Run a PowerShell command to remove the configuration
-1. Get your workspace ID by going to **Endpoint management** > **Servers**:
-
- 
+1. Get your Workspace ID:
+ a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-2. Open an elevated PowerShell and run the following command. Use the workspace ID you obtained and replacing `WorkspaceID`:
+ b. Select **Windows server 2012, 2012R2 and 2016** as the operating system and get your Workspace ID:
+
+ 
+
+2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
```
# Load agent scripting object
@@ -124,11 +152,10 @@ To offboard the server, you can use either of the following methods:
# Reload the configuration and apply changes
$AgentCfg.ReloadConfiguration()
```
-
## Related topics
-- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md)
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index e3847a41ad..f2ab846f15 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -23,11 +23,9 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
-## Pull alerts using supported security information and events management (SIEM) tools
+## Pull alerts using security information and events management (SIEM) tools
Windows Defender ATP supports (SIEM) tools to pull alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
@@ -56,7 +54,7 @@ For more information, see [Pull Windows Defender ATP alerts using REST API](pull
Topic | Description
:---|:---
-[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
+[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
[Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index ed2b034f45..be0b750935 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -32,7 +32,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
## Before you begin
- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk.
-- Make sure you have enabled the **SIEM integration** feature from the **Preferences setup** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
- OAuth 2 Token refresh URL
@@ -105,7 +105,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
Polling Interval
-
Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
+
Number of seconds that Splunk will ping the Windows Defender ATP machine. Accepted values are in seconds.
Set sourcetype
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
index 05d249bdc3..8af91533b7 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/27/2018
+ms.date: 04/17/2018
---
# Create custom alerts using the threat intelligence (TI) application program interface (API)
@@ -23,7 +23,7 @@ ms.date: 03/27/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink)
@@ -59,7 +59,7 @@ For this URL:
Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
## Request an access token from the token issuing endpoint
-Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Preferences settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
+Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Settings** page and click the **Generate Token** button. However, if you’d like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
For more information about the authorization flow, see [OAuth 2.0 authorization flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#oauth-20-authorization-flow).
diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2c31b1365d
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,46 @@
+---
+title: Update data retention settings for Windows Defender Advanced Threat Protection
+description: Update data retention settings by selecting between 30 days to 180 days.
+keywords: data, storage, settings, retention, update
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+# Update data retention settings for Windows Defender ATP
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
+
+During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update the data retention settings.
+
+1. In the navigation pane, select **Settings** > **General** > **Data rention**.
+
+2. Select the data retention duration from the drop-down list.
+
+ > [!NOTE]
+ > Other settings are not editable.
+
+3. Click **Save preferences**.
+
+
+## Related topics
+- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
index a650f8fe1f..e262cc5244 100644
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -27,7 +27,7 @@ This section covers some of the most frequently asked questions regarding privac
## What data does Windows Defender ATP collect?
-Microsoft will collect and store information from your configured endpoints in a database specific to the service for administration, tracking, and reporting purposes.
+Microsoft will collect and store information from your configured machines in a database specific to the service for administration, tracking, and reporting purposes.
Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version).
diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 4e082b67d2..09ed79f526 100644
--- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/28/2017
+ms.date: 04/17/2018
---
# Windows Defender Antivirus compatibility with Windows Defender ATP
@@ -33,12 +33,12 @@ The Windows Defender Advanced Threat Protection agent depends on Windows Defende
>[!IMPORTANT]
>Windows Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings.
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
-If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
+If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
-The Windows Defender Antivirus interface will be disabled, and users on the endpoint will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
+The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
For more information, see the [Windows Defender Antivirus and Windows Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
index def73c0599..4864c55ad8 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Enable the custom threat intelligence API in Windows Defender ATP
@@ -23,13 +23,13 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink)
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
-1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
+1. In the navigation pane, select **Settings** > **APIs** > **Threat intel**.
@@ -47,7 +47,7 @@ You’ll need to use the access token in the Authorization header when doing RES
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9e6c2f081b
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,46 @@
+---
+title: Enable Secure Score in Windows Defender ATP
+description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
+keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Enable Secure Score security controls
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
+
+ >[!NOTE]
+ >Changes might take up to a few hours to reflect on the dashboard.
+
+1. In the navigation pane, select **Settings** > **General** > **Secure Score**.
+
+ 
+
+2. Select the security control, then toggle the setting between **On** and **Off**.
+
+3. Click **Save preferences**.
+
+## Related topics
+- [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [Update data retention settings for Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
+- [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+- [Configure advanced features in Windows Defender ATP](/advanced-features-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index fc7325015e..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Enable Secure score security controls in Windows Defender ATP
-description: Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard.
-keywords: secure score, baseline, calculation, score, secure score dashboard, dashboard, windows defender antivirus, av, exploit guard, application guard, smartscreen
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 03/12/2018
----
-
-# Enable Secure score security controls
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
-Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
-
- >[!NOTE]
- >Changes might take up to a few hours to reflect on the dashboard.
-
-1. In the navigation pane, select **Preferences setup** > **Secure score**.
-
- 
-
-2. Select the security control, then toggle the setting between **On** and **Off**.
-
-3. Click **Save preferences**.
-
-## Related topics
-- [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
index c444afe13d..9b39935b31 100644
--- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
---
# Enable SIEM integration in Windows Defender ATP
@@ -29,9 +29,9 @@ ms.date: 11/21/2017
Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
-1. In the navigation pane, select **Preferences setup** > **SIEM integration**.
+1. In the navigation pane, select **Settings** > **APIs** > **SIEM**.
- 
+ 
2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
index 79a751c4a0..7dbc500f97 100644
--- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
---
-title: Review events and errors on endpoints with Event Viewer
+title: Review events and errors using Event Viewer
description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
search.product: eADQiWindows 10XVcnh
@@ -10,11 +10,11 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Review events and errors on endpoints with Event Viewer
+# Review events and errors using Event Viewer
**Applies to:**
@@ -25,14 +25,14 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
+You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual machines.
-You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
-
-For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
+For example, if machines are not appearing in the **Machines list**, you might need to look for event IDs on the machines. You can then use this table to determine further troubleshooting steps.
> [!NOTE]
-> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
+> It can take several days for machines to begin reporting to the Windows Defender ATP service.
**Open Event Viewer and find the Windows Defender ATP service event log:**
@@ -65,7 +65,7 @@ For example, if endpoints are not appearing in the **Machines list**, you might
2
Windows Defender Advanced Threat Protection service shutdown.
-
Occurs when the endpoint is shut down or offboarded.
+
Occurs when the machine is shut down or offboarded.
Normal operating notification; no action required.
@@ -91,17 +91,17 @@ The service could not contact the external processing servers at that URL.
6
Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.
-
The endpoint did not onboard correctly and will not be reporting to the portal.
+
The machine did not onboard correctly and will not be reporting to the portal.
Onboarding must be run before starting the service.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
7
Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.
-
Variable = detailed error description. The endpoint did not onboard correctly and will not be reporting to the portal.
+
Variable = detailed error description. The machine did not onboard correctly and will not be reporting to the portal.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
8
@@ -109,28 +109,28 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues.
**During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
**Onboarding:** No action required.
**Offboarding:** Reboot the system.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
9
Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.
-
**During onboarding:** The endpoint did not onboard correctly and will not be reporting to the portal.
**During offboarding:** Failed to change the service start type. The offboarding process continues.
+
**During onboarding:** The machine did not onboard correctly and will not be reporting to the portal.
**During offboarding:** Failed to change the service start type. The offboarding process continues.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
10
Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.
-
The endpoint did not onboard correctly and will not be reporting to the portal.
+
The machine did not onboard correctly and will not be reporting to the portal.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
11
Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed.
-
The endpoint onboarded correctly.
+
The machine onboarded correctly.
Normal operating notification; no action required.
-It may take several hours for the endpoint to appear in the portal.
+It may take several hours for the machine to appear in the portal.
12
@@ -157,7 +157,7 @@ The service could not contact the external processing servers at that URL.
An error occurred with the Windows telemetry service.
[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
18
@@ -181,25 +181,25 @@ If this error persists after a system restart, ensure all Windows updates have f
25
Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.
-
The endpoint did not onboard correctly.
+
The machine did not onboard correctly.
It will report to the portal, however the service may not appear as registered in SCCM or the registry.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
26
Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.
-
The endpoint did not onboard correctly.
+
The machine did not onboard correctly.
It will report to the portal, however the service may not appear as registered in SCCM or the registry.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
27
Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```.
-
Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.
+
Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
Ensure real-time antimalware protection is running properly.
An error occurred with the Windows telemetry service.
[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
30
Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```.
-
Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.
+
Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
Ensure real-time antimalware protection is running properly.
Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.
-
A unique identifier is used to represent each endpoint that is reporting to the portal.
+
A unique identifier is used to represent each machine that is reporting to the portal.
If the identifier does not persist, the same machine might appear twice in the portal.
-
Check registry permissions on the endpoint to ensure the service can update the registry.
+
Check registry permissions on the machine to ensure the service can update the registry.
34
@@ -243,7 +243,7 @@ If the identifier does not persist, the same machine might appear twice in the p
An error occurred with the Windows telemetry service.
[Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostic-data-service-is-enabled).
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
+See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
35
@@ -337,6 +337,6 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
## Related topics
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender ATP](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index 5652ee66e3..5a34950b31 100644
--- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -152,8 +152,8 @@ This step will guide you in exploring the custom alert in the portal.
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index b31dad703f..d35ec1554e 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -54,7 +54,7 @@ This status indicates that there's limited communication between the machine and
The following suggested actions can help fix issues related to a misconfigured machine with impaired communications:
-- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
+- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
@@ -66,17 +66,17 @@ If you took corrective actions and the machine status is still misconfigured, [o
A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data.
Follow theses actions to correct known issues related to a misconfigured machine with status ‘No sensor data’:
-- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
+- [Ensure the machine has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#troubleshoot-onboarding-issues-on-the-machine)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
- [Ensure the diagnostic data service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-diagnostics-service-is-enabled)
-If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
+If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
- [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
-If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
+If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
diff --git a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 7c8b6ad443..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Update general Windows Defender Advanced Threat Protection settings
-description: Update your general Windows Defender Advanced Threat Protection settings such as data retention or industry after onboarding.
-keywords: general settings, settings, update settings
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: high
-ms.date: 10/16/2017
----
-# Update general Windows Defender ATP settings
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
-
-During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
-
-1. In the navigation pane, select **Preferences setup** > **General**.
-
-2. Modify settings such as data retention policy or the industry that best describes your organization.
-
- > [!NOTE]
- > Other settings are not editable.
-
-3. Click **Save preferences**.
-
-
-## Related topics
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Failed.png b/windows/security/threat-protection/windows-defender-atp/images/Failed.png
new file mode 100644
index 0000000000..6cef8a46db
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Failed.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/No threats found.png b/windows/security/threat-protection/windows-defender-atp/images/No threats found.png
new file mode 100644
index 0000000000..11eb05d7c6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/No threats found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png b/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png
new file mode 100644
index 0000000000..430acc7c42
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Partially investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png b/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png
new file mode 100644
index 0000000000..c3060b51b0
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Partially remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Pending.png b/windows/security/threat-protection/windows-defender-atp/images/Pending.png
new file mode 100644
index 0000000000..b5a27d0a58
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Pending.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Remediated.png b/windows/security/threat-protection/windows-defender-atp/images/Remediated.png
new file mode 100644
index 0000000000..9f13d8e5dc
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Running.png b/windows/security/threat-protection/windows-defender-atp/images/Running.png
new file mode 100644
index 0000000000..5de179503f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Running.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png b/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png
new file mode 100644
index 0000000000..f1d7bb0531
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/Terminated by system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG
new file mode 100644
index 0000000000..3958d9a532
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG
new file mode 100644
index 0000000000..2da889163c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-save-query.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png b/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png
index 4a2c0fa98e..bafa469657 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png and b/windows/security/threat-protection/windows-defender-atp/images/alerts-q-bulk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png
new file mode 100644
index 0000000000..6950882187
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-active-investigations-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png
new file mode 100644
index 0000000000..c148c887c1
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG
new file mode 100644
index 0000000000..40d4cf3b5c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-filter.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png
new file mode 100644
index 0000000000..cfec514362
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting-results-set.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png
new file mode 100644
index 0000000000..f43355e6e2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-advanced-hunting.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png
index 89fd66df5f..f98240f439 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png
index 379423a53a..7ae7d3aa20 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-page.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png
index 12537a9efb..b34d5f4779 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-timeline.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png
new file mode 100644
index 0000000000..1b6c2dfa10
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-alert-view.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png
index 745712f857..00185b3daa 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG
index af1915fb0b..dcaa87034d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-related-to-machine.PNG differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png
index eaacfa5256..4fcc40c32c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-selected.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png
index ed3cf79941..7a975960a1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alerts-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png
index a2960ce201..7d65413066 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-alertsq2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png b/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png
new file mode 100644
index 0000000000..ec8235b996
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-analyze-auto-ir.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png
new file mode 100644
index 0000000000..f96acc7694
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-approve-reject-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png
new file mode 100644
index 0000000000..f006033aef
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigation-pending.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png
new file mode 100644
index 0000000000..b2cdc68a24
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-auto-investigations-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png
new file mode 100644
index 0000000000..82565d784f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-automated-investigations-statistics.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png
new file mode 100644
index 0000000000..c2c13fe289
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine-user.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png
new file mode 100644
index 0000000000..62e88527b3
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-azure-atp-machine.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png b/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png
new file mode 100644
index 0000000000..3f7e3dba8a
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-block-file.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png b/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png
new file mode 100644
index 0000000000..96c73fc027
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-community-center.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png
new file mode 100644
index 0000000000..c9ff0c1688
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access-numbered.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png
new file mode 100644
index 0000000000..c8126f92a3
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-conditional-access.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png
index 1918a2064d..fc628073fc 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png
new file mode 100644
index 0000000000..f40dff2c63
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png
index 2c44e15d09..e4ec0ca34e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png
new file mode 100644
index 0000000000..703204c040
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-delete-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png
index 9405ae0d6e..fc1a15b8e1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png
index 1fa1650882..0ada1afc87 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png
index 5982447692..6d0e7a9d55 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-file-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png b/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png
new file mode 100644
index 0000000000..2787e7d147
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-filter-advanced-hunting.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-image.png b/windows/security/threat-protection/windows-defender-atp/images/atp-image.png
new file mode 100644
index 0000000000..e3f4b5b27f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-image.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png
new file mode 100644
index 0000000000..99a4376f93
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png
index 0f5ef13a77..692238433d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-improv-opps.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png
index 6a005352c5..97529ae015 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png
new file mode 100644
index 0000000000..5ce3e0d034
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-details-view2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png
index 63431efa68..9dd1e801dd 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png
index b5dee50cd9..e2e3ae3944 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-details-panel.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png
index 0be9abed27..45f38aa956 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-export.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png
index 8047e53b44..bbf578bd52 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-timeline-filter.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png
index cfa3cbda3e..9347d09c04 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png
new file mode 100644
index 0000000000..692b21869f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-machines-list-view2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png
index c405166f01..d3291b5cd5 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mapping5.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png
index d8d2aea802..2645ee2e58 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mdm-onboarding-package.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png
index 37219b5b0b..df43379ab5 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png
new file mode 100644
index 0000000000..3d3330a2db
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png
new file mode 100644
index 0000000000..860899d286
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-ms-secure-score.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png
new file mode 100644
index 0000000000..b9a758e159
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-new-alerts-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
index b330f34ac1..3b4cf3197c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png b/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png
index 24b6aee777..b538946141 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-no-subscriptions-found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png b/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png
index 020eeac764..738c1470e7 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-not-authorized-to-access-portal.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png b/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png
new file mode 100644
index 0000000000..ca06a6bea9
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-notification-action.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png b/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png
new file mode 100644
index 0000000000..ec00bdcb5e
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-notifications.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png b/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png
index a0c18757a8..ee2cf3dc71 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-onboard-endpoints-WDATP-portal.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png b/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png
index 729042ed30..a109efd09c 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-org-sec-score.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png
new file mode 100644
index 0000000000..8c38cc18a2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-auto-ir.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png
new file mode 100644
index 0000000000..006d7c1a3f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-file.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png
new file mode 100644
index 0000000000..55113991e6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-list.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png
new file mode 100644
index 0000000000..f0878a6699
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-multiple.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png
new file mode 100644
index 0000000000..af05f88e0b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-pending-actions-notification.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png b/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png
index 4a41dff7b6..06147c025e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-portal-sensor.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png
index 74b6e5fae6..f271f16509 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png b/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png
new file mode 100644
index 0000000000..0e8c9e12d2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-save-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png
new file mode 100644
index 0000000000..ae8d72d307
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-1.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png
new file mode 100644
index 0000000000..5a4816bf80
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-sec-ops-dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png
index 20e5f4f5fa..f80648993e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-analytics-view-machines2.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png
new file mode 100644
index 0000000000..9ce191083b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png
new file mode 100644
index 0000000000..023881cd9b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-controls.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png
new file mode 100644
index 0000000000..8afeee9566
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time-9.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png
index 9cbf01f81a..3bfad3afc3 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png
index 76267fb27f..f3de71739d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png
new file mode 100644
index 0000000000..1d1cbb4448
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png
index ef0a1a23bc..1c3154f188 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-onboarding-workspaceid.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png b/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png
new file mode 100644
index 0000000000..bdcc1997eb
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-shared-queries.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png
index 2ce7dbc637..d611574dbc 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png b/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png
index b2ae248d35..db6082c4e1 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-stop-quarantine.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png b/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png
index 7a6c15ebbb..8fc24beeab 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-subscription-expired.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png
new file mode 100644
index 0000000000..0989362804
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-suspicious-activities-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png
index 70a7ce9fee..0b532a888a 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png
index 3aa0b451bc..dce4ee3f5e 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-tile-sensor-health.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png
new file mode 100644
index 0000000000..2fcb58e44f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details-view-azureatp.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png
index eb1366d9cb..94c0f5cd1f 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-user-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png b/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png
new file mode 100644
index 0000000000..32907fedb6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-verify-passive-mode.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/dashboard.png
new file mode 100644
index 0000000000..974708504f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/dashboard.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/io.png b/windows/security/threat-protection/windows-defender-atp/images/io.png
new file mode 100644
index 0000000000..a03e5fb917
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/io.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/mss.png b/windows/security/threat-protection/windows-defender-atp/images/mss.png
new file mode 100644
index 0000000000..63a22c2e50
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/mss.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png b/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png
new file mode 100644
index 0000000000..fc3ee208d2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/no-threats-found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png b/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png
new file mode 100644
index 0000000000..4db61c4162
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/no_threats_found.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png b/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png
new file mode 100644
index 0000000000..225988f58b
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially-investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png b/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png
new file mode 100644
index 0000000000..469ec08f53
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially_investigated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png b/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png
new file mode 100644
index 0000000000..b381112d21
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/partially_remediated.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/save-query.png b/windows/security/threat-protection/windows-defender-atp/images/save-query.png
new file mode 100644
index 0000000000..719a1a7113
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/save-query.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/securescore.png b/windows/security/threat-protection/windows-defender-atp/images/securescore.png
new file mode 100644
index 0000000000..2b8104bd7d
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/securescore.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ss1.png b/windows/security/threat-protection/windows-defender-atp/images/ss1.png
new file mode 100644
index 0000000000..ebd17712d6
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/ss1.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/ssot.png b/windows/security/threat-protection/windows-defender-atp/images/ssot.png
new file mode 100644
index 0000000000..a21b675f64
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/ssot.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png
index 78812e3248..452918b63f 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/status-tile.png and b/windows/security/threat-protection/windows-defender-atp/images/status-tile.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png b/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png
new file mode 100644
index 0000000000..7db354747c
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/terminated-by-system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png b/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png
new file mode 100644
index 0000000000..f2d59131d5
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/terminated_by_system.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/wdsc.png b/windows/security/threat-protection/windows-defender-atp/images/wdsc.png
new file mode 100644
index 0000000000..3cd583ed74
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/wdsc.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
index b4fae526ee..840ac36b91 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Investigate Windows Defender Advanced Threat Protection alerts
description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
-keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
+keywords: investigate, investigation, machines, machine, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate Windows Defender Advanced Threat Protection alerts
@@ -19,17 +19,17 @@ ms.date: 10/16/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink)
-Investigate alerts that are affecting your network, what they mean, and how to resolve them.
+Investigate alerts that are affecting your network, understand what they mean, and how to resolve them.
Click an alert to see the alert details view and the various tiles that provide information about the alert.
-You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
+You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them. You'll also see a status of the automated investigation on the upper right corner. Clicking on the link will take you to the Automated investigations view. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
-
+
The alert context tile shows the where, who, and when context of the alert. As with other pages, you can click on the icon beside the name or user account to bring up the machine or user details pane. The alert details view also has a status tile that shows the status of the alert in the queue. You'll also see a description and a set of recommended actions which you can expand.
@@ -91,13 +91,12 @@ The **Artifact timeline** feature provides an addition view of the evidence that
Selecting an alert detail brings up the **Details pane** where you'll be able to see more information about the alert such as file details, detections, instances of it observed worldwide, and in the organization.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
index f4f611b986..9d2442bd7c 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate a domain associated with a Windows Defender ATP alert
@@ -22,7 +22,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink)
@@ -58,13 +58,10 @@ The **Most recent observed machinew with URL** section provides a chronological
5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
index df24b9a27b..8303abcda1 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate a file associated with a Windows Defender ATP alert
@@ -22,7 +22,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink)
@@ -63,13 +63,10 @@ The **Most recent observed machines with the file** section allows you to specif
This allows for greater accuracy in defining entities to display such as if and when an entity was observed in the organization. For example, if you’re trying to identify the origin of a network communication to a certain IP Address within a 10-minute period on a given date, you can specify that exact time interval, and see only files that communicated with that IP Address at that time, drastically reducing unnecessary scrolling and searching.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
index 01828ef7ff..a22179f273 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate an IP address associated with a Windows Defender ATP alert
@@ -65,13 +65,10 @@ Use the search filters to define the search criteria. You can also use the timel
Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
+- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
index e9940d0a2b..9fb3644bae 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Investigate machines in the Windows Defender ATP Machines list
description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
-keywords: machines, endpoints, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
+keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate machines in the Windows Defender ATP Machines list
@@ -19,8 +19,6 @@ ms.date: 10/16/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink)
## Investigate machines
@@ -30,87 +28,55 @@ You can click on affected machines whenever you see them in the portal to open a
- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-- The [Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- The [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
- Any individual alert
- Any individual file details view
- Any IP address or domain details view
When you investigate a specific machine, you'll see:
-- Machine details, Logged on users, and Machine Reporting
+- Machine details, Logged on users, Machine risk, and Machine Reporting
- Alerts related to this machine
- Machine timeline
-
+
-The machine details, total logged on users, and machine reporting sections display various attributes about the machine.
+The machine details, logged on users, machine risk, and machine reporting sections display various attributes about the machine.
+**Machine details**
The machine details tile provides information such as the domain and OS of the machine. If there's an investigation package available on the machine, you'll see a link that allows you to download the package.
For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
-Clicking on the number of total logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
+
+**Logged on users**
+Clicking on the logged on users in the Logged on users tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
- Interactive and remote interactive logins
- Network, batch, and system logins
-
+
You'll also see details such as logon types for each user account, the user group, and when the account logon occurred.
For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
-## Manage machine group and tags
-Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident.
+**Machine risk**
+The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert. It's also indicators of the active threats that machines could be exposed to.
-Machine related properties are being extended to account for:
-
-- Group affiliation
-- Dynamic context capturing
-
-
-
-### Group machines
-Machine group affiliation can represent geographic location, specific activity, importance level and others. Grouping machines with similar attributes can be handy when you need to apply contextual action on a specific list of machines. After creating groups, you can apply the Group filter on the Machines list to get a narrowed list of machines.
-
-Machine group is defined in the following registry key entry of the machine:
-
-- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
-- Registry key value (string): Group
-
-
-### Set standard tags on machines
-Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
-
-1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
-
- - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
- - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- - **Machines list** - Select the machine name from the list of machines.
- - **Search box** - Select Machine from the drop-down menu and enter the machine name.
-
- You can also get to the alert page through the file and IP views.
-
-2. Open the **Actions** menu and select **Manage tags**.
-
- 
-
-3. Enter tags on the machine. To add more tags, click the + icon.
-4. Click **Save and close**.
-
- 
-
- Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** or **Groups** filter to see the relevant list of machines.
-
-### Manage machine tags
-You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel.
-
-
+**Azure Advanced Threat Protection**
+If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided.
+>[!NOTE]
+>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+**Machine reporting**
+Provides the last internal IP and external IP of the machine. It also shows when the machine was first and last seen reporting to the service.
## Alerts related to this machine
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts).
+
+
This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
You can also choose to highlight an alert from the **Alerts related to this machine** or from the **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.
@@ -184,20 +150,71 @@ From the list of events that are displayed in the timeline, you can examine the
You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
-Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of metadata on the file or IP address.
+Expand an event to view associated processes related to the event. Click on the circle next to any process or IP address in the process tree to investigate additional details of the identified processes. This action brings up the **Details pane** which includes execution context of processes, network communications and a summary of meta data on the file or IP address.
The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context.
+## Add machine tags
+You can add tags on machines during an investigation. Machine tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident.
+
+You can add tags on machines using the following ways:
+- By setting a registry key value
+- By using the portal
+
+### Add machine tags by setting a registry key value
+Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list.
+
+Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
+
+Use the following registry key entry to add a tag on a machine:
+
+- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
+- Registry key value (string): Group
+
+
+### Add machine tags using the portal
+Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
+
+1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
+
+ - **Security operations dashboard** - Select the machine name from the Top machines with active alerts section.
+ - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
+ - **Machines list** - Select the machine name from the list of machines.
+ - **Search box** - Select Machine from the drop-down menu and enter the machine name.
+
+ You can also get to the alert page through the file and IP views.
+
+2. Open the **Actions** menu and select **Manage tags**.
+
+ 
+
+3. Enter tags on the machine. To add more tags, click the + icon.
+4. Click **Save and close**.
+
+ 
+
+ Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** filter to see the relevant list of machines.
+
+### Manage machine tags
+You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel.
+
+
+
+## Use machine groups in an investigation
+Machine group affiliation can represent geographic location, specific activity, importance level and others.
+
+You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or who can see information on a specific machine group or groups by assigning the machine group to a user group. For more information, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
+
+You can also use machine groups to assign specific remediation levels to apply during automated investigations. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+
+In an investigation, you can filter the Machines list to just specific machine groups by using the Groups filter.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
index 7d166a4ede..46a2f46c0e 100644
--- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
@@ -10,16 +10,12 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Investigate a user account in Windows Defender ATP
**Applies to:**
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -37,17 +33,32 @@ You can find user account information in the following views:
A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
When you investigate a user account entity, you'll see:
-- User account details and Logged on machines
+- User account details, Azure Advanced Threat Protection (Azure ATP) alerts, and Logged on machines
- Alerts related to this user
- Observed in organization (machines logged on to)
-
+
-The user account entity details and logged on machines section display various attributes about the user account. You'll see details such as when the user was first and last seen and the total number of machines the user logged on to. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+**User details**
+The user account entity details, Azure ATP alerts, and logged on machines sections display various attributes about the user account.
-The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+The user entity tile provides details about the user such as when the user was first and last seen. Depending on the integration features you enable, you'll see other details. For example, if you enable the Skype for business integration, you'll be able to contact the user from the portal.
-The **Observed in organization** section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
+**Azure Advanced Threat Protection**
+If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
+
+>[!NOTE]
+>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
+
+**Logged on machines**
+You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
+
+
+## Alerts related to this user
+This section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+
+## Observed in organization
+This section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health.
@@ -69,13 +80,11 @@ You can filter the results by the following time periods:
- 6 months
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
index c2e2c9f696..240d558937 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Is domain seen in org
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index 4e8281d86e..b866964b62 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -22,6 +22,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink)
@@ -117,20 +118,20 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
10. You are almost done. Before you can start using Windows Defender ATP you'll need to:
- - [Onboard endpoints and setup access](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
+ - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
- Run detection test (optional)
- 
+ 
> [!IMPORTANT]
- > If you click **Start using Windows Defender ATP** before onboarding endpoints you will receive the following notification:
+ > If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification:
>
-11. After onboarding endpoints you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
+11. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
- 
+ 
## Related topics
-- [Onboard and set up Windows Defender Advanced Threat Protection](onboard-configure-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot onboarding process and error messages](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Onboard machines to the Windows Defender Advanced Threat Protection service](onboard-configure-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot onboarding process and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..454d1a3aec
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,94 @@
+---
+title: Create and manage machine groups in Windows Defender ATP
+description: Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group
+keywords: machine groups, groups, remediation, level, rules, aad group, role, assign, rank
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Create and manage machine groups in Windows Defender ATP
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Azure Active Directory
+- Office 365
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+In an enterprise scenario, security operation teams are typically assigned a set of machines. These machines are grouped together based on a set of attributes such as their domains, computer names, or designated tags.
+
+In Windows Defender ATP, you can create machine groups and use them to:
+- Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac-windows-defender-advanced-threat-protection.md)
+- Configure different auto-remediation settings for different sets of machines
+
+As part of the process of creating a machine group, you'll:
+- Set the automated remediation level for that group
+- Define a matching rule based on the machine name, domain, tags, and OS platform to determine which machines belong to the group. If a machine is also matched to other groups, it is added only to the highest ranked machine group.
+- Determine access to machine group
+- Rank the machine group relative to other groups after it is created
+
+>[!NOTE]
+>All machine groups are accessible to all users if you don’t assign any Azure AD groups to them.
+
+
+## Add a machine group
+
+1. In the navigation pane, select **Settings > Permissions > Machine groups**.
+
+2. Click **Add machine group**.
+
+3. Set the machine group details, configure an association rule, preview the results, then assign the group to an Azure user group:
+
+ - **Name**
+
+ - **Remediation level for automated investigations**
+ - **No remediation**
+ - **Require approval (all folders)**
+ - **Require approval (non-temp folders)**
+ - **Require approval (core folders)**
+ - **Fully automated**
+
+ - **Description**
+
+ - **Matching rule** – you can apply the rule based on machine name, domain, tag, or OS version.
+
+ >[!TIP]
+ >If you want to group machines by organizational unit, you can configure the registry key for the group affiliation. For more information on device tagging, see [Manage machine group and tags](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#manage-machine-group-and-tags).
+
+4. Review the result of the preview of matched machines. If you are satisfied with the rules, click the **Access** tab.
+
+5. Assign the user groups that can access the machine group you created.
+
+ >[!NOTE]
+ >You can only grant access to Azure AD user groups that have been assigned to RBAC roles.
+
+6. Click **Close**.
+
+7. Apply the configuration settings.
+
+## Understand matching and manage groups
+You can promote the rank of a machine group so that it is given higher priority during matching. When a machine is matched to more than one group, it is added only to the highest ranked group. You can also edit and delete groups.
+
+By default, machine groups are accessible to all users with portal access. You can change the default behavior by assigning Azure AD user groups to the machine group.
+
+Machines that are not matched to any groups are added to Ungrouped machines (default) group. You cannot change the rank of this group or delete it. However, you can change the remediation level of this group, and define the Azure AD user groups that can access this group.
+
+>[!NOTE]
+>Applying changes to machine group configuration may take up to several minutes.
+
+
+
+
+## Related topic
+- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
index b25f671461..278725340f 100644
--- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
---
# View and organize the Windows Defender ATP Machines list
@@ -23,8 +23,6 @@ ms.date: 03/12/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink)
The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
@@ -32,7 +30,7 @@ The **Machines list** shows a list of the machines in your network, the domain o
Use the Machines list in these main scenarios:
- **During onboarding**
- During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
+ During the onboarding process, the **Machines list** is gradually populated with machines as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
- **Day-to-day work**
The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
@@ -43,7 +41,7 @@ Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Securit
You can also download the entire list in CSV format using the **Export to CSV** feature.
-
+
You can use the following filters to limit the list of machines displayed during an investigation:
@@ -54,6 +52,9 @@ You can use the following filters to limit the list of machines displayed during
- 30 days
- 6 months
+**Risk level**
+Machine risk levels are indicators of the active threats that machines could be exposed to. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically and also by suppressing an alert.
+
**OS Platform**
- Windows 10
- Windows Server 2012 R2
@@ -80,7 +81,7 @@ Filter the list to view specific machines that are well configured or require at
- **Well configured** - Machines have the Windows Defender security controls well configured.
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
-For more information, see [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
+For more information, see [View the Secure Score dashboard](secure-score-dashboard-windows-defender-advanced-threat-protection.md).
**Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories:
@@ -92,13 +93,14 @@ Filter the list to view specific machines grouped together by the following malw
- **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
- **PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
-## Groups and tags
-You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags).
+**Groups and tags**
+You can filter the list based on the grouping and tagging that you've added to individual machines.
## Export machine list to CSV
You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
-**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
+>[NOTE]
+> Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
## Sort the Machines list
@@ -112,17 +114,10 @@ You can sort the **Machines list** by the following columns:
- **Active malware alerts** - Number of active malware detections reported by the machine
> [!NOTE]
-> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
+> The **Active malware detections** filter column will only appear if your machines are using [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 496720c009..5912acb1a8 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Manage Windows Defender Advanced Threat Protection alerts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink)
@@ -87,20 +87,20 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
-3. Choose the context for suppressing the alert.
+3. Enter an alert title then select an indicator of compromise from the drop-down list.
> [!NOTE]
> You cannot create a custom or blank suppression rule. You must start from an existing alert.
-4. Specify the conditions for when the rule is applied:
- - Alert title
- - Indicator of compromise (IOC)
- - Suppression conditions
+4. Specify the suppression conditions by entering values for any of the following:
+ - Sha1
+ - File name
+ - Folder path
> [!NOTE]
- > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions.
+ > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions by removing the deselecting the checkbox.
5. Specify the action and scope on the alert.
You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. Alerts that are marked as hidden will be suppressed from the entire system, both on the machine's associated alerts and from the dashboard. You can also specify to suppress the alert on the machine only or the whole organization.
@@ -110,20 +110,18 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
### View the list of suppression rules
-1. Click **Alerts queue** > **Suppression rules**.
+1. In the navigation pane, select **Settings** > **Rules** > **Alert suppression**.
2. The list of suppression rules shows all the rules that users in your organization have created.
-You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules.
+For more information on managing suppression rules, see [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
+- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..1f68016ea9
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,73 @@
+---
+title: Manage automation allowed/blocked lists
+description: Create lists that control what items are automatically blocked or allowed during an automatic investigation.
+keywords: manage, automation, whitelist, blacklist, block, clean, malicious
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation allowed/blocked lists
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+
+Create a rule to control which entities are automatically incriminated or exonerated during Automated investigations.
+
+Entities added to the allowed list are considered safe and will not be analyzed during Automated investigations.
+
+Entities added to the blocked list are considered malicious and will be remediated during Automated investigations.
+
+You can define the conditions for when entities are identified as malicious or safe based on certain attributes such as hash values or certificates.
+
+## Create an allowed or blocked list
+1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
+
+2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities:
+ - File hash
+ - Certificate
+
+3. Click **Add system exclusion**.
+
+4. For each attribute specify the exclusion type, details, and the following required values:
+
+ - **Files** - Hash value
+ - **Certificate** - PEM certificate file
+
+5. Click **Update rule**.
+
+## Edit a list
+1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
+
+2. Select the type of entity you'd like to edit the list from.
+
+3. Update the details of the rule and click **Update rule**.
+
+## Delete a list
+1. In the navigation pane, select **Settings** > **Rules** > **Automation allowed/blocked list**.
+
+2. Select the type of entity you'd like to delete the list from.
+
+3. Select the list type by clicking the check-box beside the list type.
+
+4. Click **Delete**.
+
+
+## Related topics
+- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f6b88381ff
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,50 @@
+---
+title: Manage automation file uploads
+description: Enable content analysis and configure the file extension and email attachment extensions that will be sumitted for analysis
+keywords: automation, file, uploads, content, analysis, file, extension, email, attachment
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation file uploads
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink)
+
+Enable the content analysis capability so that certain files and email attachments can automatically be uploaded to the cloud for additional inspection in Automated investigation.
+
+Identify the files and email attachments by specifying the file extension names and email attachment extension names.
+
+For example, if you add *exe* and *bat* as file or attachment extension names, then all files or attachments with those extensions will automatically be sent to the cloud for additional inspection during Automated investigation.
+
+## Add file extension names and attachment extension names.
+
+1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**.
+
+2. Toggle the content analysis setting between **On** and **Off**.
+
+3. Configure the following extension names and separate extension names with a comma:
+ - **File extension names** - Suspicious files except email attachments will be submitted for additional inspection
+ - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection
+
+
+
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..c7d1e70c54
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,78 @@
+---
+title: Manage automation folder exclusions
+description: Add automation folder exclusions to control the files that are excluded from an automated investigation.
+keywords: manage, automation, exclusion, whitelist, blacklist, block, clean, malicious
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage automation folder exclusions
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink)
+
+Automation folder exclusions allow you to specify folders that the Automated investigation will skip.
+
+You can control the following attributes about the folder that you'd like to be skipped:
+- Folders
+- Extensions of the files
+- File names
+
+
+**Folders**
+You can specify a folder and its subfolders to be skipped. You can use wild cards so that all files under the directory is skipped by the automated investigation.
+
+**Extensions**
+You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.
+
+**File names**
+You can specify the file names that you want to be excluded in a specific directory. The names are a way to prevent an attacker from using an excluded folder to hide an exploit. The names explicitly define which files to ignore.
+
+
+
+## Add an automation folder exclusion
+1. In the navigation pane, select **Settings** > **Rules** > **Automation folder exclusions**.
+
+2. Click **New folder exclusion**.
+
+3. Enter the folder details:
+
+ - Folder
+ - Extensions
+ - File names
+ - Description
+
+
+4. Click **Save**.
+
+## Edit an automation folder exclusion
+1. In the navigation pane, select **Settings** > **Rules** > **Automation folder exclusions**.
+
+2. Click **Edit** on the folder exclusion.
+
+3. Update the details of the rule and click **Save**.
+
+## Remove an automation folder exclusion
+1. In the navigation pane, select **Settings** > **Rules** > **Automation folder exclusions**.
+2. Click **Remove exclusion**.
+
+
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..c06aea4230
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,49 @@
+---
+title: Manage Windows Defender Advanced Threat Protection suppression rules
+description: Manage suppression rules
+keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage suppression rules
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-suppressionrules-abovefoldlink)
+
+There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
+
+You can view a list of all the suppression rules and manage them in one place. You can also turn an alert suppression rule on or off.
+
+## Turn a suppression rule on or off
+1. In the navigation pane, select **Settings** > **Rules** > **Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
+
+2. Select a rule by clicking on the check-box beside the rule name.
+
+3. Click **Turn rule on** or **Turn rule off**.
+
+## View details of a suppression rule
+
+1. In the navigation pane, select **Settings** > **Rules** > **Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
+
+2. Click on a rule name. Details of the rule is displayed. You'll see the rule details such as status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
+
+## Related topics
+- [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 368f43a52c..3983d79af5 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Minimum requirements for Windows Defender ATP
-description: Minimum network and data storage configuration, endpoint hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
-keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel
+description: Minimum network and data storage configuration, machine hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
+keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, machine configuration, deployment channel
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/21/2018
+ms.date: 04/17/2018
---
# Minimum requirements for Windows Defender ATP
@@ -23,9 +23,9 @@ ms.date: 03/21/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
-
-There are some minimum requirements for onboarding your network and endpoints.
+There are some minimum requirements for onboarding machines to the service.
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
@@ -49,7 +49,7 @@ When you run the onboarding wizard for the first time, you must choose where you
> - You cannot change your data storage location after the first-time setup.
> - Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
-### Endpoint hardware and software requirements
+### Hardware and software requirements
The Windows Defender ATP agent only supports the following editions of Windows 10:
@@ -58,30 +58,30 @@ The Windows Defender ATP agent only supports the following editions of Windows 1
- Windows 10 Pro
- Windows 10 Pro Education
-Endpoints on your network must be running one of these editions.
+Machines on your network must be running one of these editions.
-The hardware requirements for Windows Defender ATP on endpoints is the same as those for the supported editions.
+The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
> [!NOTE]
-> Endpoints that are running mobile versions of Windows are not supported.
+> Machines that are running mobile versions of Windows are not supported.
#### Internet connectivity
-Internet connectivity on endpoints is required either directly or through proxy.
+Internet connectivity on machines is required either directly or through proxy.
The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
-For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
+For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
-Before you configure endpoints, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
+Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
### Diagnostic data settings
-You must ensure that the diagnostic data service is enabled on all the endpoints in your organization.
+You must ensure that the diagnostic data service is enabled on all the machines in your organization.
By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
**Use the command line to check the Windows 10 diagnostic data service startup type**:
-1. Open an elevated command-line prompt on the endpoint:
+1. Open an elevated command-line prompt on the machine:
a. Go to **Start** and type **cmd**.
@@ -124,15 +124,20 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
## Windows Defender Antivirus signature updates are configured
The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them.
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
+Depending on the server version you're onboarding, you might need to configure a Group Policy setting to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
+
For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
-If you're running Windows Defender Antivirus as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
+If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
+
+## Related topic
+- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..78710989d2
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,47 @@
+---
+title: Offboard machines from the Windows Defender ATP service
+description: Onboard Windows 10 machines, servers, non-Windows machines from the Windows Defender ATP service
+keywords: offboarding, windows defender advanced threat protection offboarding, windows atp offboarding
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Offboard machines from the Windows Defender ATP service
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- macOS
+- Linux
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink)
+
+Follow the corresponding instructions depending on your preferred deployment method.
+
+## Offboard Windows 10 machines
+ - [Offboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md#offboard-machines-using-a-local-script)
+ - [Offboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md#offboard-machines-using-group-policy)
+ - [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md#offboard-machines-using-system-center-configuration-manager)
+ - [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
+
+## Offboard Servers
+ - [Offboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md#offboard-servers)
+
+## Offboard non-Windows machines
+ - [Offboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md#offboard-non-windows-machines)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 17df4fab03..84c7cee481 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Onboard endpoints and set up the Windows Defender ATP user access
-description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
-keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script
+title: Onboard machines to the Windows Defender ATP service
+description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test.
+keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,10 +10,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
---
-# Onboard and set up Windows Defender Advanced Threat Protection
+# Onboard machines to the Windows Defender ATP service
**Applies to:**
@@ -21,15 +21,19 @@ ms.date: 11/21/2017
- Windows 10 Education
- Windows 10 Pro
- Windows 10 Pro Education
+- macOS
+- Linux
+- Windows Server 2012 R2
+- Windows Server 2016
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
You need to onboard to Windows Defender ATP before you can use the service.
-For more information, see [Onboard your Windows 10 endpoints to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
+For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be).
## Licensing requirements
Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
@@ -43,19 +47,23 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
## Windows Defender Antivirus configuration requirement
The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them.
-You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
+If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
+
+
For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
## In this section
Topic | Description
:---|:---
-[Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
-[Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products sensor data.
-[Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP
+[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
+[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP
+[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data.
+[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index 14d4fc1ac4..ce444d924a 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -1,16 +1,16 @@
---
title: Windows Defender Advanced Threat Protection portal overview
description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, preferences setup, endpoint management, advanced attacks
+keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, settings, machine management, advanced attacks
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
-author: DulceMV
+author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
---
# Windows Defender Advanced Threat Protection portal overview
@@ -23,7 +23,7 @@ ms.date: 03/12/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
@@ -37,29 +37,29 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com
## Windows Defender ATP portal
When you open the portal, you’ll see the main areas of the application:
- 
+ 
- (1) Navigation pane
- (2) Main portal
-- (3) Search, Feedback, Settings, Help and support
+- (3) Search, Community center, Time settings, Help and support, Feedback
> [!NOTE]
-> Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> Malware related detections will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section.
Area | Description
:---|:---
-(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
-**Dashboards** | Allows you to access the Security operations or the Secure score dashboard.
-**Alerts queue** | Allows you to view separate queues: new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
+(1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Automated investigations**, **Machines list**, **Service health**, **Advanced hunting**, and **Settings**.
+**Dashboards** | Access the Security operations, the Secure Score, or Threat analytics dashboard.
+**Alerts** | View separate queues of new, in progress, resolved alerts, alerts assigned to you.
+**Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation.
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
-**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure score dashboard.
-**Endpoint management** | Provides access to endpoints such as clients and servers. Allows you to download the onboarding configuration package for endpoints. It also provides access to endpoint offboarding.
-**Community center** | Access the Community center to learn, collaborate, and share experiences about the product.
-(2) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
-(3) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Feedback** - Access the feedback button to provide comments about the portal. **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
+**Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
+**Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure Score dashboard.
+**(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
+**(3) Search, Community center, Time settings, Help and support, Feedback** | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. **Community center** -Access the Community center to learn, collaborate, and share experiences about the product. **Time settings** - Gives you access to the configuration settings where you can set time zones and view license information. **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support. **Feedback** - Access the feedback button to provide comments about the portal.
## Windows Defender ATP icons
The following table provides information on the icons used all throughout the portal:
@@ -97,6 +97,20 @@ Icon | Description
| Memory allocation
| Process injection
| Powershell command run
+ | Community center
+ | Notifications
+ | Automated investigation - no threats found
+ | Automated investigation - failed
+ | Automated investigation - partially investigated
+ | Automated investigation - terminated by system
+ | Automated investigation - pending
+ | Automated investigation - running
+ | Automated investigation - remediated
+ | Automated investigation - partially remediated
-## Related topic
-[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
index 36517f85e2..e92d59ee73 100644
--- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Create and build Power BI reports using Windows Defender ATP data
description: Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
-keywords: preferences setup, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
+keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
localizationpriority: high
-ms.date: 03/16/2018
+ms.date: 04/17/2018
---
# Create and build Power BI reports using Windows Defender ATP data
@@ -32,24 +32,26 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization.
You can easily get started by:
-- Creating a dashboard on the Power BI service:
- - From the Windows Defender ATP portal or
- - From the Power BI portal
+- Creating a dashboard on the Power BI service
- Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization
You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported.
-## Create a Power BI dashboard from the Windows Defender ATP portal
+## Create a Windows Defender ATP dashboard on Power BI service
Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
-1. In the navigation pane, select **Preferences setup** > **Power BI reports**.
-
- 
+1. In the navigation pane, select **Settings** > **General** > **Power BI reports**.
-2. Click **Create dashboard**. You'll see a notification that things are being loaded.
+2. Click **Create dashboard**.
+
+ 
+
+ You'll see a notification that things are being loaded.
+ >[!NOTE]
+ >Loading your data in the Power BI service can take a few minutes.
3. Specify the following details:
- **extensionDataSourceKind**: WDATPConnector
@@ -62,7 +64,7 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
-5. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+5. Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
@@ -78,7 +80,6 @@ Windows Defender ATP makes it easy to create a Power BI dashboard by providing a
For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/).
-
## Create a Power BI dashboard from the Power BI portal
1. Login to [Power BI](https://powerbi.microsoft.com/).
@@ -126,11 +127,11 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t
### Before you begin
1. Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
-2. In the Windows Defender ATP portal navigation pane, select **Preferences setup** > **Power BI reports**.
+2. In the navigation pane, select **Settings** > **General** > **Power BI reports**.
3. Click **Download connector** to download the WDATPPowerBI.zip file and extract it.
- 
+ 
4. Create a new directory `Microsoft Power BI Desktop\Custom Connectors` under the user's Documents folder.
@@ -154,12 +155,14 @@ After completing the steps in the Before you begin section, you can proceed with
1. Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
-2. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+2. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
- 
+ 
3. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
+
+
## Mashup Windows Defender ATP data with other data sources
You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
@@ -173,9 +176,9 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
-4. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+4. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
- 
+ 
5. Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
@@ -187,13 +190,14 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
8. Add visuals and select fields from the available data sources.
-## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
-- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+## Using the Power BI reports
+There are a couple of tabs on the report that's generated:
+
+- Machine and alerts
+- Investigation results and action center
+- Secure Score
+
+In general, if you know of a specific threat name, CVE, or KB, you can identify machines with unpatched vulnerabilities that might be leveraged by threats. This report also helps you determine whether machine-level mitigations are configured correctly on the machines and prioritize those that might need attention.
diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
index 38a4ba668d..36e285cce8 100644
--- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# PowerShell code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
This article provides PowerShell code examples for using the custom threat intelligence API.
@@ -38,7 +38,7 @@ These code examples demonstrate the following tasks:
## Step 1: Obtain an Azure AD access token
The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
-Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Settings** page in the portal:
```powershell
$authUrl = 'Your Authorization URL'
@@ -180,8 +180,8 @@ $ioc =
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
index a21cd910cd..4d00c68de1 100644
--- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Configure Windows Defender ATP preferences settings
-description: Use the preferences setup to configure and update your preferences settings such as enabling advanced features, preview experience, email notifications, or custom threat intelligence.
-keywords: preferences settings, settings, advanced features, preview experience, email notifications, custom threat intelligence
+title: Configure Windows Defender ATP settings
+description: Use the settings page to configure general settings, permissions, apis, and rules.
+keywords: settings, general settings, permissions, apis, rules
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,9 +10,9 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
-# Configure Windows Defender ATP preferences settings
+# Configure Windows Defender ATP settings
**Applies to:**
@@ -22,20 +22,19 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
-Use the **Preferences setup** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
+Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
## In this section
Topic | Description
:---|:---
-[Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
-[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
-[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features.
-[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.
-[Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution.
-[Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application.
-[Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md) | Get security insights by creating and building Power BI dashboards using data from Windows Defender ATP and other data sources.
+[Update general settings](data-retention-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
+Permissions | Manage portal access using RBAC as well as machine groups.
+APIs | Enable the threat intel and SIEM integration.
+Rules | Configure suppressions rules and automation settings.
+Machine management | Onboard and offboard machines.
+
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index b6de75210b..6f65f14423 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Turn on the preview experience in Windows Defender ATP
description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
-keywords: advanced features, preferences setup, block file
+keywords: advanced features, settings, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Turn on the preview experience in Windows Defender ATP
@@ -22,21 +22,21 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink)
Turn on the preview experience setting to be among the first to try upcoming features.
-1. In the navigation pane, select **Preferences setup** > **Preview experience**.
+1. In the navigation pane, select **Settings** > **Preview experience**.
- 
+ 
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Related topics
-- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
+- [Update general settings in Windows Defender ATP](data-retention-settings-windows-defender-advanced-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index a05e77c9a2..4d92a145bd 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/30/2017
+ms.date: 04/17/2018
---
# Windows Defender ATP preview features
@@ -23,31 +23,31 @@ ms.date: 11/30/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink)
+
Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
Turn on the preview experience setting to be among the first to try upcoming features.
-1. In the navigation pane, select **Preferences setup** > **Preview experience**.
-
- 
+1. In the navigation pane, select **Settings** > **General** > **Advanced features** > **Preview features**.
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Preview features
The following features are included in the preview release:
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the onboarding of the following servers:
- Windows Server 2012 R2
- Windows Server 2016
+ - Windows Server, version 1803
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
@@ -55,12 +55,6 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
-- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
-Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data.
-
-- [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
-The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. Access and join the community to learn and interact with other members on product specific information.
-
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 82d802c5f9..d3de2bec95 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Pull Windows Defender ATP alerts using REST API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink)
@@ -67,18 +67,18 @@ POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
-resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials
+resource=https%3A%2F%2Fgraph.windows.net&client_id=35e0f735-5fe4-4693-9e68-3de80f1d3745&client_secret=IKXc6PxB2eoFNJ%2FIT%2Bl2JZZD9d9032VXz6Ul3D2WyUQ%3D&grant_type=client_credentials
```
The response will include an access token and expiry information.
```json
{
- "token type": "Bearer",
- "expires in": "3599"
+ "token_type": "Bearer",
+ "expires_in": "3599"
"ext_expires_in": "0",
"expires_on": "1488720683",
"not_before": "1488720683",
- "resource": "https://WDATPAlertExport.Seville.onmicrosoft.com",
+ "resource": "https://graph.windows.net",
"access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
}
```
@@ -103,7 +103,9 @@ Use optional query parameters to specify and control the amount of data returned
Name | Value| Description
:---|:---|:---
-DateTime?sinceTimeUtc | string | Defines the time alerts are retrieved from based from `LastProccesedTimeUtc` time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
+DateTime?sinceTimeUtc | string | Defines the lower time bound alerts are retrieved from, based on field: `LastProccesedTimeUtc` The time range will be: from sinceTimeUtc time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
+DateTime?untilTimeUtc | string | Defines the upper time bound alerts are retrieved. The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time.
**NOTE**: When not specified, the default value will be the current time.
+string ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time.
Value should be set according to **ISO 8601** duration format E.g. `ago=PT10M` will pull alerts received in the last 10 minutes.
int?limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.
**NOTE**: When not specified, all alerts available in the time range will be retrieved.
### Request example
@@ -117,7 +119,7 @@ Authorization: Bearer
The following example demonstrates a request to get the last 20 alerts since 2016-09-12 00:00:00.
```syntax
-GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc="2016-09-12 00:00:00"
+GET https://wdatp-alertexporter-eu.windows.com/api/alerts?limit=20&sinceTimeUtc=2016-09-12T00:00:00.000
Authorization: Bearer
```
diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
index b3bcae08b4..278e02f9bb 100644
--- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Python code examples for the custom threat intelligence API
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
## Before you begin
You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library.
@@ -39,7 +39,7 @@ These code examples demonstrate the following tasks:
## Step 1: Obtain an Azure AD access token
The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
-Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Settings** page in the portal:
```
import json
@@ -183,8 +183,8 @@ with requests.Session() as session:
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..8b7ad9f93e
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,116 @@
+---
+title: Use role-based access control to grant fine-grained access to the Windows Defender ATP portal
+description: Create roles and groups within your security operations to grant access to the portal.
+keywords: rbac, role, based, access, control, groups, control, tier, aad
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# Manage portal access using role-based access control
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Azure Active Directory
+- Office 365
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+
+
+Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do.
+
+Large geo-distributed security operations teams typically adopt a tier-based model to assign and authorize access to security portals. Typical tiers include the following three levels:
+
+Tier | Description
+:---|:---
+Tier 1 | **Local security operations team / IT team** This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.
+Tier 2 | **Regional security operations team** This team can see all the machines for their region and perform remediation actions.
+Tier 3 | **Global security operations team** This team consists of security experts and are authorized to see and perform all actions from the portal.
+
+Windows Defender ATP RBAC is designed to support your tier- or role-based model of choice and gives you granular control over what roles can see, machines they can access, and actions they can take. The RBAC framework is centered around the following controls:
+
+- **Control who can take specific action**
+ - Create custom roles and control what Windows Defender ATP capabilities they can access with granularity.
+
+- **Control who can see information on specific machine group or groups**
+ - [Create machine groups](machine-groups-windows-defender-advanced-threat-protection.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific Azure AD user group.
+
+To implement role-based access, you'll need to define admin roles, assign corresponding permissions, and assign Azure Active Directory (Azure AD) user groups assigned to the roles.
+
+
+### Before you begin
+Before using RBAC, it's important that you understand the roles that can grant permissions and the consequences of turning on RBAC.
+
+
+> [!WARNING]
+> Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal.
+
+When you first log in to the Windows Defender ATP portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD.
+
+Someone with a Windows Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments
+
+> [!WARNING]
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Windows Defender ATP portal, therefore, having the right groups ready in Azure AD is important.
+>
+> **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.**
+>
+>Users with admin permissions are automatically assigned the default built-in Windows Defender ATP global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Windows Defender ATP global administrator role.
+>
+> After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.
+
+## Create roles and assign the role to a group
+
+1. In the navigation pane, select **Settings > Role based access control > Roles**.
+
+2. Click **Add role**.
+
+3. Enter the role name, description, and active permissions you’d like to assign to the role.
+
+ - **Role name**
+
+ - **Description**
+
+ - **Active permissions**
+ - **View data** - Users can view information in the portal.
+ - **Investigate alerts** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
+ - **Approve or take action** - Users can take response actions and approve or dismiss pending remediation actions.
+ - **Manage system settings** - Users can configure settings, SIEM and threat intel API settings, advanced settings, preview features, and automated file uploads.
+
+4. Click **Next** to assign the role to an Azure AD group.
+
+5. Use the filter to select the Azure AD group that you’d like to add to this role.
+
+6. Click **Save and close**.
+
+7. Apply the configuration settings.
+
+## Edit roles
+
+1. Select the role you'd like to edit.
+
+2. Click **Edit**.
+
+3. Modify the details or the groups that the role is a part of.
+
+4. Click **Save and close**.
+
+## Delete roles
+
+1. Select the role row you'd like to delete.
+
+2. Click the drop-down button and select **Delete role**.
+
+## Related topic
+- [Create and manage machine groups in Windows Defender ATP](machine-groups-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index c3162d20c2..0e5f08d3d5 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/06/2018
+ms.date: 04/17/2018
---
# Take response actions on a file
@@ -57,23 +57,25 @@ The action takes effect on machines with Windows 10, version 1703 or later, wher
- **Search box** - select File from the drop–down menu and enter the file name
2. Open the **Actions menu** and select **Stop and Quarantine File**.
+
-3. Type a comment and select **Yes, stop and quarantine** to take action on the file.
+3. Specify a reason, then click **Yes, stop and quarantine**.
+
- The Action center shows the submission information:
+ The Action center shows the submission information:
- - **Submission time** - Shows when the action was submitted.
- - **Success** - Shows the number of machines where the file has been stopped and quarantined.
- - **Failed** - Shows the number of machines where the action failed and details about the failure.
- - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
+ - **Submission time** - Shows when the action was submitted.
+ - **Success** - Shows the number of machines where the file has been stopped and quarantined.
+ - **Failed** - Shows the number of machines where the action failed and details about the failure.
+ - **Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
**Notification on machine user**:
-When the file is being removed from an endpoint, the following notification is shown:
+When the file is being removed from a machine, the following notification is shown:
@@ -89,7 +91,7 @@ For prevalent files in the organization, a warning is shown before an action is
## Remove file from quarantine
You can roll back and remove a file from quarantine if you’ve determined that it’s clean after an investigation. Run the following command on each machine where the file was quarantined.
-1. Open an elevated command–line prompt on the endpoint:
+1. Open an elevated command–line prompt on the machine:
a. Go to **Start** and type cmd.
@@ -116,14 +118,27 @@ You can prevent further propagation of an attack in your organization by banning
### Enable the block file feature
-1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
+Before you can block files, you'll need to enable the feature.
+
+1. In the navigation pane, select **Settings** > **Advanced features** > **Block file**.
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
+
+ 
+
+### Block a file
+1. Select the file you want to block. You can select a file from any of the following views or use the Search box:
- 
+ - **Alerts** - click the corresponding links from the Description or Details in the Artifact timeline
+ - **Search box** - select File from the drop–down menu and enter the file name
+2. Open the **Actions menu** and select **Block**.
+
+ 
-3. Type a comment and select **Yes, block file** to take action on the file.
+3. Specify a reason and select **Yes, block file** to take action on the file.
+
+ 
The Action center shows the submission information:
@@ -135,7 +150,7 @@ You can prevent further propagation of an attack in your organization by banning
When the file is blocked, there will be a new event in the machine timeline.
**Notification on machine user**:
-When a file is being blocked on the endpoint, the following notification is displayed to inform the user that the file was blocked:
+When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked:
@@ -150,7 +165,6 @@ For prevalent files in the organization, a warning is shown before an action is
1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
- **Alerts** - Click the file links from the Description or Details in the Artifact timeline
- - **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
- **Search box** - Select File from the drop–down menu and enter the file name
2. Open the **Actions** menu and select **Remove file from blocked list**.
@@ -235,7 +249,7 @@ If you encounter a problem when trying to submit a file, try each of the followi
3. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error.
4. Verify the policy setting enables sample collection and try to submit the file again.
- a. Change the following registry entry and values to change the policy on specific endpoints:
+ a. Change the following registry entry and values to change the policy on specific machines:
```
HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
Value = 0 – block sample collection
@@ -247,5 +261,5 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
> [!NOTE]
> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
-## Related topics
+## Related topic
- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index adcfd622e0..ac9d6c02de 100644
--- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -73,6 +73,7 @@ The package contains the following folders:
The Action center shows the submission information:
+
- **Submission time** - Shows when the action was submitted.
@@ -247,5 +248,5 @@ All other related details are also shown, for example, submission time, submitti
-## Related topics
+## Related topic
- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
index 6092b45364..f4a083f835 100644
--- a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
@@ -38,15 +38,3 @@ Topic | Description
:---|:---
[Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)| Isolate machines or collect an investigation package.
[Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)| Stop and quarantine files or block a file from your network.
-
-## Related topics
-- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
index 9be70be191..f74f0543b9 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Run a detection test on a newly onboarded Windows Defender ATP endpoint
-description: Run the detection script on a newly onboarded endpoint to verify that it is properly onboarded to the Windows Defender ATP service.
-keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, endpoint, test
+title: Run a detection test on a newly onboarded Windows Defender ATP machine
+description: Run the detection script on a newly onboarded machine to verify that it is properly onboarded to the Windows Defender ATP service.
+keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, test
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -13,7 +13,7 @@ ms.localizationpriority: high
ms.date: 11/06/2017
---
-# Run a detection test on a newly onboarded Windows Defender ATP endpoint
+# Run a detection test on a newly onboarded Windows Defender ATP machine
**Applies to:**
@@ -24,9 +24,9 @@ ms.date: 11/06/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Run the following PowerShell script on a newly onboarded endpoint to verify that it is properly reporting to the Windows Defender ATP service.
+Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
-1. Open an elevated command-line prompt on the endpoint and run the script:
+1. Open an elevated command-line prompt on the machine and run the script:
a. Go to **Start** and type **cmd**.
@@ -40,8 +40,8 @@ Run the following PowerShell script on a newly onboarded endpoint to verify that
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'
```
-The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded endpoint in approximately 10 minutes.
+The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.
## Related topics
-- [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..43e1cf6abb
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,351 @@
+---
+title: View the Secure Score dashboard in Windows Defender ATP
+description: Use the Secure Score dashboard to assess and improve the security state of your organization by analyzing various security control tiles.
+keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, microsoft secure score, security controls, security control, improvement opportunities, edr, antivirus, av, os security updates
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 04/17/2018
+---
+
+# View the Windows Defender Advanced Threat Protection Secure score dashboard
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink)
+
+
+The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
+
+>[!IMPORTANT]
+> This feature is available for machines on Windows 10, version 1703 or later.
+
+
+The **Secure score dashboard** displays a snapshot of:
+- Microsoft Secure score
+- Windows Defender security controls
+- Improvement opportunities
+- Security score over time
+
+
+
+## Microsoft secure score
+The Microsoft secure score tile is reflective of the sum of all the Windows Defender security controls that are configured according to the recommended baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
+
+
+
+Each Windows Defender security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported security controls (Windows Defender security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar).
+
+The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/en-us/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
+
+In the example image, the total points for the Windows security controls and Office 365 add up to 718 points.
+
+You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
+
+## Windows Defender security controls
+The security controls tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention.
+
+
+
+
+## Improvement opportunities
+Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
+
+Click on each control to see the recommended optimizations.
+
+
+
+The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
+
+>[!IMPORTANT]
+>Recommendations that do not display a green triangle icon are informational only and no action is required.
+
+Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
+
+The following image shows an example list of machines where the EDR sensor is not turned on.
+
+
+
+## Security score over time
+You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
+
+
+
+You can click on specific date points to see the total score for that security control is on a particular date.
+
+## Improve your secure score by applying improvement recommendations
+Each security control lists recommendations that you can take to increase the security posture of your organization.
+
+### Endpoint detection and response (EDR) optimization
+For an machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
+
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version 1607 or later.
+
+#### Minimum baseline configuration setting for EDR:
+- Windows Defender ATP sensor is on
+- Data collection is working correctly
+- Communication to Windows Defender ATP service is not impaired
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on sensor
+- Fix sensor data collection
+- Fix impaired communications
+
+For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+### Windows Defender Antivirus (Windows Defender AV) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
+
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version 1607 or later.
+
+#### Minimum baseline configuration setting for Windows Defender AV:
+Machines are considered "well configured" for Windows Defender AV if the following requirements are met:
+
+- Windows Defender AV is reporting correctly
+- Windows Defender AV is turned on
+- Signature definitions are up to date
+- Real-time protection is on
+- Potentially Unwanted Application (PUA) protection is enabled
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+
+>[!NOTE]
+> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the machine.
+
+- Fix antivirus reporting
+ - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
+- Turn on antivirus
+- Update antivirus definitions
+- Turn on real-time protection
+- Turn on PUA protection
+
+For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
+
+
+### OS security updates optimization
+This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
+
+>[!IMPORTANT]
+>This feature is available for machines on Windows 10, version 1607 or later.
+
+You can take the following actions to increase the overall security score of your organization:
+- Install the latest security updates
+- Fix sensor data collection
+ - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
+
+
+### Windows Defender Exploit Guard (Windows Defender EG) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on machines so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline.
+
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender EG:
+Machines are considered "well configured" for Windows Defender EG if the following requirements are met:
+
+- System level protection settings are configured correctly
+- Attack Surface Reduction rules are configured correctly
+- Controlled Folder Access setting is configured correctly
+
+##### System level protection:
+The following system level configuration settings must be set to **On or Force On**:
+
+1. Control Flow Guard
+2. Data Execution Prevention (DEP)
+3. Randomize memory allocations (Bottom-up ASLR)
+4. Validate exception chains (SEHOP)
+5. Validate heap integrity
+
+>[!NOTE]
+>The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
+>Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
+
+##### Attack Surface Reduction (ASR) rules:
+The following ASR rules must be configured to **Block mode**:
+
+Rule description | GUIDs
+-|-
+Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
+Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
+Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
+Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
+Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+
+
+
+>[!NOTE]
+>The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
+>Consider enabling this rule in **Audit** or **Block mode** for better protection.
+
+
+##### Controlled Folder Access
+The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
+
+>[!NOTE]
+> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
+>Consider enabling Controlled Folder Access for better protection.
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on all system-level Exploit Protection settings
+- Set all ASR rules to enabled or audit mode
+- Turn on Controlled Folder Access
+- Turn on Windows Defender Antivirus on compatible machines
+
+For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
+
+### Windows Defender Application Guard (Windows Defender AG) optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender AG:
+Machines are considered "well configured" for Windows Defender AG if the following requirements are met:
+
+- Hardware and software prerequisites are met
+- Windows Defender AG is turned on compatible machines
+- Managed mode is turned on
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Ensure hardware and software prerequisites are met
+
+ >[!NOTE]
+ >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
+
+- Turn on Windows Defender AG on compatible machines
+- Turn on managed mode
+
+
+For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
+
+
+### Windows Defender SmartScreen optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender SmartScreen:
+The following settings must be configured with the following settings:
+- Check apps and files: **Warn** or **Block**
+- SmartScreen for Microsoft Edge: **Warn** or **Block**
+- SmartScreen for Microsoft store apps: **Warn** or **Off**
+
+
+You can take the following actions to increase the overall security score of your organization:
+- Set **Check app and files** to **Warn** or **Block**
+- Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
+- Set **SmartScreen for Microsoft store apps** to **Warn** or **Off**
+
+For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
+
+
+
+### Windows Defender Firewall optimization
+For a machine to be considered "well configured", Windows Defender Firewall must be turned on and enabled for all profiles and inbound connections are blocked by default. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Firewall is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender Firewall
+
+- Windows Defender Firewall is turned on for all network connections
+- Secure domain profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure private profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure public profile is configured by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+
+For more information on Windows Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
+
+>[!NOTE]
+> If Windows Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Turn on firewall
+- Secure domain profile
+- Secure private profile
+- Secure public profile
+- Verify secure configuration of third-party firewall
+- Fix sensor data collection
+ - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
+
+### BitLocker optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for BitLocker is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1803 or later.
+
+#### Minimum baseline configuration setting for BitLocker
+- Ensure all supported internal drives are encrypted
+- Ensure that all suspended protection on drives resume protection
+- Ensure that drives are compatible
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+- Encrypt all supported drives
+- Resume protection on all drives
+- Ensure drive compatibility
+- Fix sensor data collection
+ - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
+
+### Windows Defender Credential Guard optimization
+For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Credential Guard is fulfilled.
+
+>[!IMPORTANT]
+>This security control is only applicable for machines with Windows 10, version 1709 or later.
+
+#### Minimum baseline configuration setting for Windows Defender Credential Guard:
+Machines are considered "well configured" for Windows Defender Credential Guard if the following requirements are met:
+
+- Hardware and software prerequisites are met
+- Windows Defender Credential Guard is turned on on compatible machines
+
+
+##### Recommended actions:
+You can take the following actions to increase the overall security score of your organization:
+
+- Ensure hardware and software prerequisites are met
+- Turn on Credential Guard
+- Fix sensor data collection
+ - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
+
+For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink)
+
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
deleted file mode 100644
index 6ea27c4f75..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ /dev/null
@@ -1,256 +0,0 @@
----
-title: View the Secure score dashboard in Windows Defender ATP
-description: Use the Secure score dashboard to assess and improve the security state of your organization by analyzing various security control tiles.
-keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverage, security control, improvement opportunities, edr, antivirus, av, os security updates
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: mjcaparas
-localizationpriority: high
-ms.date: 03/12/2018
----
-
-# View the Windows Defender Advanced Threat Protection Secure score dashboard
-
-**Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink)
-
-
-The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
-
->[!IMPORTANT]
-> This feature is available for machines on Windows 10, version 1703 or later.
-
-The **Secure score dashboard** displays a snapshot of:
-- Organizational security score
-- Security coverage
-- Improvement opportunities
-- Security score over time
-
-
-
-## Organizational security score
-The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings.
-
-
-
-Each Windows Defender security control from the **Security coverage** tile contributes 100 points to the organizational security score.
-
-The denominator is reflective of the organizational score potential and calculated by multiplying the number of supported security controls (Security coverage pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar).
-
-
-In the example image, the total points from the **Improvement opportunities** tile add up to 321 points for the six pillars from the **Security coverage** tile.
-
-You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Preferences settings**. For more information, see [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md).
-
-## Security coverage
-The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention.
-
-
-
-
-## Improvement opportunities
-Improve your organizational security score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
-
-Click on each control to see the recommended optimizations.
-
-
-
-The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action. When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
-
->[!IMPORTANT]
->Recommendations that do not display a green triangle icon are informational only and no action is required.
-
-Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
-
-The following image shows an example list of machines where the EDR sensor is not turned on.
-
-
-
-## Security score over time
-You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
-
-
-
-You can click on specific date points to see the total score for that security control is on a particular date.
-
-### Endpoint detection and response (EDR) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
-
-#### Minimum baseline configuration setting for EDR:
-- Windows Defender ATP sensor is on
-- Data collection is working correctly
-- Communication to Windows Defender ATP service is not impaired
-
-#### Minimum baseline configuration setting for EDR:
-You can take the following actions to increase the overall security score of your organization:
-- Turn on sensor
-- Fix sensor data collection
-- Fix impaired communications
-
-For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
-
-### Windows Defender Antivirus (Windows Defender AV) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
-
-#### Minimum baseline configuration setting for Windows Defender AV:
-Endpoints are considered "well configured" for Windows Defender AV if the following requirements are met:
-
-- Windows Defender AV is reporting correctly
-- Windows Defender AV is turned on
-- Signature definitions are up to date
-- Real-time protection is on
-- Potentially Unwanted Application (PUA) protection is enabled
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-
->[!NOTE]
-> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint.
-
-- Fix antivirus reporting
- - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
-- Turn on antivirus
-- Update antivirus definitions
-- Turn on real-time protection
-- Turn on PUA protection
-
-For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
-
-
-### OS security updates optimization
-This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
-
-You can take the following actions to increase the overall security score of your organization:
-- Install the latest security updates
-- Fix sensor data collection
- - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
-
-For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
-
-
-### Windows Defender Exploit Guard (Windows Defender EG) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline.
-
-#### Minimum baseline configuration setting for Windows Defender EG:
-Endpoints are considered "well configured" for Windows Defender EG if the following requirements are met:
-
-- System level protection settings are configured correctly
-- Attack Surface Reduction rules are configured correctly
-- Controlled Folder Access setting is configured correctly
-
-##### System level protection:
-The following system level configuration settings must be set to **On or Force On**:
-
-1. Control Flow Guard
-2. Data Execution Prevention (DEP)
-3. Randomize memory allocations (Bottom-up ASLR)
-4. Validate exception chains (SEHOP)
-5. Validate heap integrity
-
->[!NOTE]
->The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
->Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
-
-##### Attack Surface Reduction (ASR) rules:
-The following ASR rules must be configured to **Block mode**:
-
-Rule description | GUIDs
--|-
-Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
-Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
-Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
-Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
-Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
-Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
-
-
->[!NOTE]
->The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
->Consider enabling this rule in **Audit** or **Block mode** for better protection.
-
-
-##### Controlled Folder Access
-The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
-
->[!NOTE]
-> Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
->Consider enabling Controlled Folder Access for better protection.
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-- Turn on all system-level Exploit Protection settings
-- Set all ASR rules to enabled or audit mode
-- Turn on Controlled Folder Access
-- Turn on Windows Defender Antivirus on compatible machines
-
-For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
-
-### Windows Defender Application Guard (Windows Defender AG) optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline.
-
-#### Minimum baseline configuration setting for Windows Defender AG:
-Endpoints are considered "well configured" for Windows Defender AG if the following requirements are met:
-
-- Hardware and software prerequisites are met
-- Windows Defender AG is turned on compatible machines
-- Managed mode is turned on
-
-##### Recommended actions:
-You can take the following actions to increase the overall security score of your organization:
-- Ensure hardware and software prerequisites are met
-
- >[!NOTE]
- >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
-
-- Turn on Windows Defender AG on compatible machines
-- Turn on managed mode
-
-
-For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
-
-
-### Windows Defender SmartScreen optimization
-For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
-
-#### Minimum baseline configuration setting for Windows Defender SmartScreen:
-The following settings must be configured with the following settings:
-- Check apps and files: **Warn** or **Block**
-- SmartScreen for Microsoft Edge: **Warn** or **Block**
-- SmartScreen for Microsoft store apps: **Warn** or **Off**
-
-
-You can take the following actions to increase the overall security score of your organization:
-- Set **Check app and files** to **Warn** or **Block**
-- Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
-- Set **SmartScreen for Microsoft store apps** to **Warn** or **Off**
-
-For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink)
-
-## Related topics
-- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md)
-- [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
-
diff --git a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
index 1846ca83c2..7b4b053ce3 100644
--- a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/01/2017
+ms.date: 04/17/2018
---
# View the Windows Defender Advanced Threat Protection Security operations dashboard
@@ -23,20 +23,25 @@ ms.date: 11/01/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
The **Security operations dashboard** displays a snapshot of:
- The latest active alerts on your network
-- Daily machines reporting
- Machines at risk
-- Users at risk
- Machines with active malware alerts
+- Daily machines reporting
+- Active automated investigations
+- Automated investigations statistics
+- Users at risk
+- Suspicious activities
- Sensor health
- Service health
+
+
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
From the **Security operations dashboard** you will see aggregated events to facilitate the identification of significant events or behaviors on a machine. You can also drill down into granular events and low-level indicators.
@@ -54,10 +59,7 @@ For more information see, [Alerts overview](alerts-queue-windows-defender-advanc
The **Latest active alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see, [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [Alerts overview](alerts-queue-windows-defender-advanced-threat-protection.md).
-## Daily machines reporting
-The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
-
## Machines at risk
This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
@@ -68,19 +70,12 @@ Click the name of the machine to see details about that machine. For more inform
You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
-## Users at risk
-The tile shows you a list of user accounts with the most active alerts.
-
-
-
-Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
-
## Machines with active malware detections
-The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender Antivirus.
+The **Machines with active malware detections** tile will only appear if your machines are using Windows Defender Antivirus.
Active malware is defined as threats that were actively executing at the time of detection.
-Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days.
+Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of machines with at least one active detection (as **Machines**) over the past 30 days.
@@ -98,12 +93,44 @@ Threats are considered "active" if there is a very high probability that the mal
Clicking on any of these categories will navigate to the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
> [!NOTE]
-> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> The **Machines with active malware detections** tile will only appear if your machines are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+## Daily machines reporting
+The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day.
+
+
+
+
+
+## Active automated investigations
+You can view the overall number of automated investigations from the last 30 days in your network from the **Active automated investigations** tile. Investigations are grouped into **Waiting for machine**, **Running**, and **Pending approval**.
+
+
+
+
+## Automated investigations statistics
+This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigaiton to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation.
+
+
+
+You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Invesgations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
+
+## Users at risk
+The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts.
+
+
+
+Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
+
+## Suspicious activities
+This tile shows audit events based on detections from various security components.
+
+
+
## Sensor health
-The **Sensor health** tile provides information on the individual endpoint’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
+The **Sensor health** tile provides information on the individual machine’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines.
@@ -126,13 +153,8 @@ For more information on the service health, see [Check the Windows Defender ATP
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-belowfoldlink)
## Related topics
-- [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
-- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
-- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
-- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
-- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
-- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
-- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+
diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
index fb58b3850a..0e0c2d60c4 100644
--- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Check the Windows Defender Advanced Threat Protection service health
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
@@ -57,4 +57,4 @@ When an issue is resolved, it gets recorded in the **Status history** tab.
The **Status history** tab reflects all the historical issues that were seen and resolved. You'll see details of the resolved issues along with the other information that were included while it was being resolved.
### Related topic
-- [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
index 6277924353..6e4c10056a 100644
--- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Supported Windows Defender ATP query APIs
@@ -23,6 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink)
@@ -39,3 +40,5 @@ IP | Run API calls such as get IP related alerts, IP related machines, IP statis
Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
+## Related topic
+- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
index e2bb30d5ac..1b25b996dc 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
@@ -50,5 +50,10 @@ To access Threat analytics, from the navigation pane select **Dashboards** > **T
Click a section of each chart to get a list of the machines in the corresponding mitigation status.
+## Related topics
+- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
+- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
+- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
index 54edd18d8c..3324909b34 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Understand threat intelligence concepts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink)
@@ -52,8 +52,8 @@ Here is an example of an IOC:
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
## Related topics
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
index b376019c6a..8f05637899 100644
--- a/windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md
@@ -63,9 +63,9 @@ To set the time zone:
To apply different date formats for Windows Defender ATP, use regional settings for Internet Explorer (IE) and Microsoft Edge (Edge). If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser.
-**Internet Explorer (IE) and Microsoft Edge (Edge)**
+**Internet Explorer (IE) and Microsoft Edge**
-IE and Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel.
+IE and Microsoft Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel.
#### Known issues with regional formats
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
index d6dbef14e6..b020424608 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
@@ -23,7 +23,7 @@ ms.date: 02/26/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
You might need to troubleshoot issues while using the custom threat intelligence feature.
@@ -53,8 +53,8 @@ If your client secret expires or if you've misplaced the copy provided when you
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+- [Create custom alerts using the threat intelligence API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code-windows-defender-advanced-threat-protection.md)
- [Python code examples for the custom threat intelligence API](python-example-code-windows-defender-advanced-threat-protection.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 67e7ed903c..ae602776bf 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -50,10 +50,10 @@ For both cases you should contact Microsoft support at [General Windows Defender
If while accessing the Windows Defender ATP portal you get a **Your subscription has expired** message, your online service subscription has expired. Windows Defender ATP subscription, like any other online service subscription, has an expiration date.
-You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the endpoint offboarding package, should you choose to not renew the license.
+You can choose to renew or extend the license at any point in time. When accessing the portal after the expiration date a **Your subscription has expired** message will be presented with an option to download the machine offboarding package, should you choose to not renew the license.
> [!NOTE]
-> For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
+> For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
@@ -73,4 +73,4 @@ You'll need to whitelist the `security.windows.com` and all sub-domains under it
## Related topics
-- [Validating licensing provisioning and completing setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Validate licensing provisioning and complete setup for Windows Defender ATP](licensing-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 0dd01e9e60..637bf8c04f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
---
title: Troubleshoot Windows Defender ATP onboarding issues
-description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
+description: Troubleshoot issues that might arise during the onboarding of machines or to the Windows Defender ATP service.
keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/17/2018
---
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
@@ -25,37 +25,37 @@ ms.date: 11/21/2017
- Windows Server 2012 R2
- Windows Server 2016
-
+[!include[Prerelease information](prerelease.md)]
You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
-This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
+This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines.
-If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem.
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an onboarding or connectivity problem.
## Troubleshoot onboarding when deploying with Group Policy
-Deployment with Group Policy is done by running the onboarding script on the endpoints. The Group Policy console does not indicate if the deployment has succeeded or not.
+Deployment with Group Policy is done by running the onboarding script on the machines. The Group Policy console does not indicate if the deployment has succeeded or not.
-If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
+If you have completed the onboarding process and don't see machines in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the machines. For more information, see [Troubleshoot onboarding when deploying with a script](#troubleshoot-onboarding-when-deploying-with-a-script).
-If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
+If the script completes successfully, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
-When onboarding endpoints using the following versions of System Center Configuration Manager:
+When onboarding machines using the following versions of System Center Configuration Manager:
- System Center 2012 Configuration Manager
- System Center 2012 R2 Configuration Manager
- System Center Configuration Manager (current branch) version 1511
- System Center Configuration Manager (current branch) version 1602
-Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the endpoints. You can track the deployment in the Configuration Manager Console.
+Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the machines. You can track the deployment in the Configuration Manager Console.
-If the deployment fails, you can check the output of the script on the endpoints.
+If the deployment fails, you can check the output of the script on the machines.
-If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
+If the onboarding completed successfully but the machines are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues](#troubleshoot-onboarding-issues) for additional errors that might occur.
-## Troubleshoot onboarding when deploying with a script on the endpoint
+## Troubleshoot onboarding when deploying with a script
-**Check the result of the script on the endpoint**:
+**Check the result of the script on the machine**:
1. Click **Start**, type **Event Viewer**, and press **Enter**.
2. Go to **Windows Logs** > **Application**.
@@ -70,17 +70,17 @@ Event ID | Error Type | Resolution steps
:---|:---|:---
5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```. Verify that the script was ran as an administrator.
-15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).
If the endpoint is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
+15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).
If the machine is running Windows 10, version 1607 and running the command `sc query sense` returns `START_PENDING`, reboot the machine. If rebooting the machine doesn't address the issue, upgrade to KB4015217 and try onboarding again.
15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender Antivirus ELAM driver, see [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy) for instructions.
-30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors using Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
65 | Insufficient privileges| Run the script again with administrator privileges.
## Troubleshoot onboarding issues using Microsoft Intune
You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
-If you have configured policies in Intune and they are not propagated on endpoints, you might need to configure automatic MDM enrollment. For more information, see the [Configure automatic MDM enrollment](https://go.microsoft.com/fwlink/?linkid=829597) section.
+If you have configured policies in Intune and they are not propagated on machines, you might need to configure automatic MDM enrollment. For more information, see the [Configure automatic MDM enrollment](https://go.microsoft.com/fwlink/?linkid=829597) section.
Use the following tables to understand the possible causes of issues while onboarding:
@@ -88,14 +88,14 @@ Use the following tables to understand the possible causes of issues while onboa
- Known issues with non-compliance table
- Mobile Device Management (MDM) event logs table
-If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint management** section of the portal, and run it in an elevated command prompt.
+If none of the event logs and troubleshooting steps work, download the Local script from the **Machine management** section of the portal, and run it in an elevated command prompt.
**Microsoft Intune error codes and OMA-URIs**:
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
:---|:---|:---|:---|:---
-0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.
**Troubleshooting steps:** Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.
**Troubleshooting steps:** Check the event IDs in the [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
| | | | Onboarding Offboarding SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.
**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```
If it doesn't exist, open an elevated command and add the key.
| | | | SenseIsRunning OnboardingState OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.
**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
|| | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, Education, and Professional. Server is not supported.
@@ -125,16 +125,16 @@ ID | Severity | Event description | Troubleshooting steps
:---|:---|:---|:---
1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
-## Troubleshoot onboarding issues on the endpoint
-If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
-- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
+## Troubleshoot onboarding issues on the machine
+If the deployment tools used does not indicate an error in the onboarding process, but machines are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
+- [View agent onboarding errors in the machine event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
- [Ensure the diagnostic data service is enabled](#ensure-the-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
-- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
+- [Ensure the machine has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
- [Ensure that Windows Defender Antivirus is not disabled by a policy](#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)
-### View agent onboarding errors in the endpoint event log
+### View agent onboarding errors in the machine event log
1. Click **Start**, type **Event Viewer**, and press **Enter**.
@@ -155,16 +155,16 @@ If the deployment tools used does not indicate an error in the onboarding proces
Event ID | Message | Resolution steps
:---|:---|:---
-5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).
-7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
-9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).
If the event happened during offboarding, contact support.
-10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md).
If the problem persists, contact support.
-15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
+5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
+7 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
+9 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
If the event happened during offboarding, contact support.
+10 | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md).
If the problem persists, contact support.
+15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the machine has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+17 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | [Run the onboarding script again](configure-endpoints-script-windows-defender-advanced-threat-protection.md). If the problem persists, contact support.
25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
27 | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support.
-29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the endpoint has Internet access, then run the entire offboarding process again.
+29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the machine has Internet access, then run the entire offboarding process again.
30 | Failed to disable $(build.sense.productDisplayName) mode in Windows Defender Advanced Threat Protection. Failure code: %1 | Contact support.
32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the machine.
55 | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the machine.
@@ -174,11 +174,11 @@ Event ID | Message | Resolution steps
69 | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists.
-There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
+There are additional components on the machine that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
### Ensure the diagnostic data service is enabled
-If the endpoints aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes.
+If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the machine. The service might have been disabled by other programs or user configuration changes.
First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
@@ -186,7 +186,7 @@ First, you should check that the service is set to start automatically when Wind
**Use the command line to check the Windows 10 diagnostic data service startup type**:
-1. Open an elevated command-line prompt on the endpoint:
+1. Open an elevated command-line prompt on the machine:
a. Click **Start**, type **cmd**, and press **Enter**.
@@ -207,7 +207,7 @@ First, you should check that the service is set to start automatically when Wind
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
-1. Open an elevated command-line prompt on the endpoint:
+1. Open an elevated command-line prompt on the machine:
a. Click **Start**, type **cmd**, and press **Enter**.
@@ -233,7 +233,7 @@ First, you should check that the service is set to start automatically when Wind
sc start diagtrack
```
-### Ensure the endpoint has an Internet connection
+### Ensure the machine has an Internet connection
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.
@@ -248,7 +248,7 @@ If the verification fails and your environment is using a proxy to connect to th
**Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
-**Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
+**Solution**: If your machines are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
@@ -259,7 +259,7 @@ If the verification fails and your environment is using a proxy to connect to th
- ``````
- ``````
-- After clearing the policy, run the onboarding steps again on the endpoint.
+- After clearing the policy, run the onboarding steps again.
- You can also check the following registry key values to verify that the policy is disabled:
@@ -273,7 +273,7 @@ If the verification fails and your environment is using a proxy to connect to th
If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
- [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-mma)
-- [Ensure that the server endpoint proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
+- [Ensure that the server proxy and Internet connectivity settings are configured properly](configure-server-endpoints-windows-defender-advanced-threat-protection.md#server-proxy)
You might also need to check the following:
- Check that there is a Windows Defender Advanced Threat Protection Service running in the **Processes** tab in **Task Manager**. For example:
@@ -308,5 +308,5 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
## Related topics
- [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
-- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
-- [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
index 64bd439f18..6a9a2a8e2f 100644
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -42,11 +42,11 @@ Make sure that `*.securitycenter.windows.com` is included the proxy whitelist.
### Windows Defender ATP service shows event or error logs in the Event Viewer
-See the topic [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
+See the topic [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
### Windows Defender ATP service fails to start after a reboot and shows error 577
-If onboarding endpoints successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
+If onboarding machines successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
@@ -73,4 +73,4 @@ Support of use of comma as a separator in numbers are not supported. Regions whe
## Related topics
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
-- [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+- [Review events and errors using Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
index c4691b7324..43d2792de3 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 10/16/2017
+ms.date: 04/17/2018
---
# Use the threat intelligence API to create custom alerts
@@ -23,7 +23,7 @@ ms.date: 10/16/2017
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
index 9ec694fdde..bc987d35d2 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md
@@ -31,7 +31,9 @@ You can use the Windows Defender ATP portal to carry out an end-to-end security
Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
-Use the **Secure score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
+
+Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown.
### In this section
@@ -39,7 +41,8 @@ Use the **Secure score** dashboard to expand your visibility on the overall secu
Topic | Description
:---|:---
[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions.
-[View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
-[View the Windows Defender Advanced Threat Protection Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
+[View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
+[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations.
diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
index a82528a68f..a3ae16d7dd 100644
--- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
-title: Windows Defender Advanced Threat Protection - Windows Defender
+title: Windows Defender Advanced Threat Protection
description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, score, threat intelligence
+keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
-ms.date: 03/12/2018
+ms.date: 04/17/2018
---
# Windows Defender Advanced Threat Protection
@@ -23,7 +23,7 @@ ms.date: 03/12/2018
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink)
>
@@ -55,18 +55,15 @@ Windows Defender ATP uses the following combination of technology built into Win
tools, techniques, and procedures, and generate alerts when these
are observed in collected sensor data.
-The following diagram shows these Windows Defender ATP service
-components:
+ 
-
-
-Endpoint investigation capabilities in this service let you drill down
+Machine investigation capabilities in this service let you drill down
into security alerts and understand the scope and nature of a potential
breach. You can submit files for deep analysis and receive the results
-without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com).
+without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches.
Windows Defender ATP works with existing Windows security technologies
-on endpoints, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
+on machines, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It
can also work side-by-side with third-party security solutions and
antimalware products.
@@ -75,39 +72,36 @@ detect sophisticated cyber-attacks, providing:
- Behavior-based, cloud-powered, advanced attack detection
- Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints.
+ Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines.
- Rich timeline for forensic investigation and mitigation
- Easily investigate the scope of breach or suspected behaviors on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
+ Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs.
- Built in unique threat intelligence knowledge base
Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources.
+- Automated investigation and remediation
+
+ Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action.
+
## In this section
Topic | Description
:---|:---
-[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels.
-[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and enable the preview experience.
-[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored.
-[Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory.
-[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints.
-[Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks.
-[Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
-[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools.
-[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization.
-[Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) | Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities.
-[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
-[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
-[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
-[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)| The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.
-[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information.
-[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
-[Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
-[Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.
-[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender Antivirus works in conjunction with Windows Defender ATP.
+Get started | Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal.
+[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues.
+[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal.
+Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats.
+API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.
+Reporting | Create and build Power BI reports using Windows Defender ATP data.
+Check service health and sensor state | Verify that the service is running and check the sensor state on machines.
+[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product.
+[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
+[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP.
+
## Related topic
[Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
index 7511f2b65d..9cf38c9042 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 12/01/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/17/2018
---
@@ -21,7 +21,7 @@ ms.date: 12/01/2017
**Applies to:**
-- Windows 10, version 1709
+- Windows 10, version 1709 and later
@@ -54,7 +54,11 @@ For further details on how audit mode works, and when you might want to use it,
>If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Defender Security Center app after a restart of the device.
>If the feature is set to **Audit mode** with any of those tools, the Windows Defender Security Center app will show the state as **Off**.
>See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works.
-
+>
+>Group Policy settings that disable local administrator list merging will override Controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through Controlled folder access. These policies include:
+>- Windows Defender Antivirus **Configure local administrator merge behavior for lists**
+>- System Center Endpoint Protection **Allow users to add exclusions and overrides**
+>For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged).
### Use the Windows Defender Security app to enable Controlled folder access
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 8c998be64f..75d70268f2 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 10/17/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/11/2018
---
@@ -39,12 +39,18 @@ In Windows 10, version 1709, we increased the scope of the app to also show info
>[!NOTE]
>The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
-This library describes the Windows defender Security Center app, and provides information on configuring certain features, inlcuding:
+This library describes the Windows Defender Security Center app, and provides information on configuring certain features, including:
- [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md)
- [Hiding notifications](wdsc-hide-notifications.md)
+You can't uninstall the Windows Defender Security Center app, but you can do one of the following:
+
+- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016).
+- Hide all of the sections on client computers (see below).
+- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
+
You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics:
