mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merged PR 4098: Merge master to live
This commit is contained in:
Alma Jenks
commit
caae3818be
@ -115,7 +115,9 @@ When you go through the first-run program for your Surface Hub, there's some inf
|
|||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
## More information
|
||||||
|
|
||||||
|
- [Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: store
|
ms.pagetype: store
|
||||||
author: TrudyHa
|
author: TrudyHa
|
||||||
ms.author: TrudyHa
|
ms.author: TrudyHa
|
||||||
ms.date: 09/12/2017
|
ms.date: 10/26/2017
|
||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -42,7 +42,17 @@ These settings are configured with all AutoPilot deployment profiles:
|
|||||||
### AutoPilot deployment profiles - optional settings
|
### AutoPilot deployment profiles - optional settings
|
||||||
These settings are off by default. You can turn them on for your AutoPilot deployment profiles:
|
These settings are off by default. You can turn them on for your AutoPilot deployment profiles:
|
||||||
- Skip privacy settings
|
- Skip privacy settings
|
||||||
- Disable local admin account creation on the device
|
|
||||||
|
### Support for AutoPilot profile settings
|
||||||
|
AutoPilot profile settings are supported beginning with the version of Windows they were introduced in. This table summarizes the settings and what they are supported on.
|
||||||
|
|
||||||
|
| Setting | Supported on |
|
||||||
|
| ------- | ------------- |
|
||||||
|
| Deployment default features| Windows 10, version 1703 or later |
|
||||||
|
| Skip privacy settings | Windows 10, version 1703 or later |
|
||||||
|
| Disable local admin account creation on the device | Windows 10, version 1703 or later |
|
||||||
|
| Skip End User License Agreement (EULA) | Windows 10, version 1709 or later. </br> [Learn about Windows AutoPilot EULA dismissal](https://docs.microsoft.com/windows/deployment/Windows-AutoPilot-EULA-note) |
|
||||||
|
|
||||||
|
|
||||||
## Windows AutoPilot deployment profiles in Microsoft Store for Business and Education
|
## Windows AutoPilot deployment profiles in Microsoft Store for Business and Education
|
||||||
You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
|
You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
|
||||||
|
|||||||
@ -18,6 +18,12 @@ ms.localizationpriority: high
|
|||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows 10 Mobile
|
- Windows 10 Mobile
|
||||||
|
|
||||||
|
## October 2017
|
||||||
|
|
||||||
|
| New or changed topic | Description |
|
||||||
|
| --- | --- |
|
||||||
|
| [Manage Windows device deployment with Windows AutoPilot Deployment](add-profile-to-devices.md) | Update. Add profile settings with supported build info. |
|
||||||
|
|
||||||
## September 2017
|
## September 2017
|
||||||
|
|
||||||
| New or changed topic | Description |
|
| New or changed topic | Description |
|
||||||
|
|||||||
@ -33,6 +33,13 @@ We are always striving to improve our documentation and welcome your feedback. Y
|
|||||||
|
|
||||||
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
|
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
|
||||||
|
|
||||||
|
## What's new in Windows 10, version 1709
|
||||||
|
|
||||||
|
Here's a list of changes that were made to this article for Windows 10, version 1709:
|
||||||
|
|
||||||
|
- Added the Phone calls section.
|
||||||
|
- Added the Storage Health section.
|
||||||
|
|
||||||
## What's new in Windows 10, version 1703
|
## What's new in Windows 10, version 1703
|
||||||
|
|
||||||
Here's a list of changes that were made to this article for Windows 10, version 1703:
|
Here's a list of changes that were made to this article for Windows 10, version 1703:
|
||||||
@ -111,15 +118,16 @@ See the following table for a summary of the management settings for Windows 10
|
|||||||
| [17.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
|
| [17.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
|
||||||
| [17.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
|
| [17.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
|
||||||
| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
|
| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
|
||||||
| [19. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
|
| [19. Storage Health](#bkmk-storage-health) | |  | | | |
|
||||||
| [20. Teredo](#bkmk-teredo) | |  | |  |  |
|
| [20. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
|
||||||
| [21. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
|
| [21. Teredo](#bkmk-teredo) | |  | |  |  |
|
||||||
| [22. Windows Defender](#bkmk-defender) | |  |  |  | |
|
| [22. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
|
||||||
| [23. Windows Media Player](#bkmk-wmp) |  | | | |  |
|
| [23. Windows Defender](#bkmk-defender) | |  |  |  | |
|
||||||
| [24. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
|
| [24. Windows Media Player](#bkmk-wmp) |  | | | |  |
|
||||||
| [25. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
|
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
|
||||||
| [26. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
|
| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
|
||||||
| [27. Windows Update](#bkmk-wu) |  |  |  | | |
|
| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
|
||||||
|
| [28. Windows Update](#bkmk-wu) |  |  |  | | |
|
||||||
|
|
||||||
### Settings for Windows Server 2016 with Desktop Experience
|
### Settings for Windows Server 2016 with Desktop Experience
|
||||||
|
|
||||||
@ -141,11 +149,11 @@ See the following table for a summary of the management settings for Windows Ser
|
|||||||
| [17. Settings > Privacy](#bkmk-settingssection) | | | | |
|
| [17. Settings > Privacy](#bkmk-settingssection) | | | | |
|
||||||
| [17.1 General](#bkmk-general) |  |  |  | |
|
| [17.1 General](#bkmk-general) |  |  |  | |
|
||||||
| [18. Software Protection Platform](#bkmk-spp) | |  |  | |
|
| [18. Software Protection Platform](#bkmk-spp) | |  |  | |
|
||||||
| [20. Teredo](#bkmk-teredo) | |  |  |  |
|
| [21. Teredo](#bkmk-teredo) | |  |  |  |
|
||||||
| [22. Windows Defender](#bkmk-defender) | |  |  | |
|
| [23. Windows Defender](#bkmk-defender) | |  |  | |
|
||||||
| [23. Windows Media Player](#bkmk-wmp) | | | |  |
|
| [24. Windows Media Player](#bkmk-wmp) | | | |  |
|
||||||
| [25. Microsoft Store](#bkmk-windowsstore) | |  |  | |
|
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  | |
|
||||||
| [27. Windows Update](#bkmk-wu) | |  |  | |
|
| [28. Windows Update](#bkmk-wu) | |  |  | |
|
||||||
|
|
||||||
### Settings for Windows Server 2016 Server Core
|
### Settings for Windows Server 2016 Server Core
|
||||||
|
|
||||||
@ -158,9 +166,9 @@ See the following table for a summary of the management settings for Windows Ser
|
|||||||
| [6. Font streaming](#font-streaming) |  |  | |
|
| [6. Font streaming](#font-streaming) |  |  | |
|
||||||
| [13. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
|
| [13. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
|
||||||
| [18. Software Protection Platform](#bkmk-spp) |  | | |
|
| [18. Software Protection Platform](#bkmk-spp) |  | | |
|
||||||
| [20. Teredo](#bkmk-teredo) |  | |  |
|
| [21. Teredo](#bkmk-teredo) |  | |  |
|
||||||
| [22. Windows Defender](#bkmk-defender) |  |  | |
|
| [23. Windows Defender](#bkmk-defender) |  |  | |
|
||||||
| [27. Windows Update](#bkmk-wu) |  |  | |
|
| [28. Windows Update](#bkmk-wu) |  |  | |
|
||||||
|
|
||||||
### Settings for Windows Server 2016 Nano Server
|
### Settings for Windows Server 2016 Nano Server
|
||||||
|
|
||||||
@ -170,8 +178,8 @@ See the following table for a summary of the management settings for Windows Ser
|
|||||||
| - | :-: | :-: | :-: | :-: | :-: |
|
| - | :-: | :-: | :-: | :-: | :-: |
|
||||||
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
|
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
|
||||||
| [3. Date & Time](#bkmk-datetime) |  | |
|
| [3. Date & Time](#bkmk-datetime) |  | |
|
||||||
| [20. Teredo](#bkmk-teredo) | |  |
|
| [21. Teredo](#bkmk-teredo) | |  |
|
||||||
| [27. Windows Update](#bkmk-wu) |  | |
|
| [28. Windows Update](#bkmk-wu) |  | |
|
||||||
|
|
||||||
## Settings
|
## Settings
|
||||||
|
|
||||||
@ -321,7 +329,7 @@ To turn off Find My Device:
|
|||||||
|
|
||||||
- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
|
- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
|
||||||
|
|
||||||
You can also create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata!PreventDeviceMetadataFromNetwork** to 1 (one).
|
You can also create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FindMyDevice\\AllowFindMyDevice** to 0 (zero).
|
||||||
|
|
||||||
### <a href="" id="font-streaming"></a>6. Font streaming
|
### <a href="" id="font-streaming"></a>6. Font streaming
|
||||||
|
|
||||||
@ -609,6 +617,10 @@ To turn off OneDrive in your organization:
|
|||||||
|
|
||||||
- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive!DisableFileSyncNGSC**, with a value of 1 (one).
|
- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\OneDrive!DisableFileSyncNGSC**, with a value of 1 (one).
|
||||||
|
|
||||||
|
-and-
|
||||||
|
|
||||||
|
- Create a REG\_DWORD registry setting called **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\OneDrive\\PreventNetworkTrafficPreUserSignIn**, with a value of 1 (one).
|
||||||
|
|
||||||
### <a href="" id="bkmk-preinstalledapps"></a>16. Preinstalled apps
|
### <a href="" id="bkmk-preinstalledapps"></a>16. Preinstalled apps
|
||||||
|
|
||||||
Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
|
Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
|
||||||
@ -1129,7 +1141,7 @@ To turn off **Let apps access my name, picture, and other account info**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessContacts**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessAccountInfo**, with a value of 2 (two).
|
||||||
|
|
||||||
To turn off **Choose the apps that can access your account info**:
|
To turn off **Choose the apps that can access your account info**:
|
||||||
|
|
||||||
@ -1566,7 +1578,15 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co
|
|||||||
|
|
||||||
The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
|
The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
|
||||||
|
|
||||||
### <a href="" id="bkmk-syncsettings"></a>19. Sync your settings
|
### <a href="" id="bkmk-storage-health"></a>19. Storage health
|
||||||
|
|
||||||
|
Enterprise customers can manage updates to the Disk Failure Prediction Model.
|
||||||
|
|
||||||
|
For Windows 10:
|
||||||
|
|
||||||
|
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Storage Health** > **Allow downloading updates to the Disk Failure Prediction Model**
|
||||||
|
|
||||||
|
### <a href="" id="bkmk-syncsettings"></a>20. Sync your settings
|
||||||
|
|
||||||
You can control if your settings are synchronized:
|
You can control if your settings are synchronized:
|
||||||
|
|
||||||
@ -1596,7 +1616,7 @@ To turn off Messaging cloud sync:
|
|||||||
|
|
||||||
- Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
|
- Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
|
||||||
|
|
||||||
### <a href="" id="bkmk-teredo"></a>20. Teredo
|
### <a href="" id="bkmk-teredo"></a>21. Teredo
|
||||||
|
|
||||||
You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
|
You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
|
||||||
|
|
||||||
@ -1613,7 +1633,7 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
|
|||||||
|
|
||||||
- From an elevated command prompt, run **netsh interface teredo set state disabled**
|
- From an elevated command prompt, run **netsh interface teredo set state disabled**
|
||||||
|
|
||||||
### <a href="" id="bkmk-wifisense"></a>21. Wi-Fi Sense
|
### <a href="" id="bkmk-wifisense"></a>22. Wi-Fi Sense
|
||||||
|
|
||||||
Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
|
Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
|
||||||
|
|
||||||
@ -1639,7 +1659,7 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha
|
|||||||
|
|
||||||
When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
|
When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
|
||||||
|
|
||||||
### <a href="" id="bkmk-defender"></a>22. Windows Defender
|
### <a href="" id="bkmk-defender"></a>23. Windows Defender
|
||||||
|
|
||||||
You can disconnect from the Microsoft Antimalware Protection Service.
|
You can disconnect from the Microsoft Antimalware Protection Service.
|
||||||
|
|
||||||
@ -1701,7 +1721,7 @@ For Windows 10 only, you can stop Enhanced Notifications:
|
|||||||
|
|
||||||
You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
|
You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
|
||||||
|
|
||||||
### <a href="" id="bkmk-wmp"></a>23. Windows Media Player
|
### <a href="" id="bkmk-wmp"></a>24. Windows Media Player
|
||||||
|
|
||||||
To remove Windows Media Player on Windows 10:
|
To remove Windows Media Player on Windows 10:
|
||||||
|
|
||||||
@ -1715,7 +1735,7 @@ To remove Windows Media Player on Windows Server 2016:
|
|||||||
|
|
||||||
- Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
|
- Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
|
||||||
|
|
||||||
### <a href="" id="bkmk-spotlight"></a>24. Windows Spotlight
|
### <a href="" id="bkmk-spotlight"></a>25. Windows Spotlight
|
||||||
|
|
||||||
Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
|
Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
|
||||||
|
|
||||||
@ -1774,7 +1794,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
|
|||||||
|
|
||||||
For more info, see [Windows Spotlight on the lock screen](windows-spotlight.md).
|
For more info, see [Windows Spotlight on the lock screen](windows-spotlight.md).
|
||||||
|
|
||||||
### <a href="" id="bkmk-windowsstore"></a>25. Microsoft Store
|
### <a href="" id="bkmk-windowsstore"></a>26. Microsoft Store
|
||||||
|
|
||||||
You can turn off the ability to launch apps from the Microsoft Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Microsoft Store will be disabled. On Windows Server 2016, this will block Microsoft Store calls from Universal Windows Apps.
|
You can turn off the ability to launch apps from the Microsoft Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Microsoft Store will be disabled. On Windows Server 2016, this will block Microsoft Store calls from Universal Windows Apps.
|
||||||
|
|
||||||
@ -1792,7 +1812,7 @@ You can turn off the ability to launch apps from the Microsoft Store that were p
|
|||||||
|
|
||||||
Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
|
Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
|
||||||
|
|
||||||
### <a href="" id="bkmk-updates"></a>26. Windows Update Delivery Optimization
|
### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization
|
||||||
|
|
||||||
Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
|
Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
|
||||||
|
|
||||||
@ -1802,13 +1822,13 @@ Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delive
|
|||||||
|
|
||||||
In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below.
|
In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below.
|
||||||
|
|
||||||
### <a href="" id="bkmk-wudo-ui"></a>26.1 Settings > Update & security
|
### <a href="" id="bkmk-wudo-ui"></a>27.1 Settings > Update & security
|
||||||
|
|
||||||
You can set up Delivery Optimization from the **Settings** UI.
|
You can set up Delivery Optimization from the **Settings** UI.
|
||||||
|
|
||||||
- Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**.
|
- Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**.
|
||||||
|
|
||||||
### <a href="" id="bkmk-wudo-gp"></a>26.2 Delivery Optimization Group Policies
|
### <a href="" id="bkmk-wudo-gp"></a>27.2 Delivery Optimization Group Policies
|
||||||
|
|
||||||
You can find the Delivery Optimization Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**.
|
You can find the Delivery Optimization Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**.
|
||||||
|
|
||||||
@ -1822,7 +1842,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
|
|||||||
|
|
||||||
You can also set the **Download Mode** policy by creating a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization!DODownloadMode**, with a value of 100 (one hundred).
|
You can also set the **Download Mode** policy by creating a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization!DODownloadMode**, with a value of 100 (one hundred).
|
||||||
|
|
||||||
### <a href="" id="bkmk-wudo-mdm"></a>26.3 Delivery Optimization MDM policies
|
### <a href="" id="bkmk-wudo-mdm"></a>27.3 Delivery Optimization MDM policies
|
||||||
|
|
||||||
The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
|
The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
|
||||||
|
|
||||||
@ -1835,7 +1855,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
|
|||||||
| DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
|
| DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-wudo-prov"></a>26.4 Delivery Optimization Windows Provisioning
|
### <a href="" id="bkmk-wudo-prov"></a>27.4 Delivery Optimization Windows Provisioning
|
||||||
|
|
||||||
If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
|
If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
|
||||||
|
|
||||||
@ -1851,7 +1871,7 @@ Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windo
|
|||||||
|
|
||||||
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
|
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
|
||||||
|
|
||||||
### <a href="" id="bkmk-wu"></a>27. Windows Update
|
### <a href="" id="bkmk-wu"></a>28. Windows Update
|
||||||
|
|
||||||
You can turn off Windows Update by setting the following registry entries:
|
You can turn off Windows Update by setting the following registry entries:
|
||||||
|
|
||||||
|
|||||||
@ -185,7 +185,7 @@ When providing feedback, please consider the following:
|
|||||||
>If you're signed in to the Feedback Hub App using your personal Microsoft Account (MSA), you can switch to your work account, by clicking on your account, signing out, and signing back in.
|
>If you're signed in to the Feedback Hub App using your personal Microsoft Account (MSA), you can switch to your work account, by clicking on your account, signing out, and signing back in.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If you signed into the Feedback Hub previously with your MSA, your feedback and badges will not be transferred to your AAD sing-in. However, you can switch back to your MSA account in the Feedback Hub to access feedback you’ve submitted and badges you’ve earned.
|
>If you signed into the Feedback Hub previously with your MSA, your feedback and badges will not be transferred to your Azure AD sign-in. However, you can switch back to your MSA account in the Feedback Hub to access feedback you’ve submitted and badges you’ve earned.
|
||||||
|
|
||||||
### User consent requirement
|
### User consent requirement
|
||||||
|
|
||||||
@ -269,7 +269,7 @@ Unregistering will not allow any other administrators at your organization to co
|
|||||||
Your individual registration with the Insider program will not be impacted. If you wish to leave the Insider program, see the [leave the program](https://insider.windows.com/en-us/how-to-overview/#leave-the-program) instructions.
|
Your individual registration with the Insider program will not be impacted. If you wish to leave the Insider program, see the [leave the program](https://insider.windows.com/en-us/how-to-overview/#leave-the-program) instructions.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable user to control it from their device.
|
>Once your domain is unregistered, setting the **Branch Readiness Level** to preview builds will have no effect. Return this setting to its unconfigured state in order to enable users to control it from their devices.
|
||||||
|
|
||||||
## Additional help resources
|
## Additional help resources
|
||||||
|
|
||||||
|
|||||||
@ -30,6 +30,7 @@
|
|||||||
###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
|
###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
|
||||||
##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
|
##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
|
||||||
##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||||
|
#### [Configure non-Windows endpoints](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||||
#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||||
#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||||
#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -0,0 +1,70 @@
|
|||||||
|
---
|
||||||
|
title: Configure non-Windows endpoints in Windows Defender ATP
|
||||||
|
description: Configure non-Winodws endpoints so that they can send sensor data to the Windows Defender ATP service.
|
||||||
|
keywords: configure endpoints non-Windows endpoints, macos, linux, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
|
||||||
|
search.product: eADQiWindows 10XVcnh
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: deploy
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: security
|
||||||
|
author: mjcaparas
|
||||||
|
localizationpriority: high
|
||||||
|
ms.date: 10/25/2017
|
||||||
|
---
|
||||||
|
|
||||||
|
# Configure non-Windows endpoints
|
||||||
|
|
||||||
|
**Applies to:**
|
||||||
|
|
||||||
|
- Mac OS X
|
||||||
|
- Linux
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
|
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
||||||
|
|
||||||
|
You'll need to know the exact Linux distros and Mac OS X versions that are compatible with Windows Defender ATP for the integration to work.
|
||||||
|
|
||||||
|
## Onboard non-Windows endpoints
|
||||||
|
You'll need to take the following steps to onboard non-Windows endpoints:
|
||||||
|
1. Turn on third-party integration
|
||||||
|
2. Run a detection test
|
||||||
|
|
||||||
|
### Turn on third-party integration
|
||||||
|
|
||||||
|
1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
|
||||||
|
|
||||||
|
2. Toggle the third-party provider switch button to turn on the third-party solution integration.
|
||||||
|
|
||||||
|
3. Click **Generate access token** button and then **Copy**.
|
||||||
|
|
||||||
|
4. Depending on the third-party implementation you're using, the implementation might vary. Refer to the third-party solution documentation for guidance on how to use the token.
|
||||||
|
|
||||||
|
|
||||||
|
>[!WARNING]
|
||||||
|
>The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution.
|
||||||
|
|
||||||
|
### Run detection test
|
||||||
|
There are various methods to run a detection test. Follow the specific instructions for each third-party product as described in the portal. The typical way of running a detection test is by creating an EICAR test file. You can create an EICAR file by saving the string displayed on the portal in an empty text file. Then, introduce the test file to a machine running the third-party antivirus solution.
|
||||||
|
|
||||||
|
The file should trigger a detection and a corresponding alert on Windows Defender ATP.
|
||||||
|
|
||||||
|
### Offboard non-Windows endpoints
|
||||||
|
To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
|
||||||
|
|
||||||
|
|
||||||
|
1. Follow the third-party documentation to opt-out on the third-party service side.
|
||||||
|
|
||||||
|
2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
|
||||||
|
|
||||||
|
3. Toggle the third-party provider switch button to turn stop telemetry from endpoints.
|
||||||
|
|
||||||
|
>[!WARNING]
|
||||||
|
>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints.
|
||||||
|
|
||||||
|
## Related topics
|
||||||
|
- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
|
||||||
|
- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||||
|
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||||
|
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||||
Binary file not shown.
|
Before Width: | Height: | Size: 311 KiB After Width: | Height: | Size: 227 KiB |
@ -44,6 +44,14 @@ Turn on the preview experience setting to be among the first to try upcoming fea
|
|||||||
## Preview features
|
## Preview features
|
||||||
The following features are included in the preview release:
|
The following features are included in the preview release:
|
||||||
|
|
||||||
|
- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)<br>
|
||||||
|
Windows Defender ATP supports the onboarding of the following servers:
|
||||||
|
- Windows Server 2012 R2
|
||||||
|
- Windows Server 2016
|
||||||
|
|
||||||
|
- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||||
|
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
||||||
|
|
||||||
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
|
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
|
||||||
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
|
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
|
||||||
|
|
||||||
@ -51,5 +59,6 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
|
|||||||
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
|
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user