deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20230728-security-landing

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-08-03 07:57:23 +02:00
commit cc742e8304
203 changed files with 669 additions and 1665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.openpublishing.redirection.windows-deployment.json
View File

@ -957,12 +957,12 @@
},
{
"source_path": "windows/deployment/windows-autopilot/user-driven-aad.md",
"redirect_url": "/windows/deployment/windows-autopilot/user-driven",
"redirect_url": "/mem/autopilot/user-driven",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/user-driven-hybrid.md",
"redirect_url": "/windows/deployment/windows-autopilot/user-driven",
"redirect_url": "/mem/autopilot/user-driven",
"redirect_document_id": false
},
{
@ -977,22 +977,22 @@
},
{
"source_path": "windows/deployment/windows-autopilot/windows-10-autopilot.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot",
"redirect_url": "/mem/autopilot/windows-autopilot",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
"redirect_url": "/mem/autopilot/windows-autopilot-requirements",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
"redirect_url": "/mem/autopilot/windows-autopilot-requirements",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
"redirect_url": "/mem/autopilot/windows-autopilot-requirements",
"redirect_document_id": false
},
{
@ -1002,12 +1002,12 @@
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-local.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset",
"redirect_url": "/mem/autopilot/windows-autopilot-reset",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md",
"redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset",
"redirect_url": "/mem/autopilot/windows-autopilot-reset",
"redirect_document_id": false
},
{
@ -1029,6 +1029,16 @@
"source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
"redirect_url": "/mem/autopilot/windows-autopilot",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md",
"redirect_url": "/mem/autopilot/tutorial/autopilot-scenarios",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/windows-autopilot/index.yml",
"redirect_url": "/mem/autopilot/",
"redirect_document_id": false
}
]
}

5
.openpublishing.redirection.windows-security.json
View File

@ -80,6 +80,11 @@
"redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines",
"redirect_document_id": false
},
{
"source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md",
"redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac",
"redirect_document_id": false
},
{
"source_path": "windows/security/apps.md",
"redirect_url": "/windows/security/application-security",

1
browsers/edge/index.yml
View File

@ -10,7 +10,6 @@ metadata:
keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
ms.topic: landing-page # Required
ms.collection: collection # Optional; Remove if no collection is used.
author: dougeby #Required; your GitHub user alias, with correct capitalization.
ms.author: pashort #Required; microsoft alias of author; optional team alias.
ms.date: 07/07/2020 #Required; mm/dd/yyyy format.

2
browsers/internet-explorer/kb-support/ie-edge-faqs.yml
View File

@ -2,7 +2,6 @@
metadata:
title: IE and Microsoft Edge FAQ for IT Pros
description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
audience: ITPro
manager: msmets
author: ramakoni1
ms.author: ramakoni
@ -10,7 +9,6 @@ metadata:
ms.prod: internet-explorer
ms.technology:
ms.topic: faq
ms.custom: CI=111020
ms.localizationpriority: medium
ms.date: 01/23/2020
title: Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros

45
includes/licensing/_edition-requirements.md
View File

@ -1,18 +1,21 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
|:---|:---:|:---:|:---:|:---:|
|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|
|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes|
|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
@ -28,21 +31,24 @@ ms.topic: include
|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes|
|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes|
|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|
|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|
|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|❌|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|❌|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|
|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|
|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|
|**OneFuzz service**|Yes|Yes|Yes|Yes|
|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
@ -50,31 +56,32 @@ ms.topic: include
|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|
|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|
|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|
|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|
|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes|
|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|

45
includes/licensing/_licensing-requirements.md
View File

@ -1,18 +1,21 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---|:---:|:---:|:---:|:---:|:---:|
|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes|
|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes|
|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes|
|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
@ -28,21 +31,24 @@ ms.topic: include
|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes|Yes|
|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes|
|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes|
|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes|
|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
@ -50,31 +56,32 @@ ms.topic: include
|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|Yes|
|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes|
|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|

22
includes/licensing/access-control-aclsacl.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Access Control (ACL/SACL):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Access Control (ACL/SACL) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/access-control-aclsscals.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/account-lockout-policy.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/always-on-vpn-device-tunnel.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

22
includes/licensing/app-containers.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support App containers:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
App containers license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

22
includes/licensing/applocker.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support AppLocker:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
AppLocker license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|No|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/assigned-access-kiosk-mode.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/attack-surface-reduction-asr.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/windows-containers.md → includes/licensing/azure-code-signing.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Windows containers:
The following table lists the Windows editions that support Azure Code Signing:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Windows containers license entitlements are granted by the following licenses:
Azure Code Signing license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

2
includes/licensing/bitlocker-enablement.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/bitlocker-management.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/bluetooth-pairing-and-connection-protection.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/common-criteria-certifications.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/controlled-folder-access.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/device-health-attestation-service.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/direct-access.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/email-encryption-smime.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/encrypted-hard-drive.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/enhanced-phishing-protection-with-smartscreen.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/exploit-protection.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/fast-identity-online-fido2-security-key.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/federal-information-processing-standard-fips-140-validation.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/federated-sign-in.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in:
Federated sign-in license entitlements are granted by the following licenses:
|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|No|No|Yes|Yes|
|No|No|No|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/hardware-enforced-stack-protection.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/hypervisor-protected-code-integrity-hvci.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/kernel-direct-memory-access-dma-protection.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/local-security-authority-lsa-protection.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

22
includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
View File

@ -1,22 +0,0 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/measured-boot.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-antivirus.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-for-endpoint.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/microsoft-defender-smartscreen.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/microsoft-pluton-security-processor.md → includes/licensing/microsoft-pluton.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Microsoft Pluton security processor:
The following table lists the Windows editions that support Microsoft Pluton:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Microsoft Pluton security processor license entitlements are granted by the following licenses:
Microsoft Pluton license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

22
includes/licensing/microsoft-security-development-lifecycle-sdl.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Microsoft Security Development Lifecycle (SDL):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Microsoft Security Development Lifecycle (SDL) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

6
includes/licensing/microsoft-vulnerable-driver-blocklist.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
The following table lists the Windows editions that support Microsoft vulnerable driver blocklist:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
Microsoft vulnerable driver blocklist license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

22
includes/licensing/microsoft-windows-insider-preview-bounty-program.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Microsoft Windows Insider Preview bounty program:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Microsoft Windows Insider Preview bounty program license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

22
includes/licensing/modern-device-management-through-mdm.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Modern device management through (MDM):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Modern device management through (MDM) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

22
includes/licensing/onefuzz-service.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support OneFuzz service:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
OneFuzz service license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/opportunistic-wireless-encryption-owe.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/personal-data-encryption-pde.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/privacy-resource-usage.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/privacy-transparency-and-controls.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/remote-wipe.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/secure-boot-and-trusted-boot.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/secured-core-configuration-lock.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/secured-core-pc.md → includes/licensing/secured-core-pc-firmware-protection.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Secured-core PC:
The following table lists the Windows editions that support Secured-core PC firmware protection:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Secured-core PC license entitlements are granted by the following licenses:
Secured-core PC firmware protection license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

2
includes/licensing/security-baselines.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/server-message-block-direct-smb-direct.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/server-message-block-smb-file-service.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/smart-app-control.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/smart-cards-for-windows-service.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

22
includes/licensing/software-bill-of-materials-sbom.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Software Bill of Materials (SBOM):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Software Bill of Materials (SBOM) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/tamper-protection-settings-for-mde.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/transport-layer-security-tls.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/trusted-platform-module-tpm-20.md → includes/licensing/trusted-platform-module-tpm.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
The following table lists the Windows editions that support Trusted Platform Module (TPM):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
Trusted Platform Module (TPM) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

2
includes/licensing/universal-print.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/user-account-control-uac.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/virtual-private-network-vpn.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Virtual Private Network (VPN):
The following table lists the Windows editions that support Virtual private network (VPN):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Virtual Private Network (VPN) license entitlements are granted by the following licenses:
Virtual private network (VPN) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

2
includes/licensing/virtualization-based-security-vbs.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/wifi-security.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

22
includes/licensing/windows-application-software-development-kit-sdk.md Normal file
View File

@ -0,0 +1,22 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Windows application software development kit (SDK):
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Windows application software development kit (SDK) license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

2
includes/licensing/windows-autopatch.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-autopilot.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-defender-application-control-wdac.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-defender-credential-guard.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-defender-remote-credential-guard.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-defender-system-guard.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-firewall.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-hello-for-business.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-laps.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-presence-sensing.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

2
includes/licensing/windows-sandbox.md
View File

@ -1,7 +1,7 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---

6
includes/licensing/windows-security-policy-settings-and-auditing.md
View File

@ -1,19 +1,19 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 05/04/2023
ms.date: 08/02/2023
ms.topic: include
---
## Windows edition and licensing requirements
The following table lists the Windows editions that support Windows Security policy settings and auditing:
The following table lists the Windows editions that support Windows security policy settings and auditing:
|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|
Windows Security policy settings and auditing license entitlements are granted by the following licenses:
Windows security policy settings and auditing license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|

2
windows/client-management/mdm-overview.md
View File

@ -56,7 +56,7 @@ For more information about the MDM policies defined in the MDM security baseline
For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
[!INCLUDE [modern-device-management-through-mdm](../../includes/licensing/modern-device-management-through-mdm.md)]
## Frequently Asked Questions

53
windows/client-management/mdm/policy-csp-applicationdefaults.md
View File

@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 05/11/2023
ms.date: 08/01/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -36,20 +36,8 @@ ms.topic: reference
<!-- DefaultAssociationsConfiguration-OmaUri-End -->
<!-- DefaultAssociationsConfiguration-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool.
For example:
Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt.
For more information, refer to the DISM documentation on TechNet.
If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time.
If the group policy isn't configured, disabled, or the client machine isn't domain-joined, no default associations will be applied at logon time.
If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations.
<!-- Description-Source-DDF-Forced -->
This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
<!-- DefaultAssociationsConfiguration-Description-End -->
<!-- DefaultAssociationsConfiguration-Editable-Begin -->
@ -84,14 +72,10 @@ If the policy is enabled, disabled, or not configured, users will still be able
**Example**:
To create the SyncML, follow these steps:
<ol>
<li>Install a few apps and change your defaults.</li>
<li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
<li>Take the XML output and put it through your favorite base64 encoder app.</li>
<li>Paste the base64 encoded XML into the SyncML</li>
</ol>
Here's an example output from the dism default association export command:
1. Install a few apps and change your defaults.
1. From an elevated prompt, run `dism /online /export-defaultappassociations:C:\appassoc.xml`. Here's an example output from the dism default association export command:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
@ -103,12 +87,31 @@ Here's an example output from the dism default association export command:
</DefaultAssociations>
```
Here's the base64 encoded result:
Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied.
``` syntax
- **Version** attribute for `DefaultAssociations`. This attribute is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time.
- **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in.
In the following example, the **Association** for `.htm` is applied on first sign-in of the user, and all others are applied on every sign-in. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations Version="1">
<AssociationIdentifier=".htm"ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9"ApplicationName="Microsoft Edge"Suggested="true"/>
<AssociationIdentifier=".html"ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9"ApplicationName="Microsoft Edge"/>
<AssociationIdentifier=".pdf"ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723"ApplicationName="Microsoft Edge"/>
<AssociationIdentifier="http"ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v"ApplicationName="Microsoft Edge"/>
<AssociationIdentifier="https"ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es"ApplicationName="Microsoft Edge"/>
</DefaultAssociations>
```
1. Take the XML output and put it through your favorite base64 encoder app. Here's the base64 encoded result:
```text
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
```
Here's the SyncML example:
1. Paste the base64 encoded XML into the SyncML. Here's the SyncML example:
```xml
<?xml version="1.0" encoding="utf-8"?>

2
windows/deployment/TOC.yml
View File

@ -19,8 +19,6 @@
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Deployment proof of concept
items:
- name: Demonstrate Autopilot deployment on a VM
href: windows-autopilot/demonstrate-deployment-on-vm.md
- name: Deploy Windows 10 with MDT and Configuration Manager
items:
- name: 'Step by step guide: Configure a test lab to deploy Windows 10'

1
windows/deployment/windows-autopatch/index.yml
View File

@ -10,6 +10,7 @@ metadata:
ms.topic: landing-page # Required
author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
manager: dougeby
ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
ms.prod: windows-client
ms.technology: itpro-updates

10
windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
View File

@ -17,9 +17,9 @@ ms.collection:
# Device alerts
Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand:
Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand:
- The action(s) that have either been performed by Microsoft and/or Windows Autopatch to keep the device properly updated.
- Microsoft and/or Windows Autopatch performs the action(s) to keep the device properly updated.
- The actions you must perform so the device can properly be updated.
> [!NOTE]
@ -42,12 +42,12 @@ Windows Autopatch assigns alerts to either Microsoft Action or Customer Action.
| Assignment | Description |
| ----- | ----- |
| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. The actions are performed by Windows Autopatch automatically. |
| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. |
| Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. |
## Alert resolutions
Alert resolutions are provided through the Windows Update service and provide the reason why an update didnt perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md)
Alert resolutions are provided through the Windows Update service and provide the reason why an update didnt perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md).
| Alert message | Description | Windows Autopatch recommendation(s) |
| ----- | ----- | ----- |
@ -79,7 +79,7 @@ Alert resolutions are provided through the Windows Update service and provide th
| `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
| `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
| `InstallSetupBlock` | There is an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
| `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
| `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |

8
windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
View File

@ -2,8 +2,8 @@
title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
description: This article explains how driver and firmware updates are managed in Autopatch
ms.date: 06/26/2023
ms.prod: w11
ms.technology: windows
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
@ -14,11 +14,11 @@ msreviewer: hathind
# Driver and Firmware Updates for Windows Autopatch Public Preview Addendum
**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all) (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms' Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all) (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:
Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**) in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms Universal License Terms for Online Services.
Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**") in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms' Universal License Terms for Online Services.
## Definitions

5
windows/deployment/windows-autopilot/TOC.yml
View File

@ -1,5 +0,0 @@
- name: Windows Autopilot deployment
href: index.yml
items:
- name: Get started
href: demonstrate-deployment-on-vm.md

901
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -1,901 +0,0 @@
---
title: Demonstrate Autopilot deployment
description: Step-by-step instructions on how to set up a virtual machine with a Windows Autopilot deployment.
ms.prod: windows-client
ms.technology: itpro-deploy
ms.localizationpriority: medium
author: frankroj
ms.author: frankroj
manager: aaroncz
ms.collection:
- highpri
- tier2
ms.topic: tutorial
ms.date: 10/28/2022
---
# Demonstrate Autopilot deployment
**Applies to**
- Windows 10
To get started with Windows Autopilot, you should try it out with a virtual machine (VM). You can also use a physical device that will be wiped and then have a fresh install of Windows 10.
In this article, you'll learn how to set up a Windows Autopilot deployment for a VM using Hyper-V.
> [!NOTE]
> Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Microsoft Intune.
>
> Hyper-V and a VM aren't required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to _device_ in the guide refer to the client device, either physical or virtual.
The following video provides an overview of the process:
> [!VIDEO https://www.youtube.com/embed/KYVptkpsOqs]
> [!TIP]
> For a list of terms used in this guide, see the [Glossary](#glossary) section.
## Prerequisites
You'll need the following components to complete this lab:
| Component | Description |
|:---|:---|
|**Windows 10 installation media**|Windows 10 Enterprise ISO file for a supported version of Windows 10, general availability channel. If you don't already have an ISO to use, download an [evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise).|
|**Internet access**|If you're behind a firewall, see the detailed [networking requirements](/mem/autopilot/software-requirements#networking-requirements). Otherwise, just make sure that you have a connection to the internet.|
|**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
|**An account with Azure Active Directory (Azure AD) Premium license**|This guide will describe how to get a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
> [!NOTE]
> When using a VM for Autopilot testing, assign at least two processors and 4 GB of memory.
## Procedures
A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that don't apply to you. Optional procedures are provided in the appendices.
If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or later.
- [Demonstrate Autopilot deployment](#demonstrate-autopilot-deployment)
- [Prerequisites](#prerequisites)
- [Procedures](#procedures)
- [Verify support for Hyper-V](#verify-support-for-hyper-v)
- [Enable Hyper-V](#enable-hyper-v)
- [Create a demo VM](#create-a-demo-vm)
- [Set ISO file location](#set-iso-file-location)
- [Determine network adapter name](#determine-network-adapter-name)
- [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
- [Install Windows 10](#install-windows-10)
- [Capture the hardware ID](#capture-the-hardware-id)
- [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
- [Verify subscription level](#verify-subscription-level)
- [Configure company branding](#configure-company-branding)
- [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
- [Register your VM](#register-your-vm)
- [Autopilot registration using Intune](#autopilot-registration-using-intune)
- [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
- [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
- [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
- [Create a device group](#create-a-device-group)
- [Create the deployment profile](#create-the-deployment-profile)
- [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
- [See Windows Autopilot in action](#see-windows-autopilot-in-action)
- [Remove devices from Autopilot](#remove-devices-from-autopilot)
- [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
- [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
- [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
- [Add a Win32 app](#add-a-win32-app)
- [Prepare the app for Intune](#prepare-the-app-for-intune)
- [Create app in Intune](#create-app-in-intune)
- [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
- [Add Microsoft 365 Apps](#add-microsoft-365-apps)
- [Create app in Microsoft Intune](#create-app-in-microsoft-intune)
- [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile-1)
- [Glossary](#glossary)
## Verify support for Hyper-V
- If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later).
- If you already have Hyper-V enabled, skip to the [Create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [Appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
## Enable Hyper-V
To enable Hyper-V, open an elevated Windows PowerShell prompt and run the following command:
```powershell
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
```
This command works on all operating systems that support Hyper-V. However, on Windows Server operating systems you must type another command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed. So, if you're using Windows Server, you can just type the following command instead of using the **Enable-WindowsOptionalFeature** command:
```powershell
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
```
When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once.
Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
![Hyper-V feature.](images/hyper-v-feature.png)
![Hyper-V.](images/svr_mgr2.png)
If you choose to install Hyper-V using Server Manager, accept all default selections. Make sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box.
To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/) and [Hyper-V on Windows Server](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server).
## Create a demo VM
Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it's simpler to use Windows PowerShell.
To use Windows PowerShell, you need to know two things:
1. The location of the Windows 10 ISO file.
In the example, the location is **c:\iso\win10-eval.iso**.
2. The name of the network interface that connects to the internet.
In the example, you'll use a Windows PowerShell command to determine this information automatically.
After you determine the ISO file location and the name of the appropriate network interface, you can install Windows 10.
### Set ISO file location
Download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise from the [Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). Choose a 64-bit version.
After you download an ISO file, the name will be long. For example, `19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso`
1. So that it's easier to type and remember, rename the file to **win10-eval.iso**.
2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**.
3. If you wish to use a different name and location for the file, you must modify the Windows PowerShell commands below to use your custom name and directory.
### Determine network adapter name
The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
```powershell
(Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
```
The output of this command should be the name of the network interface you use to connect to the internet. Verify that this interface name is correct. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
For example, if the command above displays **Ethernet** but you wish to use **Ethernet2**, then the first command below would be `New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2`
### Use Windows PowerShell to create the demo VM
All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands.
> [!IMPORTANT]
> **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
>
>- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to `AutopilotExternal`.
>- If you have never created an external VM switch before, then just run the commands below.
>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a current list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
```powershell
New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
New-VM -Name WindowsAutopilot -MemoryStartupBytes 4GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
Set-VMProcessor WindowsAutopilot -Count 2
Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
Start-VM -VMName WindowsAutopilot
```
After you enter these commands, connect to this VM. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD.
See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used, which is only available on Windows Server. If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
<pre>
PS C:\autopilot&gt; dir c:\iso
Directory: C:\iso
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/12/2019 2:46 PM 4627343360 win10-eval.iso
PS C:\autopilot&gt; (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
Ethernet
PS C:\autopilot&gt; New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
Name SwitchType NetAdapterInterfaceDescription
---- ---------- ------------------------------
AutopilotExternal External Intel(R) Ethernet Connection (2) I218-LM
PS C:\autopilot&gt; New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
Name State CPUUsage(%) MemoryAssigned(M) Uptime Status Version
---- ----- ----------- ----------------- ------ ------ -------
WindowsAutopilot Off 0 0 00:00:00 Operating normally 8.0
PS C:\autopilot&gt; Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
PS C:\autopilot&gt; Start-VM -VMName WindowsAutopilot
PS C:\autopilot&gt; vmconnect.exe localhost WindowsAutopilot
PS C:\autopilot&gt; dir
Directory: C:\autopilot
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/12/2019 3:15 PM VMData
d----- 3/12/2019 3:42 PM VMs
PS C:\autopilot&gt;
</pre>
### Install Windows 10
> [!NOTE]
> The VM will be booted to gather a hardware ID. Then it will be reset. The goal in the next few steps is to get to the desktop quickly, so don't worry about how it's configured at this stage. The VM only needs to be connected to the internet.
Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
![Windows setup example 1](images/winsetup1.png)
![Windows setup example 2](images/winsetup2.png)
![Windows setup example 3](images/winsetup3.png)
![Windows setup example 4](images/winsetup4.png)
![Windows setup example 5](images/winsetup5.png)
![Windows setup example 6](images/winsetup6.png)
After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This option offers the fastest way to the desktop. For example:
![Windows setup example 7.](images/winsetup7.png)
Once the installation is complete, sign in, and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
> [!div class="mx-imgBorder"]
> ![Windows setup example 8.](images/winsetup8.png)
To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM), and then run the following command:
```powershell
Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
```
Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane.
## Capture the hardware ID
> [!NOTE]
> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For the purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
Follow these steps to run the PowerShell script:
1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device:
```powershell
New-Item -Type Directory -Path "C:\HWID"
Set-Location C:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Install-Script -Name Get-WindowsAutopilotInfo -Force
$env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv
```
1. When you're prompted to install the NuGet package, choose **Yes**.
See the sample output below. A **dir** command is issued at the end to show the file that was created.
```console
PS C:\> md c:\HWID
Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 11/13/2020 3:00 PM HWID
PS C:\Windows\system32> Set-Location c:\HWID
PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
NuGet provider is required to continue
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
'C:\Users\user1\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running
'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and
import the NuGet provider now?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
Gathered details for device with serial number: 1804-7078-6805-7405-0796-0675-17
PS C:\HWID> dir
Directory: C:\HWID
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 11/13/2020 3:01 PM 8184 AutopilotHWID.csv
PS C:\HWID>
```
1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that's about 8 KB in size. This file contains the complete 4K HH.
> [!NOTE]
> Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. Here's an example of the data in this file:
![Serial number and hardware hash.](images/hwid.png)
You'll need to upload this data into Intune to register your device for Autopilot. So, the next step is to transfer this file to the computer you'll use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB drive. If you're using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
If you have trouble copying and pasting the file, just view the contents in Notepad on the VM, and then copy the text into Notepad outside the VM. Don't use another text editor.
> [!NOTE]
> When copying and pasting to or from VMs, avoid selecting other things with your mouse cursor in between the copy and paste process. Doing so can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste.
## Reset the VM back to Out-Of-Box-Experience (OOBE)
With the hardware ID captured in a file, prepare your VM for Windows Autopilot deployment by resetting it back to OOBE.
1. On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**.
1. Select **Remove everything**. On **How would you like to reinstall Windows**, select **Local reinstall**.
1. Finally, select **Reset**.
![Reset this PC final prompt.](images/autopilot-reset-prompt.jpg)
Resetting the VM or device can take a while. Proceed to the next step (verify subscription level) during the reset process.
![Reset this PC screen capture.](images/autopilot-reset-progress.jpg)
## Verify subscription level
For this lab, you need an Azure AD Premium subscription. To tell if you have a Premium subscription, go to [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) in the Azure portal. See the following example:
**Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
![MDM and Intune.](images/mdm-intune2.png)
If this configuration doesn't appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in Azure AD Premium.
To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
![License conversion option.](images/aad-lic1.png)
## Configure company branding
If you already have company branding configured in Azure AD, you can skip this step.
> [!IMPORTANT]
> Make sure to sign-in with a Global Administrator account.
Go to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure**, and then configure any type of company branding you'd like to see during the OOBE.
![Configure company branding.](images/branding.png)
When you're finished, select **Save**.
> [!NOTE]
> Changes to company branding can take up to 30 minutes to apply.
## Configure Microsoft Intune auto-enrollment
If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you don't see Microsoft Intune, select **Add application** and choose **Intune**.
For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**.
![MDM user scope in the Mobility blade.](images/ap-aad-mdm.png)
## Register your VM
Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than Microsoft Store for Business.
### Autopilot registration using Intune
1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
![Intune device import.](images/enroll1.png)
> [!NOTE]
> If menu items like **Windows enrollment** aren't active for you, look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears.
2. Under **Add Windows Autopilot devices** in the far-right pane, go to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank.
![HWID CSV.](images/enroll2.png)
You should receive confirmation that the file is formatted correctly before you upload it, as shown above.
3. Select **Import** and wait until the import process completes. This action can take up to 15 minutes.
4. Select **Refresh** to verify your VM or device is added. See the following example.
![Import HWID.](images/enroll3.png)
### Autopilot registration using MSfB
> [!IMPORTANT]
> If you've already registered your VM (or device) using Intune, then skip this step.
First, you need a Microsoft Store for Business account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one.
Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/store) with your test account, select **Sign in** on the upper-right-corner of the main page.
Select **Manage** from the top menu, then select the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example:
![Microsoft Store for Business.](images/msfb.png)
Select the **Add devices** link to upload your CSV file. A message appears that indicates your request is being processed. Wait a few moments before refreshing to see that your new device is added.
![Microsoft Store for Business Devices.](images/msfb-device.png)
## Create and assign a Windows Autopilot deployment profile
> [!IMPORTANT]
> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or Microsoft Store for Business. Both processes are shown here, but only *pick one for the purposes of this lab*:
Pick one:
- [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
- [Create profiles using Microsoft Store for Business](#create-a-windows-autopilot-deployment-profile-using-msfb)
### Create a Windows Autopilot deployment profile using Intune
> [!NOTE]
> Even if you registered your device in Microsoft Store for Business, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list.
![Devices.](images/enroll4.png)
#### Create a device group
The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group:
1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
2. In the **Group** pane:
1. For **Group type**, choose **Security**.
2. Type a **Group name** and **Group description** (ex: Autopilot Lab).
3. Azure AD roles can be assigned to the group: **No**
4. For **Membership type**, choose **Assigned**.
3. Select **Members** and add the Autopilot VM to the group. See the following example:
> [!div class="mx-imgBorder"]
> ![add members.](images/group1.png)
4. Select **Create**.
#### Create the deployment profile
To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**. Then, under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
> [!div class="mx-imgBorder"]
> ![Deployment profiles.](images/dp.png)
Select **Create profile** and then select **Windows PC**.
> [!div class="mx-imgBorder"]
> ![Create deployment profile.](images/create-profile.png)
On the **Create profile** pane, use the following values:
| Setting | Value |
|---|---|
| Name | Autopilot Lab profile |
| Description | Lab |
| Convert all targeted devices to Autopilot | No |
Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
| Setting | Value |
|---|---|
| Deployment mode | User-driven |
| Join to Azure AD as | Azure AD joined |
| Microsoft Software License Terms | Hide |
| Privacy Settings | Hide |
| Hide change account options | Hide |
| User account type | Standard |
| Allow pre-provisioned deployment | No |
| Language (Region) | Operating system default |
| Automatically configure keyboard | Yes |
| Apply device name template | No |
Select **Next** to continue with the **Assignments** settings:
| Setting | Value |
|---|---|
| Assign to | Selected groups |
1. Select **Select groups to include**.
2. Select the **Autopilot Lab** group, and then choose **Select**.
3. Select **Next** to continue, and then select **Create**. See the following example:
![Deployment profile.](images/profile.png)
Select **OK**, and then select **Create**.
> [!NOTE]
> If you want to add an app to your profile via Intune, use the *optional* steps in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
### Create a Windows Autopilot deployment profile using MSfB
If you already created and assigned a profile via Intune with the steps immediately above, then skip this section.
First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab.
Select **Manage** from the top menu, then select **Devices** from the left navigation tree.
![Microsoft Store for Business manage.](images/msfb-manage.png)
Select the **Windows Autopilot Deployment Program** link in the **Devices** tile.
To CREATE the profile:
Select your device from the **Devices** list:
> [!div class="mx-imgBorder"]
> ![Microsoft Store for Business create step 1.](images/msfb-create1.png)
On the Autopilot deployment dropdown menu, select **Create new profile**:
> [!div class="mx-imgBorder"]
> ![Microsoft Store for Business create step 2.](images/msfb-create2.png)
Name the profile, choose your desired settings, and then select **Create**:
> [!div class="mx-imgBorder"]
> ![Microsoft Store for Business create step 3.](images/msfb-create3.png)
The new profile is added to the Autopilot deployment list.
To ASSIGN the profile:
To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown:
> [!div class="mx-imgBorder"]
> ![Microsoft Store for Business assign step 1.](images/msfb-assign1.png)
To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
> [!div class="mx-imgBorder"]
> ![Microsoft Store for Business assign step 2.](images/msfb-assign2.png)
> [!IMPORTANT]
> The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
## See Windows Autopilot in action
If you shut down your VM after the last reset, start it again. Then it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
> [!div class="mx-imgBorder"]
> ![Device status.](images/device-status.png)
Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
> [!TIP]
> If you reset your device previously, after collecting the 4K HH info, let it restart back to the first OOBE screen. Then you might need to restart the device again to make sure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**. Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
1. Make sure your device has an internet connection.
1. Turn on the device.
1. Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
![OOBE sign-in page.](images/autopilot-oobe.png)
After the device loads the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go to the Intune portal, and select **Devices > All devices**. Then **Refresh** the data to verify that your device has changed to an enabled state, and the name of the device is updated.
> [!div class="mx-imgBorder"]
> ![Device enabled.](images/devices1.png)
Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure AD credentials. Then you're all done.
> [!TIP]
> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
Windows Autopilot takes over to automatically join your device into Azure AD and enroll it into Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
## Remove devices from Autopilot
To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or Microsoft Store for Business, and then reset it. Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below.
### Delete (deregister) Autopilot device
You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
> [!div class="mx-imgBorder"]
> ![Delete device step 1.](images/delete-device1.png)
This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this action doesn't yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two separate datastores. The former (All devices) is the list of devices currently enrolled into Intune.
> [!NOTE]
> A device only appears in the **All devices** list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
To remove the device from the Autopilot program, select the device, and then select **Delete**. A pop-up dialog box appears to confirm deletion.
> [!div class="mx-imgBorder"]
> ![Delete device.](images/delete-device2.png)
At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
Once the device no longer appears, you're free to reuse it for other purposes.
If you also (optionally) want to remove your device from Azure AD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
## Appendix A: Verify support for Hyper-V
Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press **ENTER**, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
```console
C:>systeminfo
...
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
```
In this example, the computer supports SLAT and Hyper-V.
> [!NOTE]
> If one or more requirements are evaluated as **No** then the computer doesn't support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
```console
C:>coreinfo -v
Coreinfo v3.31 - Dump information on system CPU and memory topology
Copyright (C) 2008-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
Microcode signature: 0000001B
HYPERVISOR - Hypervisor is present
VMX * Supports Intel hardware-assisted virtualization
EPT * Supports Intel extended page tables (SLAT)
```
> [!NOTE]
> A 64-bit operating system is required to run Hyper-V.
## Appendix B: Adding apps to your profile
### Add a Win32 app
#### Prepare the app for Intune
Before you can pull an application into Intune to make it part of your AP profile, you need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following information to use the tool:
1. The source folder for your application
2. The name of the setup executable file
3. The output folder for the new file
For the purposes of this lab, we'll use the Notepad++ tool as the Win32 app.
Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
> [!div class="mx-imgBorder"]
> ![Add app example.](images/app01.png)
After the tool finishes running, you should have an `.intunewin` file in the Output folder. You can upload the file into Intune by using the following steps.
#### Create app in Intune
Sign in to the Azure portal, and then select **Intune**.
Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
![Add app step 1.](images/app02.png)
Under **App Type**, select **Windows app (Win32)**:
![Add app step 2.](images/app03.png)
On the **App package file** pane, browse to the `npp.7.6.3.installer.x64.intunewin` file in your output folder, open it, then select **OK**:
> [!div class="mx-imgBorder"]
> ![Add app step 3.](images/app04.png)
On the **App Information Configure** pane, provide a friendly name, description, and publisher, such as:
![Add app step 4.](images/app05.png)
On the **Program Configuration** pane, supply the install and uninstall commands:
```console
Install: msiexec /i "npp.7.6.3.installer.x64.msi" /q
Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
```
> [!NOTE]
> Likely, you don't have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
![Add app step 5.](images/app06.png)
Simply using an install command like `notepad++.exe /S` doesn't actually install Notepad++. It only launches the app. To install the program, you need to use the `.msi` file instead. Notepad++ doesn't have an MSI version of their program, but there's an MSI version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
Select **OK** to save your input and activate the **Requirements** pane.
On the **Requirements Configuration** pane, specify the **OS architecture** and the **Minimum OS version**:
> [!div class="mx-imgBorder"]
> ![Add app step 6.](images/app07.png)
Next, configure the **Detection rules**. For the purposes of this lab, select manual format:
> [!div class="mx-imgBorder"]
> ![Add app step 7.](images/app08.png)
Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
![Add app step 8.](images/app09.png)
Select **OK** twice to save, as you back out to the main **Add app** pane again for the final configuration.
**Return codes**: For the purposes of this lab, leave the return codes at their default values:
> [!div class="mx-imgBorder"]
> ![Add app step 9.](images/app10.png)
Select **OK** to exit.
You can skip configuring the final **Scope (Tags)** pane.
Select the **Add** button to finalize and save your app package.
Wait for indicator message that says the addition has completed.
> [!div class="mx-imgBorder"]
> ![Add app step 10.](images/app11.png)
Find your app in your app list:
> [!div class="mx-imgBorder"]
> ![Add app step 11.](images/app12.png)
#### Assign the app to your Intune profile
> [!NOTE]
> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties pane. Then select **Assignments** from the menu:
> [!div class="mx-imgBorder"]
> ![Assign app step 1.](images/app13.png)
Select **Add Group** to open the **Add group** pane that's related to the app.
For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
> [!NOTE]
> **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
Select **Included Groups** and assign the groups you previously created that will use this app:
![Assign app step 2.](images/app14.png)
> [!div class="mx-imgBorder"]
> ![Assign app step 3.](images/app15.png)
In the **Select groups** pane, choose the **Select** button.
In the **Assign group** pane, select **OK**.
In the **Add group** pane, select **OK**.
In the app **Assignments** pane, select **Save**.
> [!div class="mx-imgBorder"]
> ![Assign app step 4.](images/app16.png)
At this point, you have completed steps to add a Win32 app to Intune.
For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management).
### Add Microsoft 365 Apps
#### Create app in Microsoft Intune
Sign in to the Azure portal and select **Intune**.
Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
![Create app step 1.](images/app17.png)
Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**:
![Create app step 2.](images/app18.png)
Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel:
> [!div class="mx-imgBorder"]
> ![Create app step 3.](images/app19.png)
Select **OK**.
In the **App Suite Information** pane, enter a *unique* suite name, and a suitable description.
Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
> [!div class="mx-imgBorder"]
> ![Create app step 4.](images/app20.png)
Select **OK**.
In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection is okay for the purposes of this lab). Also select **Yes** for **Automatically accept the app end user license agreement**:
![Create app step 5.](images/app21.png)
Select **OK** and, then select **Add**.
#### Assign the app to your Intune profile
> [!NOTE]
> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties pane. Then select **Assignments** from the menu:
> [!div class="mx-imgBorder"]
> ![Create app step 6.](images/app22.png)
Select **Add Group** to open the **Add group** pane that's related to the app.
For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
Select **Included Groups** and assign the groups you previously created that will use this app:
![Create app step 7.](images/app23.png)
> [!div class="mx-imgBorder"]
> ![Create app step 8.](images/app24.png)
In the **Select groups** pane, choose the **Select** button.
In the **Assign group** pane, select **OK**.
In the **Add group** pane, select **OK**.
In the app **Assignments** pane, select **Save**.
![Create app step 9.](images/app25.png)
At this point, you have completed steps to add Office to Intune.
For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list. It might take several minutes to populate.
![Create app step 10.](images/app26.png)
## Glossary
| | Description |
|:---|:---|
|**OEM** | Original Equipment Manufacturer |
|**CSV** | Comma Separated Values |
|**MPC** | Microsoft Partner Center |
|**CSP** | Cloud Solution Provider |
|**MSfB** | Microsoft Store for Business |
|**Azure AD** | Azure Active Directory |
|**4K HH** | 4K Hardware Hash |
|**CBR** | Computer Build Report |
|**EC** | Enterprise Commerce (server) |
|**DDS** | Device Directory Service |
|**OOBE** | Out of the Box Experience |
|**VM** |Virtual Machine |

BIN
windows/deployment/windows-autopilot/images/aad-lic1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 43 KiB

BIN
windows/deployment/windows-autopilot/images/ap-aad-mdm.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 90 KiB

BIN
windows/deployment/windows-autopilot/images/app01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.2 KiB

BIN
windows/deployment/windows-autopilot/images/app02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 117 KiB

BIN
windows/deployment/windows-autopilot/images/app03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 48 KiB

BIN
windows/deployment/windows-autopilot/images/app04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 102 KiB

Some files were not shown because too many files have changed in this diff Show More