From 04e348e065d263f82e2b2016696c6685c4746dc7 Mon Sep 17 00:00:00 2001 From: Tudor Date: Wed, 20 Sep 2023 13:15:10 -0700 Subject: [PATCH 01/16] Learn Editor: Update policy-csp-defender.md --- windows/client-management/mdm/policy-csp-defender.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 7216ad6c03..44e5222515 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1074,6 +1074,10 @@ This policy setting allows you to configure the maximum percentage CPU utilizati - If you enable this setting, CPU utilization won't exceed the percentage specified. - If you disable or don't configure this setting, CPU utilization won't exceed the default value. + +> [!NOTE] +> If ScanOnlyIfIdle (instructing the product to scan only when the computer is not in use) and DisableCpuThrottleOnIdleScans (instructing the product to disable CPU throttling on idle scans) are both enabled, then the value of AvgCPULoadFactor is ignored. + @@ -2902,7 +2906,9 @@ Valid remediation action values are: [TAMPER-1]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection + [TAMPER-2]: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#what-about-exclusions + @@ -2910,3 +2916,4 @@ Valid remediation action values are: ## Related articles [Policy configuration service provider](policy-configuration-service-provider.md) + From cb72c15cb56136263c23cf453a9ff9d40c0af5f2 Mon Sep 17 00:00:00 2001 From: Erik Reitan Date: Mon, 2 Oct 2023 13:08:14 -0700 Subject: [PATCH 04/16] Update implement-server-side-mobile-application-management.md --- ...erver-side-mobile-application-management.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md index 2927f3eefe..39211cb581 100644 --- a/windows/client-management/implement-server-side-mobile-application-management.md +++ b/windows/client-management/implement-server-side-mobile-application-management.md @@ -1,29 +1,29 @@ --- -title: Support for mobile application management on Windows -description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices. +title: Support for Windows Information Protection (WIP) on Windows +description: Learn about implementing the Windows version of Windows Information Protection (WIP), which is a lightweight solution for managing company data access and security on personal devices. ms.topic: article ms.date: 08/10/2023 --- -# Support for mobile application management on Windows +# Support for Windows Information Protection (WIP) on Windows -The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). +Windows Information Protection (WIP) is a lightweight solution for managing company data access and security on personal devices. WIP support is built into Windows. [!INCLUDE [Deprecate Windows Information Protection](../security/information-protection/windows-information-protection/includes/wip-deprecation.md)] ## Integration with Azure AD -MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). +WIP is integrated with Azure Active Directory (Azure AD) identity service. The WIP service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of WIP policies. WIP integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). -MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices are enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device is enrolled to MAM. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. +WIP uses Mobile Application Management (MAM). MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices are enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device is enrolled to MAM. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft 365 apps. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**. Regular non administrator users can enroll to MAM. -## Integration with Windows Information Protection +## Understand Windows Information Protection -MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. +WIP takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. To make applications WIP-aware, app developers need to include the following data in the app resource file. @@ -74,7 +74,7 @@ Since the [Poll](mdm/dmclient-csp.md#deviceproviderprovideridpoll) node isn't pr ## Supported CSPs -MAM on Windows supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback: +WIP supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback: - [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps. - [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs. From cb91c20a245813df89ff886db045921038d83338 Mon Sep 17 00:00:00 2001 From: Erik Reitan Date: Tue, 3 Oct 2023 10:55:58 -0700 Subject: [PATCH 05/16] Update implement-server-side-mobile-application-management.md --- .../implement-server-side-mobile-application-management.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md index 39211cb581..b6cc82ee11 100644 --- a/windows/client-management/implement-server-side-mobile-application-management.md +++ b/windows/client-management/implement-server-side-mobile-application-management.md @@ -15,7 +15,7 @@ Windows Information Protection (WIP) is a lightweight solution for managing comp WIP is integrated with Azure Active Directory (Azure AD) identity service. The WIP service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of WIP policies. WIP integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). -WIP uses Mobile Application Management (MAM). MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices are enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device is enrolled to MAM. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. +WIP uses Workplace Join (WPJ). WPJ is integrated with adding a work account flow to a personal device. If a user adds their work or school Entra ID account as a secondary account to the machine, their device registered with WPJ. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be registered with WPJ. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices. On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft 365 apps. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**. @@ -23,7 +23,7 @@ Regular non administrator users can enroll to MAM. ## Understand Windows Information Protection -WIP takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. +WPJ takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. To make applications WIP-aware, app developers need to include the following data in the app resource file. From e382ff71d10e2ca805984af6e2453a9f21bebee0 Mon Sep 17 00:00:00 2001 From: Erik Reitan Date: Tue, 3 Oct 2023 11:09:52 -0700 Subject: [PATCH 06/16] Update implement-server-side-mobile-application-management.md --- .../implement-server-side-mobile-application-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md index b6cc82ee11..9f3374bb96 100644 --- a/windows/client-management/implement-server-side-mobile-application-management.md +++ b/windows/client-management/implement-server-side-mobile-application-management.md @@ -23,7 +23,7 @@ Regular non administrator users can enroll to MAM. ## Understand Windows Information Protection -WPJ takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. +WIP takes advantage of [built-in policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, WPJ limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. To make applications WIP-aware, app developers need to include the following data in the app resource file. From 8d94ea652683ea505a4303f0d5c33809b6b74d59 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:13:47 -0400 Subject: [PATCH 07/16] 2023-10 TOC Updates --- windows/deployment/TOC.yml | 208 ++++++++++++++++++------------------- 1 file changed, 103 insertions(+), 105 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index b8da7a6027..b22667060b 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -124,16 +124,6 @@ href: deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md - name: In-place upgrade href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md - - name: Subscription Activation - items: - - name: Windows subscription activation - href: windows-10-subscription-activation.md - - name: Windows Enterprise E3 in CSP - href: windows-10-enterprise-e3-overview.md - - name: Configure VDA for subscription activation - href: vda-subscription-activation.md - - name: Deploy Windows Enterprise licenses - href: deploy-enterprise-licenses.md - name: Deploy Windows client updates items: - name: Assign devices to servicing channels @@ -184,6 +174,109 @@ href: update/deployment-service-drivers.md - name: Troubleshoot Windows Update for Business deployment service href: update/deployment-service-troubleshoot.md + - name: Activate + items: + - name: Windows subscription activation + href: windows-10-subscription-activation.md + - name: Windows Enterprise E3 in CSP + href: windows-10-enterprise-e3-overview.md + - name: Configure VDA for subscription activation + href: vda-subscription-activation.md + - name: Deploy Windows Enterprise licenses + href: deploy-enterprise-licenses.md + - name: Volume Activation + items: + - name: Overview + href: volume-activation/volume-activation-windows-10.md + - name: Plan for volume activation + href: volume-activation/plan-for-volume-activation-client.md + - name: Activate using Key Management Service + href: volume-activation/activate-using-key-management-service-vamt.md + - name: Activate using Active Directory-based activation + href: volume-activation/activate-using-active-directory-based-activation-client.md + - name: Activate clients running Windows 10 + href: volume-activation/activate-windows-10-clients-vamt.md + - name: Monitor activation + href: volume-activation/monitor-activation-client.md + - name: Use the Volume Activation Management Tool + href: volume-activation/use-the-volume-activation-management-tool-client.md + href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md + - name: Volume Activation Management Tool (VAMT) + items: + - name: VAMT technical reference + href: volume-activation/volume-activation-management-tool.md + - name: Introduction to VAMT + href: volume-activation/introduction-vamt.md + - name: Active Directory-Based Activation Overview + href: volume-activation/active-directory-based-activation-overview.md + - name: Install and Configure VAMT + items: + - name: Overview + href: volume-activation/install-configure-vamt.md + - name: VAMT Requirements + href: volume-activation/vamt-requirements.md + - name: Install VAMT + href: volume-activation/install-vamt.md + - name: Configure Client Computers + href: volume-activation/configure-client-computers-vamt.md + - name: Add and Manage Products + items: + - name: Overview + href: volume-activation/add-manage-products-vamt.md + - name: Add and Remove Computers + href: volume-activation/add-remove-computers-vamt.md + - name: Update Product Status + href: volume-activation/update-product-status-vamt.md + - name: Remove Products + href: volume-activation/remove-products-vamt.md + - name: Manage Product Keys + items: + - name: Overview + href: volume-activation/manage-product-keys-vamt.md + - name: Add and Remove a Product Key + href: volume-activation/add-remove-product-key-vamt.md + - name: Install a Product Key + href: volume-activation/install-product-key-vamt.md + - name: Install a KMS Client Key + href: volume-activation/install-kms-client-key-vamt.md + - name: Manage Activations + items: + - name: Overview + href: volume-activation/manage-activations-vamt.md + - name: Run Online Activation + href: volume-activation/online-activation-vamt.md + - name: Run Proxy Activation + href: volume-activation/proxy-activation-vamt.md + - name: Run KMS Activation + href: volume-activation/kms-activation-vamt.md + - name: Run Local Reactivation + href: volume-activation/local-reactivation-vamt.md + - name: Activate an Active Directory Forest Online + href: volume-activation/activate-forest-vamt.md + - name: Activate by Proxy an Active Directory Forest + href: volume-activation/activate-forest-by-proxy-vamt.md + - name: Manage VAMT Data + items: + - name: Overview + href: volume-activation/manage-vamt-data.md + - name: Import and Export VAMT Data + href: volume-activation/import-export-vamt-data.md + - name: Use VAMT in Windows PowerShell + href: volume-activation/use-vamt-in-windows-powershell.md + - name: VAMT Step-by-Step Scenarios + items: + - name: Overview + href: volume-activation/vamt-step-by-step.md + - name: "Scenario 1: Online Activation" + href: volume-activation/scenario-online-activation-vamt.md + - name: "Scenario 2: Proxy Activation" + href: volume-activation/scenario-proxy-activation-vamt.md + - name: "Scenario 3: KMS Client Activation" + href: volume-activation/scenario-kms-activation-vamt.md + - name: VAMT Known Issues + href: volume-activation/vamt-known-issues.md + - name: Information sent to Microsoft during activation + href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md - name: Monitor items: - name: Windows Update for Business reports @@ -327,82 +420,6 @@ href: planning/security-and-data-protection-considerations-for-windows-to-go.md - name: "Windows To Go: frequently asked questions" href: planning/windows-to-go-frequently-asked-questions.yml - - - name: Volume Activation Management Tool (VAMT) technical reference - items: - - name: VAMT technical reference - href: volume-activation/volume-activation-management-tool.md - - name: Introduction to VAMT - href: volume-activation/introduction-vamt.md - - name: Active Directory-Based Activation Overview - href: volume-activation/active-directory-based-activation-overview.md - - name: Install and Configure VAMT - items: - - name: Overview - href: volume-activation/install-configure-vamt.md - - name: VAMT Requirements - href: volume-activation/vamt-requirements.md - - name: Install VAMT - href: volume-activation/install-vamt.md - - name: Configure Client Computers - href: volume-activation/configure-client-computers-vamt.md - - name: Add and Manage Products - items: - - name: Overview - href: volume-activation/add-manage-products-vamt.md - - name: Add and Remove Computers - href: volume-activation/add-remove-computers-vamt.md - - name: Update Product Status - href: volume-activation/update-product-status-vamt.md - - name: Remove Products - href: volume-activation/remove-products-vamt.md - - name: Manage Product Keys - items: - - name: Overview - href: volume-activation/manage-product-keys-vamt.md - - name: Add and Remove a Product Key - href: volume-activation/add-remove-product-key-vamt.md - - name: Install a Product Key - href: volume-activation/install-product-key-vamt.md - - name: Install a KMS Client Key - href: volume-activation/install-kms-client-key-vamt.md - - name: Manage Activations - items: - - name: Overview - href: volume-activation/manage-activations-vamt.md - - name: Run Online Activation - href: volume-activation/online-activation-vamt.md - - name: Run Proxy Activation - href: volume-activation/proxy-activation-vamt.md - - name: Run KMS Activation - href: volume-activation/kms-activation-vamt.md - - name: Run Local Reactivation - href: volume-activation/local-reactivation-vamt.md - - name: Activate an Active Directory Forest Online - href: volume-activation/activate-forest-vamt.md - - name: Activate by Proxy an Active Directory Forest - href: volume-activation/activate-forest-by-proxy-vamt.md - - name: Manage VAMT Data - items: - - name: Overview - href: volume-activation/manage-vamt-data.md - - name: Import and Export VAMT Data - href: volume-activation/import-export-vamt-data.md - - name: Use VAMT in Windows PowerShell - href: volume-activation/use-vamt-in-windows-powershell.md - - name: VAMT Step-by-Step Scenarios - items: - - name: Overview - href: volume-activation/vamt-step-by-step.md - - name: "Scenario 1: Online Activation" - href: volume-activation/scenario-online-activation-vamt.md - - name: "Scenario 2: Proxy Activation" - href: volume-activation/scenario-proxy-activation-vamt.md - - name: "Scenario 3: KMS Client Activation" - href: volume-activation/scenario-kms-activation-vamt.md - - name: VAMT Known Issues - href: volume-activation/vamt-known-issues.md - - name: User State Migration Tool (USMT) technical reference items: - name: USMT overview articles @@ -570,25 +587,6 @@ href: planning/testing-your-application-mitigation-packages.md - name: Use the Sdbinst.exe Command-Line Tool href: planning/using-the-sdbinstexe-command-line-tool.md - - name: Volume Activation - items: - - name: Overview - href: volume-activation/volume-activation-windows-10.md - - name: Plan for volume activation - href: volume-activation/plan-for-volume-activation-client.md - - name: Activate using Key Management Service - href: volume-activation/activate-using-key-management-service-vamt.md - - name: Activate using Active Directory-based activation - href: volume-activation/activate-using-active-directory-based-activation-client.md - - name: Activate clients running Windows 10 - href: volume-activation/activate-windows-10-clients-vamt.md - - name: Monitor activation - href: volume-activation/monitor-activation-client.md - - name: Use the Volume Activation Management Tool - href: volume-activation/use-the-volume-activation-management-tool-client.md - - name: "Appendix: Information sent to Microsoft during activation " - href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md - - name: Install fonts in Windows client href: windows-10-missing-fonts.md - name: Customize Windows PE boot images From a056eccca8cc284a1dbb3538dcac81420a8fed82 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:34:24 -0400 Subject: [PATCH 08/16] 2023-10 TOC Updates 2 --- windows/deployment/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index b22667060b..5d7ac4a474 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -373,9 +373,9 @@ - name: How does Windows Update work? href: update/how-windows-update-works.md - name: Windows client upgrade paths - href: upgrade/windows-10-upgrade-paths.md + href: upgrade/windows-upgrade-paths.md - name: Windows client edition upgrade - href: upgrade/windows-10-edition-upgrades.md + href: upgrade/windows-edition-upgrades.md - name: Deploy Windows 10 with Microsoft 365 href: deploy-m365.md - name: Understand the Unified Update Platform From 316ff63f6255a0a39632d4c51c5891ea2b58bda9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 3 Oct 2023 17:18:00 -0700 Subject: [PATCH 09/16] editorial revision --- windows/client-management/mdm/policy-csp-defender.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 44e5222515..325dcb5961 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/10/2023 +ms.date: 10/03/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1075,13 +1075,17 @@ This policy setting allows you to configure the maximum percentage CPU utilizati - If you disable or don't configure this setting, CPU utilization won't exceed the default value. -> [!NOTE] -> If ScanOnlyIfIdle (instructing the product to scan only when the computer is not in use) and DisableCpuThrottleOnIdleScans (instructing the product to disable CPU throttling on idle scans) are both enabled, then the value of AvgCPULoadFactor is ignored. - + +> [!NOTE] +> If you enable both of the following policies, then Windows ignores the value of **AvgCPULoadFactor**: +> +> - [ScanOnlyIfIdle](defender-csp.md#configurationscanonlyifidleenabled): Instructs the product to scan only when the computer isn't in use. +> - [DisableCpuThrottleOnIdleScans](defender-csp.md#configurationdisablecputhrottleonidlescans): Instructs the product to disable CPU throttling on idle scans. + From 07b61b425f734fdb232a8039f37e5fe307000229 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 10:44:07 -0400 Subject: [PATCH 10/16] Small revisions Small revisions to formatting --- .../upgrade/windows-edition-upgrades.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index 1be1bbfb85..e282ed0740 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -51,11 +51,12 @@ The following table shows the methods and paths available to change the edition - ☑️ = Supported, but reboot required. - ❌ = Not supported. - MDM = Modern device management. -- Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods. > [!NOTE] > -> Edition upgrades via Microsoft Store for Business are no longer available with the [retirement of Microsoft Store for Business](/announcements/microsoft-store-for-business-education-retiring). +> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods. +> +> - Edition upgrades via Microsoft Store for Business are no longer available with the [retirement of Microsoft Store for Business](/announcements/microsoft-store-for-business-education-retiring). > [!TIP] > @@ -178,10 +179,6 @@ The following scenarios aren't supported: ## Supported Windows downgrade paths -- Yes = Supported downgrade path. -- No = not supported or not a downgrade. -- \- = Not considered a downgrade or an upgrade. - | Edition | Home | Pro | Pro for Workstations | Pro Education | Education | Enterprise LTSC | Enterprise | |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |--------------------------------------------- | | **Home** | - | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | @@ -192,7 +189,13 @@ The following scenarios aren't supported: | **Enterprise LTSC** | ❌ | ❌ | ❌ | ❌ | ❌ | - | ❌ | | **Enterprise** | ❌ | ✅ | ✅ | ✅ | - | ❌ | - | -**Windows N/KN**: Windows **N** and **KN** SKUs follow the same rules shown in the table. +- ✅ = Supported downgrade path. +- ❌ = not supported or not a downgrade. +- \- = Not considered a downgrade or an upgrade. + +> [!NOTE] +> +> Windows **N** and Windows **KN** SKUs follow the same rules shown in the table. The table may not represent more complex scenarios. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key. You can then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro. From 0487ea3aafc60afc078cc6a2f738117fda384f98 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 10:53:32 -0400 Subject: [PATCH 11/16] Moving Intune info Moving Intune info under MDM section --- windows/deployment/upgrade/windows-edition-upgrades.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index e282ed0740..954c8e5734 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -59,15 +59,14 @@ The following table shows the methods and paths available to change the edition > - Edition upgrades via Microsoft Store for Business are no longer available with the [retirement of Microsoft Store for Business](/announcements/microsoft-store-for-business-education-retiring). > [!TIP] -> -> - For information on upgrading editions of Windows using Microsoft Intune, including switching out of S mode, see [Upgrade Windows 10/11 editions or switch out of S mode on devices using Microsoft Intune](/mem/intune/configuration/edition-upgrade-configure-windows-10). -> -> - Edition upgrade is also possible using edition upgrade policy in Microsoft Configuration Manager. For more information, see [Upgrade Windows devices to a new edition with Configuration Manager](/mem/configmgr/compliance/deploy-use/upgrade-windows-version). +> Edition upgrade is also possible using edition upgrade policy in Microsoft Configuration Manager. For more information, see [Upgrade Windows devices to a new edition with Configuration Manager](/mem/configmgr/compliance/deploy-use/upgrade-windows-version). ## Upgrade using modern device management (MDM) To upgrade desktop editions of Windows using MDM, enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp). +For information on upgrading editions of Windows using Microsoft Intune, including switching out of S mode, see [Upgrade Windows 10/11 editions or switch out of S mode on devices using Microsoft Intune](/mem/intune/configuration/edition-upgrade-configure-windows-10). + ## Upgrade using a provisioning package Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition of Windows. Windows Configuration Designer is available as part of the Windows Assessment and Deployment Kit (Windows ADK) or as a stand-alone Microsoft Store app. Download the Windows Configuration Designer from one of the following locations: From 01d821fe445146210dbcd006f34008ea164c472a Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:06:35 -0400 Subject: [PATCH 12/16] Adding column breaks Adding column breaks --- windows/deployment/upgrade/windows-edition-upgrades.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index 954c8e5734..47edf2e378 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -31,7 +31,7 @@ For a comprehensive list of all possible upgrade paths to Windows, see [Windows The following table shows the methods and paths available to change the edition of Windows that is running on your computer. -| Edition upgrade | MDM | Provisioning package | Command-line tool | Manually entering product key | +| Edition upgrade | MDM | Provisioning package | Command
line tool | Manually entering
product key | |-----| ----- | ----- | ----- | ----- | | **Home > Pro** | ❌ | ❌ | ❌ | ☑️ | | **Home > Pro for Workstations** | ❌ | ❌ | ❌ | ☑️| @@ -178,7 +178,7 @@ The following scenarios aren't supported: ## Supported Windows downgrade paths -| Edition | Home | Pro | Pro for Workstations | Pro Education | Education | Enterprise LTSC | Enterprise | +| Edition | Home | Pro | Pro for
Workstations | Pro
Education | Education | Enterprise
LTSC | Enterprise | |-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |--------------------------------------------- | | **Home** | - | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | **Pro** | ❌ | - | ❌ | ❌ | ❌ | ❌ | ❌ | From c2b0a9f86d73fd50ff2ef0be42f21ee3322730fe Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:29:42 -0400 Subject: [PATCH 13/16] Additional breaks Additional breaks --- windows/deployment/upgrade/windows-edition-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index 47edf2e378..92d1c8953b 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -31,7 +31,7 @@ For a comprehensive list of all possible upgrade paths to Windows, see [Windows The following table shows the methods and paths available to change the edition of Windows that is running on your computer. -| Edition upgrade | MDM | Provisioning package | Command
line tool | Manually entering
product key | +| Edition upgrade | MDM | Provisioning
package | Command
line tool | Manually entering
product key | |-----| ----- | ----- | ----- | ----- | | **Home > Pro** | ❌ | ❌ | ❌ | ☑️ | | **Home > Pro for Workstations** | ❌ | ❌ | ❌ | ☑️| From 2778634542d20e4760c12692b21c00312029129a Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 13:31:59 -0400 Subject: [PATCH 14/16] Add dash Add dash --- windows/deployment/upgrade/windows-edition-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index 92d1c8953b..7dcd8be758 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -31,7 +31,7 @@ For a comprehensive list of all possible upgrade paths to Windows, see [Windows The following table shows the methods and paths available to change the edition of Windows that is running on your computer. -| Edition upgrade | MDM | Provisioning
package | Command
line tool | Manually entering
product key | +| Edition upgrade | MDM | Provisioning
package | Command-
line tool | Manually entering
product key | |-----| ----- | ----- | ----- | ----- | | **Home > Pro** | ❌ | ❌ | ❌ | ☑️ | | **Home > Pro for Workstations** | ❌ | ❌ | ❌ | ☑️| From 708f82623717a425b788538845671a99354b35e1 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 4 Oct 2023 13:59:14 -0400 Subject: [PATCH 15/16] Correcting link Correcting link --- windows/deployment/upgrade/windows-edition-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index 7dcd8be758..44c3c79c40 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -56,7 +56,7 @@ The following table shows the methods and paths available to change the edition > > - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods. > -> - Edition upgrades via Microsoft Store for Business are no longer available with the [retirement of Microsoft Store for Business](/announcements/microsoft-store-for-business-education-retiring). +> - Edition upgrades via Microsoft Store for Business are no longer available with the retirement of the Microsoft Store for Business. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring) and [Microsoft Store for Business and Microsoft Store for Education overview](/microsoft-store/microsoft-store-for-business-overview). > [!TIP] > Edition upgrade is also possible using edition upgrade policy in Microsoft Configuration Manager. For more information, see [Upgrade Windows devices to a new edition with Configuration Manager](/mem/configmgr/compliance/deploy-use/upgrade-windows-version). From 5ea82c40d682019b99b83cbd2624cdb4538ff201 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 4 Oct 2023 11:18:01 -0700 Subject: [PATCH 16/16] MC posts --- .../whats-new/windows-autopatch-whats-new-2023.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index e9e8b08de8..31f2216143 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 09/11/2023 +ms.date: 10/04/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: whats-new @@ -33,6 +33,8 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Message center post number | Description | | ----- | ----- | +| [MC678305](https://admin.microsoft.com/adminportal/home#/MessageCenter) | September 2023 Windows Autopatch baseline configuration update | +| [MC678303](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch availability within Microsoft Intune Admin Center | | [MC674422](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Public Preview: Windows Autopatch Reliability Report | | [MC672750](https://admin.microsoft.com/adminportal/home#/MessageCenter) | August 2023 Windows Autopatch baseline configuration update |