diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 9d1acc0a3c..40e34de9cd 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -33,6 +33,16 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur | **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | | **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set | +## Considerations for diagnostic data in Windows 10 Education +Your diagnostic data settings and how you configure them depend on the version of Windows 10 Education you're running. + +- For Windows 10 Education, version 1703 and version 1709, the diagnostic data level is set to Basic *only if* the computer is provisioned for Education, which you do setting **SharedPC\SetEduPolicies** to TRUE. This, in turn, sets the **System\AllowTelemetry** group policy to Basic. If the computer isn't provisioned or if the diagnostic level is not set via Group Policy, MDM, or OOBE (note that Azure AD-joined computers won't show OOBE consent form), the computer will fall back to Full diagnostic data collection. You can use [Setup School PC](use-set-up-school-pcs-app.md) to provision the computer. + +- For Windows 10 Education, version 1803, and later, setting **SharedPC\SetEduPolicies** to TRUE does *not* set the **System\AllowTelemetry** to Basic. Unless you set the diagnostic level via Group Policy, MDM, or OOBE, the computer will fall back to Full diagnostic data collection. For these computers, set the diagnostic level using [Group Policy](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#use-group-policy-to-set-the-diagnostic-data-level) or [MDM](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#use-mdm-to-set-the-diagnostic-data-level). + +- If you modify the diagnostic data level for Windows 10 Education, version 1703 and version 1709, those modifications are saved when you upgrade to version 1803 or later. + + ## Recommended configuration It is easy to be education ready when using Microsoft products. We recommend the following configuration: @@ -109,7 +119,7 @@ Set **Computer Configuration > Administrative Templates > Windows Components > S ## SetEduPolicies **SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It is a policy node in the [SharedPC configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/sharedpc-csp). -Use one of these methods to set this policy. +Use one of the following methods to set this policy. ### MDM - Intune for Education automatically sets this policy in the **All devices** group policy configuration. diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index f739985f3d..2f7c2c256d 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -66,6 +66,9 @@ The Diagnostic Data Viewer provides you with the following features to view and - **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft. Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system. + + >[!Important] + >Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.  diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 97d7c8d5e6..6d4df86d67 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -6,11 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: justinha -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual +author: brianlic-msft ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 6e09af0066..48de57d325 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 02/27/2019 --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune @@ -362,7 +362,7 @@ There are no default locations included with WIP, you must add each of your netw
Without proxy: contoso.sharepoint.com|contoso.visualstudio.com
For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.
If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>
.
Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/
string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/
.
When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.
If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>
.
Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL.
Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/
string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/
.
When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.