deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'ConfigRebrand-Four' of https://github.com/LauraKellerGitHub/windows-docs-pr into ConfigRebrand-Four

Browse Source
This commit is contained in:
LauraKellerGitHub 2020-02-06 17:52:25 -08:00
commit cd49671d08
227 changed files with 4154 additions and 5896 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
.openpublishing.redirection.json
View File

@ -14017,6 +14017,11 @@
"redirect_document_id": false
},
{
"source_path": "store-for-business/work-with-partner-microsoft-store-business.md",
"redirect_url": "https://docs.microsoft.com/microsoft-365/commerce/manage-partners",
"redirect_document_id": false
},
{
"source_path": "windows/manage/windows-10-mobile-and-mdm.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm",
"redirect_document_id": true
@ -15590,6 +15595,116 @@
"source_path": "windows/deployment/planning/windows-10-1903-removed-features.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
"redirect_document_id": false
}
},
{
"source_path": "windows/deployment/update/windows-analytics-azure-portal.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/windows-analytics-FAQ-troubleshooting.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/windows-analytics-get-started.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/windows-analytics-overview.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/windows-analytics-privacy.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/device-health-get-started.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/device-health-monitor.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/device-health-using.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-additional-insights.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-architecture.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-data-sharing.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-deployment-script.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-deploy-windows.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-get-started.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-identify-apps.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-requirements.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-resolve-issues.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-target-new-OS.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md",
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
"redirect_document_id": false
},
]
}

119
browsers/edge/includes/prevent-turning-off-required-extensions-include.md
View File

@ -1,59 +1,60 @@
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Prevent turning off required extensions-->
>*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
>*Default setting: Disabled or not configured (Allowed)*
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
### Supported values
| Group Policy | Description |
|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Disabled or not configured<br>**(default)** | Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off:<p><p>*Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe* <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.<p>Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Prevent turning off required extensions
- **GP name:** PreventTurningOffRequiredExtensions
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
- **Data type:** String
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
- **Value name:** PreventTurningOffRequiredExtensions
- **Value type:** REG_SZ
### Related policies
[Allow Developer Tools](../available-policies.md#allow-developer-tools): [!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
### Related topics
- [Find a package family name (PFN) for per-app VPN](https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn): There are two ways to find a PFN so that you can configure a per-app VPN.
- [How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/windows-store-for-business): The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal.
- [How to assign apps to groups with Microsoft Intune](https://docs.microsoft.com/intune/apps-deploy): Apps can be assigned to devices whether or not Intune manages them.
- [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune.
- [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house.
<hr>
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Prevent turning off required extensions-->
>*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
>*Default setting: Disabled or not configured (Allowed)*
[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
### Supported values
| Group Policy | Description |
|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Disabled or not configured<br>**(default)** | Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off:<p><p>*Microsoft.OneNoteWebClipper8wekyb3d8bbwe;Microsoft.OfficeOnline8wekyb3d8bbwe* <p>After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.<p>Removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Prevent turning off required extensions
- **GP name:** PreventTurningOffRequiredExtensions
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventTurningOffRequiredExtensions
- **Data type:** String
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
- **Value name:** PreventTurningOffRequiredExtensions
- **Value type:** REG_SZ
### Related policies
[Allow Developer Tools](../available-policies.md#allow-developer-tools): [!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
### Related topics
- [Find a package family name (PFN) for per-app VPN](https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn): There are two ways to find a PFN so that you can configure a per-app VPN.
- [How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/windows-store-for-business): The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal.
- [How to assign apps to groups with Microsoft Intune](https://docs.microsoft.com/intune/apps-deploy): Apps can be assigned to devices whether or not Intune manages them.
- [Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune.
- [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house.
<hr>

2
browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
View File

@ -48,7 +48,7 @@ Before you start, you need to make sure you have the following:
- IETelemetry.mof file
- Sample System Center 2012 report templates
- Sample Configuration Manager report templates
You must use System Center 2012 R2 Configuration Manager or later for these samples to work.

47
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
View File

@ -163,27 +163,58 @@ This table includes the attributes used by the Enterprise Mode schema.
</tr>
<tr>
<td>exclude</td>
<td>Specifies the domain or path is excluded from applying Enterprise Mode. This attribute is only supported on the &lt;domain&gt; and &lt;path&gt; elements in the &lt;emie&gt; section.
<p><b>Example</b>
<td>Specifies the domain or path excluded from applying Enterprise Mode. This attribute is only supported on the &lt;domain&gt; and &lt;path&gt; elements in the &lt;emie&gt; section. If this attribute is absent, it defaults to false.
<br />
<p><b>Example:</b></p>
<pre class="syntax">
&lt;emie&gt;
&lt;domain exclude=&quot;false&quot;&gt;fabrikam.com
&lt;path exclude=&quot;true&quot;&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">https://fabrikam.com</a> uses IE8 Enterprise Mode, but <a href="https://fabrikam.com/products" data-raw-source="https://fabrikam.com/products">https://fabrikam.com/products</a> does not.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">https://fabrikam.com</a> uses IE8 Enterprise Mode, but <a href="https://fabrikam.com/products" data-raw-source="https://fabrikam.com/products">https://fabrikam.com/products</a> does not.</p></td>
<td>Internet Explorer 11</td>
</tr>
<tr>
<td>docMode</td>
<td>Specifies the document mode to apply. This attribute is only supported on &lt;domain&gt; or &lt;path&gt; elements in the &lt;docMode&gt; section.
<p><b>Example</b>
<br />
<p><b>Example:</b></p>
<pre class="syntax">
&lt;docMode&gt;
&lt;domain exclude=&quot;false&quot;&gt;fabrikam.com
&lt;path docMode=&quot;7&quot;&gt;/products&lt;/path&gt;
&lt;domain&gt;fabrikam.com
&lt;path docMode=&quot;9&quot;&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/docMode&gt;</pre></td>
&lt;/docMode&gt;</pre><p>
Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">https://fabrikam.com</a> loads in IE11 document mode, but <a href="https://fabrikam.com/products" data-raw-source="https://fabrikam.com/products">https://fabrikam.com/products</a> uses IE9 document mode.</p></td>
<td>Internet Explorer 11</td>
</tr>
<tr>
<td>doNotTransition</td>
<td>Specifies that the page should load in the current browser, otherwise it will open in IE11. This attribute is supported on all &lt;domain&gt; or &lt;path&gt; elements. If this attribute is absent, it defaults to false.
<br />
<p><b>Example:</b></p>
<pre class="syntax">
&lt;emie&gt;
&lt;domain doNotTransition=&quot;false&quot;&gt;fabrikam.com
&lt;path doNotTransition=&quot;true&quot;&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">https://fabrikam.com</a> opens in the IE11 browser, but <a href="https://fabrikam.com/products" data-raw-source="https://fabrikam.com/products">https://fabrikam.com/products</a> loads in the current browser (eg. Microsoft Edge).</p></td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
<td>forceCompatView</td>
<td>Specifies that the page should load in IE7 document mode (Compat View). This attribute is only supported on &lt;domain&gt; or &lt;path&gt; elements in the &lt;emie&gt; section. If the page is also configured to load in Enterprise Mode, it will load in IE7 Enterprise Mode. Otherwise (exclude=&quot;true&quot;), it will load in IE11's IE7 document mode. If this attribute is absent, it defaults to false.
<br />
<p><b>Example:</b></p>
<pre class="syntax">
&lt;emie&gt;
&lt;domain exclude=&quot;true&quot;&gt;fabrikam.com
&lt;path forceCompatView=&quot;true&quot;&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where <a href="https://fabrikam.com" data-raw-source="https://fabrikam.com">https://fabrikam.com</a> does not use Enterprise Mode, but <a href="https://fabrikam.com/products" data-raw-source="https://fabrikam.com/products">https://fabrikam.com/products</a> uses IE7 Enterprise Mode.</p></td>
<td>Internet Explorer 11</td>
</tr>
</table>

4
browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
View File

@ -56,7 +56,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md).
- **Use an update management solution to control update deployment.**
If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Endpoint Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
>[!Note]
>If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202).
@ -65,7 +65,7 @@ Additional information on Internet Explorer 11, including a Readiness Toolkit, t
## Availability of Internet Explorer 11
Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the System Center Configuration Manager, Microsoft Systems Management Server, and WSUS.
Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Configuration Manager and WSUS.
## Prevent automatic installation of Internet Explorer 11 with WSUS

2
browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
View File

@ -46,7 +46,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manage
| Turn off the ability to launch report site problems using a menu option | Administrative Templates\Windows Components\Internet Explorer\Browser menus | Internet Explorer 11 | This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.<p>If you enable this policy setting, users wont be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.<p>If you disable or dont configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
| Turn off the flip ahead with page prediction feature | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 on Windows 8 | This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.<p>If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isnt loaded into the background.<p>If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.<p>If you dont configure this setting, users can turn this behavior on or off, using the **Settings** charm.<p>**Note**<br>Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isnt available for Internet Explorer for the desktop. |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.<p>**Important**<br>When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
| Turn on Site Discovery WMI output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as System Center Configuration Manager.<p>If you disable or dont configure this setting, the Internet Explorer Site Discovery Toolkit wont log its collected data to an WMI class.<p>**Note:**<br>Enabling or disabling this setting wont impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
| Turn on Site Discovery WMI output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as Microsoft Endpoint Configuration Manager.<p>If you disable or dont configure this setting, the Internet Explorer Site Discovery Toolkit wont log its collected data to an WMI class.<p>**Note:**<br>Enabling or disabling this setting wont impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
| Turn on Site Discovery XML output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.<p>If you disable or dont configure this setting, the Internet Explorer Site Discovery Toolkit wont log its collected data to an XML file.<p>**Note:**<br>Enabling or disabling this setting wont impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
| Use the Enterprise Mode IE website list | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1511 | This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users cant edit this list.<p>If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.<p>If you disable or dont configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |

6
devices/hololens/TOC.md
View File

@ -16,9 +16,11 @@
## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
# HoloLens in commercial environments
## [Commercial feature overview](hololens-commercial-features.md)
# Deploying HoloLens and Mixed Reality Apps in Commercial Environments
## [Deployment planning](hololens-requirements.md)
## [Commercial feature overview](hololens-commercial-features.md)
## [Lincense Requriements](hololens-licenses-requirements.md)
## [Commercial Infrastructure Guidance](hololens-commercial-infrastructure.md)
## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)

113
devices/hololens/hololens-commercial-infrastructure.md Normal file
View File

@ -0,0 +1,113 @@
---
title: Infrastructure Guidelines for HoloLens
description:
ms.prod: hololens
ms.sitesec: library
author: pawinfie
ms.author: pawinfie
audience: ITPro
ms.topic: article
ms.localizationpriority: high
ms.date: 1/23/2020
ms.reviewer:
manager: bradke
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Configure Your Network
This portion of the document will require the following people:
1. Network Admin with permissions to make changes to the proxy/firewall
2. Azure Active Directory Admin
3. Mobile Device Manager Admin
4. Teams admin for Remote Assist only
## Infrastructure Requirements
### HoloLens Specific Network Requirements
Make sure that these ports and URLs are allowed on your network firewall. This will enable HoloLens to function properly. The latest list can be found [here](hololens-offline.md).
### Remote Assist Specific Network Requirements
1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
**Please note, if you dont network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer.**
1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams).
### Guides Specific Network Requirements
Guides only require network access to download and use the app.
## Azure Active Directory Guidance
This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
### 1. Ensure that you have an Azure AD License.
Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md)for additional information.
### 2. Ensure that your companys users are in Azure Active Directory (Azure AD).
Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory).
### 3. We suggest that users who will be need similar licenses are added to a group.
1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
2. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
### 4. Ensure that your companys users (or group of users) are assigned the necessary licenses.
Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups).
### 5. **IMPORTANT:** Only do this step if users are expected to enroll their HoloLens/Mobile device onto the network.
These steps ensure that your companys users (or a group of users) can add devices.
1. Option 1: Give all users permission to join devices to Azure AD.
**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
**Set Users may join devices to Azure AD to *All***
1. Option 2: Give selected users/groups permission to join devices to Azure AD
**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
**Set Users may join devices to Azure AD to *Selected***
![Image that shows Configuration of Azure AD Joined Devices](images/azure-ad-image.png)
1. Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled by your IT department.
## Mobile Device Manager Admin Steps
### Scenario 1: Kiosk Mode
As a note, auto-launching an app does not currently work for HoloLens.
How to Set Up Kiosk Mode Using Microsoft Intune.
#### 1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business))
#### 2. Check your app settings
1. Log into your Microsoft Store Business account
1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”**
1. If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
#### 3. Configuring Kiosk Mode using MDM
Information on configuring Kiosk Mode in Intune can be found [here](https://docs.microsoft.com/hololens/hololens-kiosk#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
>[!NOTE]
>You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
If you are configuring Kiosk Mode on an MDM other than Intune, please check your MDM provider's documentation.
## Additional Intune Quick Links
1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/create-compliance-policy)
1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
## Certificates and Authentication
### MDM Certificate Distribution
If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/certificates-profile-scep).
### Device Certificates
Certificates can also be added to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.

2
devices/hololens/hololens-kiosk.md
View File

@ -20,7 +20,7 @@ In Windows 10, version 1803, you can configure your HoloLens devices to run as m
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they dont need to access.
Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the [start gestures](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) (including [Bloom](https://docs.microsoft.com/hololens/hololens1-basic-usage) on HoloLens (1st Gen)) and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
The following table lists the device capabilities in the different kiosk modes.

50
devices/hololens/hololens-licenses-requirements.md Normal file
View File

@ -0,0 +1,50 @@
---
title: Licenses for Mixed Reality Deployment
description:
ms.prod: hololens
ms.sitesec: library
author: pawinfie
ms.author: pawinfie
audience: ITPro
ms.topic: article
ms.localizationpriority: high
ms.date: 1/23/2020
ms.reviewer:
manager: bradke
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Licenses Required for Mixed Reality Deployment
If you plan on using a Mobile Device Management system (MDM) to manage your HoloLens, please review the MDM License Guidance section.
## Mobile Device Management (MDM) Licenses Guidance
If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required.
If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.**
## Identify the licenses needed for your scenario and products
### Remote Assist License Requirements
Make sure you have the required licensing and device. Updated licensing and product requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/requirements).
1. [Remote Assist License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
### Guides License Requirements
Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements).
1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
1. [Power BI](https://powerbi.microsoft.com/desktop/)
1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
### Scenario 1: Kiosk Mode
If you are not planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
1. If you are **not** planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
1. If you are planning to use an MDM other than Intune, your MDM provider will have steps on configuring Kiosk mode.
1. If you are planning to use **Intune** as your MDM, implementation directions can be found in [Configuring your Network for HoloLens]().

128
devices/hololens/hololens-offline.md
View File

@ -1,5 +1,5 @@
---
title: Use HoloLens offline
title: Manage connection endpoints for HoloLens
description: To set up HoloLens, you'll need to connect to a Wi-Fi network
keywords: hololens, offline, OOBE
audience: ITPro
@ -17,13 +17,13 @@ appliesto:
- HoloLens 2
---
# Use HoloLens offline
# Manage connection endpoints for HoloLens
HoloLens support a limited set of offline experiences for connectivity conscious customers and for customers who have environmental limits on connectivity.
Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be whitelisted in your network configuratiion (e.g. proxy or firewall) for those components to be functional.
## Near-offline setup
HoloLens need a network connection to go through initial device set up. If your corporate network has network restrictions, the following URLs will need to be available:
HoloLens supports a limited set of offline experiences for customers who have network environment restrictions. However, HoloLens needs network connection to go through initial device set up and the following URLs have to be enabled:
| Purpose | URL |
|------|------|
@ -35,9 +35,125 @@ HoloLens need a network connection to go through initial device set up. If your
| MSA | https://login.live.com/ppsecure/inlineconnect.srf?id=80600 |
| MSA Pin | https://account.live.com/msangc?fl=enroll |
Additional references:
## Endpoint configuration
In addition to the list above, to take full advantage of HoloLens functionality, the following endpoints need to be enabled in your network configuration.
| Purpose | URL |
|------|------|
| Azure | wd-prod-fe.cloudapp.azure.com | | |
| | ris-prod-atm.trafficmanager.net | | | |
| | validation-v2.sls.trafficmanager.net | | | |
| Azure AD Multi-Factor Authentication | https://secure.aadcdn.microsoftonline-p.com | | | |
| Intune and MDM Configurations | activation-v2.sls.microsoft.com/* | | | |
| | cdn.onenote.net | | | |
| | client.wns.windows.com | | | |
| | crl.microsoft.com/pki/crl/* | | | |
| | ctldl.windowsupdate.com | | | |
| | *displaycatalog.mp.microsoft.com | | | |
| | dm3p.wns.windows.com | | | |
| | *microsoft.com/pkiops/* | | | |
| | ocsp.digicert.com/* | | | |
| | r.manage.microsoft.com | | | |
| | tile-service.weather.microsoft.com | | | |
| | settings-win.data.microsoft.com | | | |
| Certificates | activation-v2.sls.microsoft.com/* | | | |
| | crl.microsoft.com/pki/crl/* | | | |
| | ocsp.digicert.com/* | | | |
| | https://www.microsoft.com/pkiops/* | | | |
| Cortana and Search | store-images.*microsoft.com | | | |
| | www.bing.com/client | | | |
| | www.bing.com | | | |
| | www.bing.com/proactive | | | |
| | www.bing.com/threshold/xls.aspx | | | |
| | exo-ring.msedge.net | | | |
| | fp.msedge.net | | | |
| | fp-vp.azureedge.net | | | |
| | odinvzc.azureedge.net | | | |
| | spo-ring.msedge.net | | | |
| Device Authentication | login.live.com* | | | |
| Device metadata | dmd.metaservices.microsoft.com | | | |
| Location | inference.location.live.net | | | |
| | location-inference-westus.cloudapp.net | | | |
| Diagnostic Data | v10.events.data.microsoft.com | | | |
| | v10.vortex-win.data.microsoft.com/collect/v1 | | | |
| | https://www.microsoft.com | | | |
| | co4.telecommand.telemetry.microsoft.com | | | |
| | cs11.wpc.v0cdn.net | | | |
| | cs1137.wpc.gammacdn.net | | | |
| | modern.watson.data.microsoft.com* | | | |
| | watson.telemetry.microsoft.com | | | |
| Licensing | licensing.mp.microsoft.com | | | |
| Microsoft Account | login.msa.akadns6.net | | | |
| | us.configsvc1.live.com.akadns.net | | | |
| Microsoft Edge | iecvlist.microsoft.com | | | |
| Microsoft forward link redirection service (FWLink) | go.microsoft.com | | | |
| Microsoft Store | *.wns.windows.com | | | |
| | storecatalogrevocation.storequality.microsoft.com | | | |
| | img-prod-cms-rt-microsoft-com* | | | |
| | store-images.microsoft.com | | | |
| | .md.mp.microsoft.com | | |
| | *displaycatalog.mp.microsoft.com | | | |
| | pti.store.microsoft.com | | | |
| | storeedgefd.dsx.mp.microsoft.com | | | |
| | markets.books.microsoft.com | | | |
| | share.microsoft.com | | | |
| Network Connection Status Indicator (NCSI) | www.msftconnecttest.com* | | | |
| Office | *.c-msedge.net | | | |
| | *.e-msedge.net | | | |
| | *.s-msedge.net | | | |
| | nexusrules.officeapps.live.com | | | |
| | ocos-office365-s2s.msedge.net | | | |
| | officeclient.microsoft.com | | | |
| | outlook.office365.com | | | |
| | client-office365-tas.msedge.net | | | |
| | https://www.office.com | | | |
| | onecollector.cloudapp.aria | | | |
| | v10.events.data.microsoft.com/onecollector/1.0/ | | | |
| | self.events.data.microsoft.com | | | |
| | to-do.microsoft.com | | | |
| OneDrive | g.live.com/1rewlive5skydrive/* | | | |
| | msagfx.live.com | | | |
| | oneclient.sfx.ms | | | |
| Photos App | evoke-windowsservices-tas.msedge.net | | | |
| Settings | cy2.settings.data.microsoft.com.akadns.net | | | |
| | settings.data.microsoft.com | | | |
| | settings-win.data.microsoft.com | | | |
| Windows Defender | wdcp.microsoft.com | | | |
| | definitionupdates.microsoft.com | | | |
| | go.microsoft.com | | | |
| | *smartscreen.microsoft.com | | | |
| | smartscreen-sn3p.smartscreen.microsoft.com | | | |
| | unitedstates.smartscreen-prod.microsoft.com | | | |
| Windows Spotlight | *.search.msn.com | | | |
| | arc.msn.com | | | |
| | g.msn.com* | | | |
| | query.prod.cms.rt.microsoft.com | | | |
| | ris.api.iris.microsoft.com | | | |
| Windows Update | *.prod.do.dsp.mp.microsoft.com | | | |
| | cs9.wac.phicdn.net | | | |
| | emdl.ws.microsoft.com | | | |
| | *.dl.delivery.mp.microsoft.com | | | |
| | *.windowsupdate.com | | | |
| | *.delivery.mp.microsoft.com | | | |
| | *.update.microsoft.com | | | |
## References
> [!NOTE]
> If you are deploying D365 Remote Assist, you will have to enable the endpoints on this [list](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams)
- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization)
- [Manage connection endpoints for Windows 10 Enterprise, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints)
- [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
- [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
- [Intune network configuration requirements and bandwidth](https://docs.microsoft.com/intune/fundamentals/network-bandwidth-use#network-communication-requirements)
- [Network endpoints for Microsoft Intune](https://docs.microsoft.com/intune/fundamentals/intune-endpoints)
- [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges)
- [Prerequisites for Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-install-prerequisites)
- [Technical reference for AAD related IP ranges and URLs](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges)
## HoloLens limitations

6
devices/hololens/hololens1-start.md
View File

@ -6,7 +6,7 @@ ms.prod: hololens
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.date: 8/12/19
ms.date: 8/12/2019
manager: jarrettr
ms.topic: article
ms.localizationpriority: high
@ -26,9 +26,9 @@ Before you get started, make sure you have the following available:
**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
**A Microsoft account or a work account**. You'll also need to use a Microsoft account (or a work account, if your organization owns the device) to sign in to HoloLens. If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
**A Microsoft account or a work account**. You'll also need to use a Microsoft account (or a work account, if your organization owns the device) to sign in to HoloLens. If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free.
**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661).
**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens).

BIN
devices/hololens/images/aad-kioskmode.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
devices/hololens/images/azure-ad-image.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

6
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -617,7 +617,7 @@ try {
catch
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}
@ -1104,7 +1104,7 @@ if ($fSfbIsOnline)
}
catch
{
CleanupAndFail "To verify Skype for Business in online tenants you need the Lync Online Connector module from http://www.microsoft.com/download/details.aspx?id=39366"
CleanupAndFail "To verify Skype for Business in online tenants you need the Lync Online Connector module from https://www.microsoft.com/download/details.aspx?id=39366"
}
}
else
@ -1518,7 +1518,7 @@ if ($online)
catch
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366"
PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}

BIN
devices/surface-hub/images/surface-hub-2s-repack-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 50 KiB

After

Width:  |  Height:  |  Size: 17 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-10.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 9.5 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-11.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 70 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-12.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 13 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-13.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 33 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 11 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-3.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 73 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-5.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 9.4 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-6.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-7.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-8.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 87 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
devices/surface-hub/images/surface-hub-2s-repack-9.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-camera-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-camera-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 158 KiB

After

Width:  |  Height:  |  Size: 34 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 54 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 9.8 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 9.4 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 21 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 14 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 15 KiB

BIN
devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 7.4 KiB

17
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -129,17 +129,16 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup
| MDM provider | Supports offline-licensed app packages |
|-----------------------------|----------------------------------------|
| On-premises MDM with System Center Configuration Manager (beginning in version 1602) | Yes |
| Hybrid MDM with System Center Configuration Manager and Microsoft Intune | Yes |
| [Microsoft Intune standalone](https://docs.microsoft.com/intune/windows-store-for-business) | Yes |
| On-premises MDM with Configuration Manager (beginning in version 1602) | Yes |
|
| Third-party MDM provider | Check to make sure your MDM provider supports deploying offline-licensed app packages. |
**To deploy apps remotely using System Center Configuration Manager (either on-prem MDM or hybrid MDM)**
**To deploy apps remotely using Microsoft Endpoint Configuration Manager**
> [!NOTE]
> These instructions are based on the current branch of System Center Configuration Manager.
> These instructions are based on the current branch of Microsoft Endpoint Configuration Manager.
1. Enroll your Surface Hubs to System Center Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm).
1. Enroll your Surface Hubs to Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm).
2. Download the offline-licensed app package, the *encoded* license file, and any necessary dependency files from the Store for Business. For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app). Place the downloaded files in the same folder on a network share.
3. In the **Software Library** workspace of the Configuration Manager console, click **Overview** > **Application Management** > **Applications**.
4. On the **Home** tab, in the **Create** group, click **Create Application**.
@ -150,11 +149,11 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup
9. On the **General Information** page, complete additional details about the app. Some of this information might already be populated if it was automatically obtained from the app package.
10. Click **Next**, review the application information on the Summary page, and then complete the Create Application Wizard.
11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application).
12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx).
12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx).
> [!NOTE]
> If you are using System Center Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to System Center Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with System Center Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx).
> If you are using Microsoft Endpoint Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Microsoft Store for Business with Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx).
## Summary

25
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -19,9 +19,8 @@ ms.localizationpriority: medium
Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
Surface Hub has been validated with Microsofts first-party MDM providers:
- On-premises MDM with System Center Configuration Manager (beginning in version 1602)
- Hybrid MDM with System Center Configuration Manager and Microsoft Intune
- Microsoft Intune standalone
- On-premises MDM with Microsoft Endpoint Configuration Manager
You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
@ -32,7 +31,7 @@ You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
**To configure bulk enrollment**
- Surface Hub supports the [Provisioning CSP](https://msdn.microsoft.com/library/windows/hardware/mt203665.aspx) for bulk enrollment into MDM. For more information, see [Windows 10 bulk enrollment](https://msdn.microsoft.com/library/windows/hardware/mt613115.aspx).<br>
--OR--
- If you have an on-premises System Center Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/library/mt627898.aspx).
- If you have an on-premises Microsoft Endpoint Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm).
### Manual enrollment
**To configure manual enrollment**
@ -52,11 +51,11 @@ Then, when devices are setup during First-run, pick the option to join to Azure
## Manage Surface Hub settings with MDM
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and Microsoft Endpoint Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
### Supported Surface Hub CSP settings
You can configure the Surface Hub settings in the following table using MDM. The table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
You can configure the Surface Hub settings in the following table using MDM. The table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML.
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323).
@ -92,7 +91,7 @@ For more information, see [SurfaceHub configuration service provider](https://ms
In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference).
The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML.
#### Security settings
@ -160,10 +159,10 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|---------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. <br> See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. <br> See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes |
| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. <br> See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. <br> See [How to create certificate profiles in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/create-certificate-profiles). | Yes |
<!--
| Install client certificates | Use to deploy Personal Information Exchange (.pfx, .p12) certificates. | [ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes. <br> See [How to Create and Deploy PFX Certificate Profiles in Intune Standalone](https://blogs.technet.microsoft.com/karanrustagi/2016/03/16/want-to-push-a-certificate-to-device-but-cant-use-ndes-continue-reading/). | Yes. <br> See [How to create PFX certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-pfx-certificate-profiles). | Yes |
| Install client certificates | Use to deploy Personal Information Exchange (.pfx, .p12) certificates. | [ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx) | Yes. <br> See [How to Create and Deploy PFX Certificate Profiles in Intune Standalone](https://blogs.technet.microsoft.com/karanrustagi/2016/03/16/want-to-push-a-certificate-to-device-but-cant-use-ndes-continue-reading/). | Yes. <br> See [How to create PFX certificate profiles in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/create-pfx-certificate-profiles). | Yes |
-->
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -202,7 +201,7 @@ The following tables include info on Windows 10 settings that have been validate
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Generate OMA URIs for settings
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager.
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
**To generate the OMA URI for any setting in the CSP documentation**
1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br>
@ -226,11 +225,11 @@ You can use Microsoft Intune to manage Surface Hub settings. For custom settings
<span id="example-sccm">
## Example: Manage Surface Hub settings with System Center Configuration Manager
System Center Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use System Center Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
> [!NOTE]
> These instructions are based on the current branch of System Center Configuration Manager.
> These instructions are based on the current branch of Configuration Manager.
**To create a configuration item for Surface Hub settings**
@ -265,7 +264,7 @@ System Center Configuration Manager supports managing modern devices that do not
18. When you're done, on the **Browse Settings** dialog, click **Close**.
19. Complete the wizard. <br> You can view the new configuration item in the **Configuration Items** node of the **Assets and Compliance** workspace.
For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the System Center Configuration Manager client](https://docs.microsoft.com/sccm/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client).
For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the Microsoft Endpoint Configuration Manager client](https://docs.microsoft.com/configmgr/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client).
## Related topics

2
devices/surface-hub/manage-surface-hub.md
View File

@ -19,7 +19,7 @@ ms.localizationpriority: medium
After initial setup of Microsoft Surface Hub, the devices settings and configuration can be modified or changed in a couple ways:
- **Local management** - Every Surface Hub can be configured locally using the **Settings** app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. For more information, see [Local management for Surface Hub settings](local-management-surface-hub-settings.md).
- **Remote management** - Surface Hub allow IT admins to manage settings and policies using a mobile device management (MDM) provider, such as Microsoft Intune, System Center Configuration Manager, and other third-party providers. Additionally, admins can monitor Surface Hubs using Microsoft Operations Management Suite (OMS). For more information, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md), and [Monitor your Microsoft Surface Hub](monitor-surface-hub.md).
- **Remote management** - Surface Hub allow IT admins to manage settings and policies using a mobile device management (MDM) provider, such as Microsoft Intune, Microsoft Endpoint Configuration Manager, and other third-party providers. Additionally, admins can monitor Surface Hubs using Microsoft Operations Management Suite (OMS). For more information, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md), and [Monitor your Microsoft Surface Hub](monitor-surface-hub.md).
> [!NOTE]
> These management methods are not mutually exclusive. Devices can be both locally and remotely managed if you choose. However, MDM policies and settings will overwrite any local changes when the Surface Hub syncs with the management server.

2
devices/surface-hub/manage-windows-updates-for-surface-hub.md
View File

@ -58,7 +58,7 @@ Surface Hubs, like all Windows 10 devices, include **Windows Update for Business
2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates).
> [!NOTE]
> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune)
> You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune)
### Group Surface Hub into deployment rings

2
devices/surface-hub/prepare-your-environment-for-surface-hub.md
View File

@ -28,7 +28,7 @@ Review these dependencies to make sure Surface Hub features will work in your IT
| Active Directory or Azure Active Directory (Azure AD) | <p>The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device accounts credentials, as well as to access information like the device accounts display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.</p>You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub. |
| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync | <p>Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.</p>ActiveSync is used to sync the device accounts calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. |
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.|
| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
| Mobile device management (MDM) solution (Microsoft Intune, Microsoft Endpoint Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.</br></br></br>**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.</br>**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).</br></br>**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.</br></br>**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. |

79
devices/surface-hub/surface-hub-2s-pack-components.md
View File

@ -9,7 +9,7 @@ ms.author: greglin
manager: laurawi
audience: Admin
ms.topic: article
ms.date: 07/1/2019
ms.date: 02/06/2019
ms.localizationpriority: Medium
---
@ -24,62 +24,45 @@ If you replace your Surface Hub 2S, one of its components, or a related accessor
Use the following steps to pack your Surface Hub 2S 50" for shipment.
![The Surface Hub unit and mobile stand.](images/surface-hub-2s-repack-1.png)
![Remove the pen and the camera. Do not pack them with the unit.](images/surface-hub-2s-repack-2.png)
| | | |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **1.** | Remove the pen and the camera. Do not pack them with the unit. | ![Remove the pen and the camera. Do not pack them with the unit.](images/surface-hub-2s-repack-2.png) |
| **2.** | Remove the drive and the power cable. Do not pack them with the unit. Do not pack the Setup guide with the unit. | ![Remove the drive and the power cable. Do not pack them with the unit.](images/surface-hub-2s-repack-3.png) |
| **3.** | Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge. | ![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-repack-5.png) |
| **4.** | Slide the Compute Cartridge out of the unit. | ![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-repack-6.png) |
| **5.** | You will need the Compute Cartridge and a screwdriver. | ![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-repack-7.png)|
| **6.** | Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). | ![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD).](images/surface-hub-2s-repack-8.png)|
| **7.** | Replace the cover and slide the Compute Cartridge back into the unit. | ![Replace the cover and slide the Compute Cartridge back into the unit.](images/surface-hub-2s-repack-9.png)|
| **8.** | Re-fasten the locking screw and slide the cover into place. | ![Re-fasten the locking screw and slide the cover into place.](images/surface-hub-2s-repack-10.png)|
| **9.** | Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container. | ![Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.](images/surface-hub-2s-repack-11.png)|
| **10.** | Replace the cover of the shipping container, and insert the four clips. | ![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png|
| **11.** | Close the four clips. | ![Close the four clips.](images/surface-hub-2s-repack-13.png)|
![Remove the drive and the power cable. Do not pack them with the unit.](images/surface-hub-2s-repack-3.png)
![Do not pack the Setup guide with the unit.](images/surface-hub-2s-repack-4.png)
![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-repack-5.png)
![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-repack-6.png)
![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-repack-7.png)
![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD).](images/surface-hub-2s-repack-8.png)
![Replace the cover and slide the Compute Cartridge back into the unit.](images/surface-hub-2s-repack-9.png)
![Re-fasten the locking screw and slide the cover into place.](images/surface-hub-2s-repack-10.png)
![Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.](images/surface-hub-2s-repack-11.png)
![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png)
![Close the four clips.](images/surface-hub-2s-repack-13.png)
## How to replace and pack your Surface Hub 2S Compute Cartridge
Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.
Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.<br>
![Image of the compute cartridge.](images/surface-hub-2s-replace-cartridge-1.png)
![Image of the compute cartridge.](images/surface-hub-2s-replace-cartridge-1.png)
![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-replace-cartridge-2.png)
![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-replace-cartridge-3.png)
![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-replace-cartridge-4.png)
![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover.](images/surface-hub-2s-repack-8.png)
![You will need the packaging fixtures that were used to package your replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-6.png)
![Place the old Compute Cartridge in the packaging fixtures.](images/surface-hub-2s-replace-cartridge-7.png)
![Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box.](images/surface-hub-2s-replace-cartridge-8.png)
![Image of the replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-1.png)
![Slide the replacement Compute Cartridge into the unit.](images/surface-hub-2s-replace-cartridge-9.png)
![Fasten the locking screw and slide the cover into place.](images/surface-hub-2s-replace-cartridge-10.png)
| | | |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **1.** | Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge. | ![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-replace-cartridge-2.png) |
| **2.** | Slide the Compute Cartridge out of the unit. | ![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-replace-cartridge-3.png) |
| **3.** | You will need the Compute Cartridge and a screwdriver. | ![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-replace-cartridge-4.png) |
| **4.** | Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover. | ![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover.](images/surface-hub-2s-repack-8.png) |
| **5.**| You will need the packaging fixtures that were used to package your replacement Compute Cartridge. | ![You will need the packaging fixtures that were used to package your replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-6.png) |
| **6.**| Place the old Compute Cartridge in the packaging fixtures. | ![Place the old Compute Cartridge in the packaging fixtures.](images/surface-hub-2s-replace-cartridge-7.png) |
| **7.** | Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box. | ![Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box.](images/surface-hub-2s-replace-cartridge-8.png)|
| **8.**| Slide the replacement Compute Cartridge into the unit. | ![Slide the replacement Compute Cartridge into the unit.](images/surface-hub-2s-replace-cartridge-9.png) |
| **9.**| Fasten the locking screw and slide the cover into place | ![Fasten the locking screw and slide the cover into place.](images/surface-hub-2s-replace-cartridge-10.png) |
## How to replace your Surface Hub 2S Camera
Use the following steps to remove the Surface Hub 2S camera and install the new camera.
![You will need the new camera and the two-millimeter allen wrench](images/surface-hub-2s-replace-camera-1.png)
![Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit.](images/surface-hub-2s-replace-camera-2.png)
| | | |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
| **1.** | You will need the new camera and the two-millimeter allen wrench. |![You will need the new camera and the two-millimeter allen wrench](images/surface-hub-2s-replace-camera-1.png) |
| **2.** | Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit. | ![Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit.](images/surface-hub-2s-replace-camera-2.png) |

12
devices/surface-hub/surface-hub-update-history.md
View File

@ -24,6 +24,17 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
## Windows 10 Team Creators Update 1703
<details>
<summary>January 14, 2020—update for Team edition based on KB4534296* (OS Build 15063.2254)</summary>
This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
* Addresses an issue with log collection for Microsoft Surface Hub 2S.
Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
*[KB4534296](https://support.microsoft.com/help/4534296)
</details>
<details>
<summary>September 24, 2019—update for Team edition based on KB4516059* (OS Build 15063.2078)</summary>
@ -57,7 +68,6 @@ Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface
This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
* Addresses an issue with log collection for Microsoft Surface Hub 2S.
* Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
* Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios.
* Fixes to improve reliability of Hardware Diagnostic App on Hub 2S.

6
devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
View File

@ -89,11 +89,11 @@ The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets t
Field |Success |Failure |Comment |Reference
|------|------|------|------|------|
Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |
HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store |
Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? |
Proxy Address | | |If configured, returns proxy address. |
Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. |
Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. |
#### Environment
@ -131,5 +131,5 @@ SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if av
Field |Success |Failure |Comment |Reference
|------|------|------|------|------|
Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. |[Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue.
Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. |

2
devices/surface/TOC.md
View File

@ -56,7 +56,7 @@
### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
### [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
### [Surface Data Eraser](microsoft-surface-data-eraser.md)
## Troubleshoot

4
devices/surface/change-history-for-surface.md
View File

@ -173,7 +173,7 @@ New or changed topic | Description
|New or changed topic | Description |
| --- | --- |
|[Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | Added procedure for viewing certificate thumbprint. |
|[Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New |
|[Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New |
@ -181,7 +181,7 @@ New or changed topic | Description
| New or changed topic | Description |
| --- | --- |
| [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | New |
| [Considerations for Surface and Microsoft Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | New |
| [Long-term servicing branch for Surface devices](ltsb-for-surface.md) | New |

20
devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
View File

@ -16,25 +16,23 @@ ms.reviewer:
manager: dansimp
---
# Considerations for Surface and System Center Configuration Manager
# Considerations for Surface and Microsoft Endpoint Configuration Manager
Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client; to publish apps, settings, and policies, you use the same process as you would use for any other device.
Fundamentally, management and deployment of Surface devices with Microsoft Endpoint Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client; to publish apps, settings, and policies, you use the same process as you would use for any other device.
You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index).
You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/index).
Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios. The solutions documented in this article may apply to other devices and manufacturers as well.
> [!NOTE]
> For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
> For management of Surface devices it is recommended that you use the Current Branch of Microsoft Endpoint Configuration Manager.
## Updating Surface device drivers and firmware
For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
> [!NOTE]
> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into Microsoft Endpoint Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
## Surface Ethernet adapters and Configuration Manager deployment
@ -42,9 +40,9 @@ The default mechanism that Configuration Manager uses to identify devices during
To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options:
* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in SMicrosoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in Microsoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post.
@ -60,7 +58,7 @@ With the release of Microsoft Store for Business, Surface app is no longer avail
If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices.
Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post.
Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in Microsoft Endpoint Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post.
## Licensing conflicts with OEM Activation 3.0

2
devices/surface/customize-the-oobe-for-surface-deployments.md
View File

@ -34,7 +34,7 @@ In some scenarios, you may want to provide complete automation to ensure that at
This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image).
>[!NOTE]
>Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
>Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or Microsoft Endpoint Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
>- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
>- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)

2
devices/surface/deploy-surface-app-with-windows-store-for-business.md
View File

@ -101,7 +101,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode
*Figure 4. Download the AppxBundle package for an app*
5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because youll need that later in this article.
6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like Microsoft Endpoint Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because youll need that later in this article.
>[!NOTE]

2
devices/surface/documentation/surface-system-sku-reference.md
View File

@ -43,7 +43,7 @@ You can also find the System SKU and System Model for a device in System Informa
- Click **Start** > **MSInfo32**.
### WMI
You can use System SKU variables in a Task Sequence WMI Condition in the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. For example:
You can use System SKU variables in a Task Sequence WMI Condition in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. For example:
- WMI Namespace Root\WMI
- WQL Query SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"

2
devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
View File

@ -23,7 +23,7 @@ Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on yo
If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://technet.microsoft.com/network/bb643147).
You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager.
## <a href="" id="download-peap--eap-fast--or-cisco-leap-installation-files--"></a>Download PEAP, EAP-FAST, or Cisco LEAP installation files

61
devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.date: 01/17/2020
ms.date: 01/30/2020
ms.reviewer: scottmca
ms.localizationpriority: medium
ms.audience: itpro
@ -58,12 +58,14 @@ To support Surface Laptop (1st Gen), import the following folders:
- SurfacePlatformInstaller\Drivers\System\GPIO
- SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
- SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
- SurfacePlatformInstaller\Drivers\System\PreciseTouch
Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\SerialIOGPIO
- SurfaceUpdate\SurfaceHidMiniDriver
- SurfaceUpdate\SurfaceSerialHubDriver
- SurfaceUpdate\Itouch
To support Surface Laptop 2, import the following folders:
@ -73,6 +75,7 @@ To support Surface Laptop 2, import the following folders:
- SurfacePlatformInstaller\Drivers\System\I2C
- SurfacePlatformInstaller\Drivers\System\SPI
- SurfacePlatformInstaller\Drivers\System\UART
- SurfacePlatformInstaller\Drivers\System\PreciseTouch
Or for newer MSI files beginning with "SurfaceUpdate", use:
@ -82,6 +85,7 @@ Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\IclSerialIOUART
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\Itouch
To support Surface Laptop 3 with Intel Processor, import the following folders:
@ -93,7 +97,57 @@ To support Surface Laptop 3 with Intel Processor, import the following folders:
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\SurfaceHotPlug
- SurfaceUpdate\Itouch
> [!NOTE]
> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.
To support Surface Laptop (1st Gen), import the following folders:
- SurfacePlatformInstaller\Drivers\System\GPIO
- SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
- SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
- SurfacePlatformInstaller\Drivers\System\PreciseTouch
Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\SerialIOGPIO
- SurfaceUpdate\SurfaceHidMiniDriver
- SurfaceUpdate\SurfaceSerialHubDriver
- SurfaceUpdate\Itouch
To support Surface Laptop 2, import the following folders:
- SurfacePlatformInstaller\Drivers\System\GPIO
- SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
- SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
- SurfacePlatformInstaller\Drivers\System\I2C
- SurfacePlatformInstaller\Drivers\System\SPI
- SurfacePlatformInstaller\Drivers\System\UART
- SurfacePlatformInstaller\Drivers\System\PreciseTouch
Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\SerialIOGPIO
- SurfaceUpdate\IclSerialIOI2C
- SurfaceUpdate\IclSerialIOSPI
- SurfaceUpdate\IclSerialIOUART
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\Itouch
To support Surface Laptop 3 with Intel Processor, import the following folders:
- SurfaceUpdate\IclSerialIOGPIO
- SurfaceUpdate\IclSerialIOI2C
- SurfaceUpdate\IclSerialIOSPI
- SurfaceUpdate\IclSerialIOUART
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\SurfaceHotPlug
- SurfaceUpdate\Itouch
> [!NOTE]
> For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder.
6. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
@ -113,7 +167,8 @@ To support Surface Laptop 3 with Intel Processor, import the following folders:
9. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
- For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list.
- For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.
- For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.
- For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder.
![Image that shows the regular Surface Laptop (1st Gen) drivers in the Surface Laptop folder of the Deployment Workbench](./images/surface-laptop-keyboard-5.png)

4
devices/surface/enroll-and-configure-surface-devices-with-semm.md
View File

@ -137,9 +137,9 @@ You can also verify that the device is enrolled in SEMM in Surface UEFI whil
## Configure Surface UEFI settings with SEMM
After a device is enrolled in SEMM, you can run Surface UEFI configuration packages signed with the same SEMM certificate to apply new Surface UEFI settings. These settings are applied automatically the next time the device boots, without any interaction from the user. You can use application deployment solutions like System Center Configuration Manager to deploy Surface UEFI configuration packages to Surface devices to change or manage the settings in Surface UEFI.
After a device is enrolled in SEMM, you can run Surface UEFI configuration packages signed with the same SEMM certificate to apply new Surface UEFI settings. These settings are applied automatically the next time the device boots, without any interaction from the user. You can use application deployment solutions like Microsoft Endpoint Configuration Manager to deploy Surface UEFI configuration packages to Surface devices to change or manage the settings in Surface UEFI.
For more information about how to deploy Windows Installer (.msi) files with Configuration Manager, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959).
For more information about how to deploy Windows Installer (.msi) files with Configuration Manager, see [Deploy and manage applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627959).
If you have secured Surface UEFI with a password, users without the password who attempt to boot to Surface UEFI will only have the **PC information**, **About**, **Enterprise management**, and **Exit** pages displayed to them.

5
devices/surface/ethernet-adapters-and-surface-device-deployment.md
View File

@ -29,13 +29,10 @@ Network deployment to Surface devices can pose some unique challenges for system
Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
> [!NOTE]
> PXE boot is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
The following Ethernet devices are supported for network boot with Surface devices:
- Surface USB-C to Ethernet and USB 3.0 Adapter

36
devices/surface/manage-surface-driver-and-firmware-updates.md
View File

@ -1,6 +1,6 @@
---
title: Manage Surface driver and firmware updates (Surface)
description: This article describes the available options to manage firmware and driver updates for Surface devices.
title: Manage and deploy Surface driver and firmware updates
description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices.
ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
ms.reviewer:
manager: dansimp
@ -14,7 +14,7 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.audience: itpro
ms.date: 10/21/2019
ms.date: 01/24/2020
---
# Manage and deploy Surface driver and firmware updates
@ -31,31 +31,37 @@ While enterprise-grade software distribution solutions continue to evolve, the b
Microsoft has streamlined tools for managing devices including driver and firmware updates -- into a single unified experience called [Microsoft Endpoint Manager admin center](https://devicemanagement.microsoft.com/) accessed from devicemanagement.microsoft.com.
### Manage updates with Endpoint Configuration Manager and Intune
### Manage updates with Configuration Manager and Intune
Endpoint Configuration Manager (formerly System Center Configuration Manager) allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
For detailed steps, see the following resources:
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
### Manage updates with Microsoft Deployment Toolkit
Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
Included in Microsoft Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
For detailed steps, see the following resources:
Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
For instructions on how to deploy updates by using Microsoft Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
**WindowsPE and Surface firmware and drivers**
System Center Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
Microsoft Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
### Microsoft Endpoint Configuration Manager
Starting in Microsoft Endpoint Configuration Manager, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
## Supported devices
Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
@ -88,11 +94,11 @@ Specific versions of Windows 10 have separate .msi files, each containing all re
### Downloading .msi files
1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center.
2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3. msi**.
2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3.msi**.
![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png)
*Figure 1. Downloading Surface updates*
![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png)
*Figure 1. Downloading Surface updates*
### Surface .msi naming convention
@ -138,8 +144,8 @@ This file name provides the following information:
## Learn more
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware)
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)

15
devices/surface/microsoft-surface-data-eraser.md
View File

@ -14,7 +14,7 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.audience: itpro
ms.date: 11/13/2019
ms.date: 02/06/2020
---
# Microsoft Surface Data Eraser
@ -83,7 +83,10 @@ After the creation tool is installed, follow these steps to create a Microsoft S
1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
>[!NOTE]
>For Surface Pro X devices, select **ARM64**. for other Surface devices, select **x64**.
3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
@ -153,8 +156,8 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
8. Click the **Yes** button to continue erasing data on the Surface device.
>[!NOTE]
>When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder.
>[!NOTE]
>When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder.
## Changes and updates
@ -222,8 +225,8 @@ This version of Microsoft Surface Data Eraser adds support for the following:
- Surface Pro 1TB
>[!NOTE]
>Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information.
>[!NOTE]
>Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information.
### Version 3.2.36.0

2
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -328,7 +328,7 @@ The **2 Create Windows Reference Image** task sequence is used to perform a
Like the **1 Deploy Microsoft Surface** task sequence, the **2 Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
>[!NOTE]
>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and Microsoft Endpoint Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
In addition to the information required by the **1 Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard.

2
devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
View File

@ -61,4 +61,4 @@ Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices,
Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option.
Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).
Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).

2
devices/surface/surface-diagnostic-toolkit-command-line.md
View File

@ -43,7 +43,7 @@ Command | Notes
>[!NOTE]
>To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organizations software distribution processes.
>To run the SDT app console remotely on target devices, you can use a configuration management tool such as Microsoft Endpoint Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organizations software distribution processes.
## Running Best Practice Analyzer

2
devices/surface/surface-dock-firmware-update.md
View File

@ -43,7 +43,7 @@ If preferred, you can manually complete the update as follows:
## Network deployment
You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using System Center Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent:
You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using Microsoft Endpoint Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent:
- **Msiexec.exe /i <name of msi> /quiet /norestart**

4
devices/surface/surface-enterprise-management-mode.md
View File

@ -25,7 +25,7 @@ Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devi
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
There are two administrative options you can use to manage SEMM and enrolled Surface devices a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
There are two administrative options you can use to manage SEMM and enrolled Surface devices a standalone tool or integration with Microsoft Endpoint Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with Microsoft Endpoint Configuration Manager, see [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
## Microsoft Surface UEFI Configurator
@ -124,7 +124,7 @@ These characters are the last two characters of the certificate thumbprint and s
>6. **All** or **Properties Only** must be selected in the **Show** drop-down menu.
>7. Select the field **Thumbprint**.
To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/itpro/surface/enroll-and-configure-surface-devices-with-semm).

2
devices/surface/surface-system-sku-reference.md
View File

@ -66,7 +66,7 @@ You can also find the System SKU and System Model for a device in **System Infor
1. Select **System Information**.
**Using the SKU in a task sequence WMI condition**
You can use the System SKU information in the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager as part of a task sequence WMI condition.
You can use the System SKU information in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager as part of a task sequence WMI condition.
``` powershell
- WMI Namespace Root\WMI

2
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -20,7 +20,7 @@ ms.audience: itpro
The Microsoft Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices lets administrators manage and help secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
For organizations with Endpoint Configuration Manager (formerly known as System Center Configuration Manager or SCCM), there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
For organizations with Microsoft Endpoint Configuration Manager there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
> [!Note]
> Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager.

6
devices/surface/wake-on-lan-for-surface-devices.md
View File

@ -18,7 +18,7 @@ ms.audience: itpro
# Wake On LAN for Surface devices
Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as Microsoft Endpoint Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using Microsoft Endpoint Configuration Manager during a window in the middle of the night, when the office is empty.
>[!NOTE]
>Surface devices must be connected to AC power and in Connected Standby (Sleep) to support WOL. WOL is not possible from devices that are in hibernation or powered off.
@ -51,7 +51,7 @@ The following devices are supported for WOL:
To enable WOL support on Surface devices, a specific driver for the Surface Ethernet adapter is required. This driver is not included in the standard driver and firmware pack for Surface devices you must download and install it separately. You can download the Surface WOL driver (SurfaceWOL.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as Microsoft Endpoint Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
> [!NOTE]
> During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
@ -89,7 +89,7 @@ The Surface WOL driver conforms to the WOL standard, whereby the device is woken
>[!NOTE]
>To send a magic packet and wake up a device by using WOL, you must know the MAC address of the target device and Ethernet adapter. Because the magic packet does not use the IP network protocol, it is not possible to use the IP address or DNS name of the device.
Many management solutions, such as System Center Configuration Manager, provide built-in support for WOL. There are also many solutions, including Microsoft Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
Many management solutions, such as Configuration Manager, provide built-in support for WOL. There are also many solutions, including Microsoft Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
>[!NOTE]
>After a device has been woken up with a magic packet, the device will return to sleep if an application is not actively preventing sleep on the system or if the AllowSystemRequiredPowerRequests registry key is not configured to 1, which allows applications to prevent sleep. See the [WOL driver](#wol-driver) section of this article for more information about this registry key.

4
devices/surface/windows-autopilot-and-surface-devices.md
View File

@ -13,7 +13,7 @@ ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
ms.date: 11/26/2019
ms.date: 02/06/2020
---
# Windows Autopilot and Surface devices
@ -42,7 +42,7 @@ Surface partners that are enabled for Windows Autopilot include:
- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp)
- [Atea](https://www.atea.com/)
- [Bechtle](https://www.bechtle.com/de-en)
- [Bechtle](https://www.bechtle.com/backend/cms/marken/microsoft/microsoft-windows-autopilot)
- [Cancom](https://www.cancom.de/)
- [CDW](https://www.cdw.com/)
- [Computacenter](https://www.computacenter.com/uk)

4
education/windows/chromebook-migration-guide.md
View File

@ -457,7 +457,7 @@ Table 5. Select on-premises AD DS, Azure AD, or hybrid
<td align="left">X</td>
</tr>
<tr class="odd">
<td align="left">Use System Center 2012 R2 Configuration Manager for management</td>
<td align="left">Use Microsoft Endpoint Configuration Manager for management</td>
<td align="left">X</td>
<td align="left"></td>
<td align="left">X</td>
@ -493,7 +493,7 @@ You may ask the question, “Why plan for device, user, and app management befor
Also, planning management before deployment is essential to being ready to support the devices as you deploy them. You want to have your management processes and technology in place when the first teachers, facility, or students start using their new Windows device.
Table 6 is a decision matrix that lists the device, user, and app management products and technologies and the features supported by each product or technology. The primary device, user, and app management products and technologies include Group Policy, System Center Configuration Manager, Intune, and the Microsoft Deployment Toolkit (MDT). Use this decision matrix to help you select the right combination of products and technologies for your plan.
Table 6 is a decision matrix that lists the device, user, and app management products and technologies and the features supported by each product or technology. The primary device, user, and app management products and technologies include Group Policy, Microsoft Endpoint Configuration Manager, Intune, and the Microsoft Deployment Toolkit (MDT). Use this decision matrix to help you select the right combination of products and technologies for your plan.
Table 6. Device, user, and app management products and technologies

162
education/windows/deploy-windows-10-in-a-school-district.md
View File

@ -1,6 +1,6 @@
---
title: Deploy Windows 10 in a school district (Windows 10)
description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use System Center Configuration Manager, Intune, and Group Policy to manage devices.
description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use Microsoft Endpoint Configuration Manager, Intune, and Group Policy to manage devices.
keywords: configure, tools, device, school district, deploy Windows 10
ms.prod: w10
ms.mktglfcycl: plan
@ -20,7 +20,7 @@ manager: dansimp
- Windows 10
This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft System Center Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you will perform after initial deployment as well as the automated tools and built-in features of the operating system.
This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Endpoint Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you will perform after initial deployment as well as the automated tools and built-in features of the operating system.
## Prepare for district deployment
@ -99,9 +99,9 @@ Now that you have the plan (blueprint) for your district and individual schools
The primary tool you will use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
You can use MDT as a stand-alone tool or integrate it with System Center Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with System Center Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as System Center Configuration Manager) but result in fully automated deployments.
You can use MDT as a stand-alone tool or integrate it with Microsoft Endpoint Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
This guide focuses on LTI deployments to deploy the reference device. You can use ZTI deployments with System Center Configuration Manager or LTI deployments to deploy the reference images to your faculty and student devices. If you want to only use MDT, see [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
This guide focuses on LTI deployments to deploy the reference device. You can use ZTI deployments with Configuration Manager or LTI deployments to deploy the reference images to your faculty and student devices. If you want to only use MDT, see [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
MDT includes the Deployment Workbench, a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
@ -109,11 +109,11 @@ LTI performs deployment from a *deployment share* — a network-shared folder on
The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
ZTI performs fully automated deployments using System Center Configuration Manager and MDT. Although you could use System Center Configuration Manager by itself, using System Center Configuration Manager with MDT provides an easier process for deploying operating systems. MDT works with the operating system deployment feature in System Center Configuration Manager.
ZTI performs fully automated deployments using Configuration Manager and MDT. Although you could use Configuration Manager by itself, using Configuration Manager with MDT provides an easier process for deploying operating systems. MDT works with the operating system deployment feature in Configuration Manager.
The configuration process requires the following devices:
* **Admin device.** This is the device you use for your day-to-day job functions. Its also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the System Center Configuration Manager Console on this device.
* **Admin device.** This is the device you use for your day-to-day job functions. Its also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the Configuration Manager Console on this device.
* **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all).
* **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
@ -133,7 +133,7 @@ The high-level process for deploying and configuring devices within individual c
6. On the reference devices, deploy Windows 10 and the Windows desktop apps on the device, and then capture the reference image from the devices.
7. Import the captured reference images into MDT or System Center Configuration Manager.
7. Import the captured reference images into MDT or Microsoft Endpoint Configuration Manager.
8. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
@ -160,9 +160,9 @@ Before you select the deployment and management methods, you need to review the
|Scenario feature |Cloud-centric|On-premises and cloud|
|---|---|---|
|Identity management | Azure AD (stand-alone or integrated with on-premises AD DS) | AD DS integrated with Azure AD |
|Windows 10 deployment | MDT only | System Center Configuration Manager with MDT |
|Windows 10 deployment | MDT only | Microsoft Endpoint Configuration Manager with MDT |
|Configuration setting management | Intune | Group Policy<br/><br/>Intune|
|App and update management | Intune |System Center Configuration Manager<br/><br/>Intune|
|App and update management | Intune |Microsoft Endpoint Configuration Manager<br/><br/>Intune|
*Table 1. Deployment and management scenarios*
@ -174,14 +174,14 @@ These scenarios assume the need to support:
Some constraints exist in these scenarios. As you select the deployment and management methods for your device, keep the following constraints in mind:
* You can use Group Policy or Intune to manage configuration settings on a device but not both.
* You can use System Center Configuration Manager or Intune to manage apps and updates on a device but not both.
* You can use Microsoft Endpoint Configuration Manager or Intune to manage apps and updates on a device but not both.
* You cannot manage multiple users on a device with Intune if the device is AD DS domain joined.
Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
### Select the deployment methods
To deploy Windows 10 and your apps, you can use MDT by itself or System Center Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
<table>
<colgroup>
@ -230,8 +230,8 @@ Select this method when you:</p>
</tr>
<tr>
<td valign="top">System Center Configuration Manager</td>
<td><p>System Center Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use System Center Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection.<br/><br/>
<td valign="top">Microsoft Endpoint Configuration Manager</td>
<td><p>Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Microsoft Store apps and software updates as well as provide antivirus and antimalware protection.<br/><br/>
Select this method when you:</p>
<ul>
<li>Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined).</li>
@ -249,7 +249,7 @@ Select this method when you:</p>
</ul>
<p>The disadvantages of this method are that it:</p>
<ul>
<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
<li>Carries an additional cost for Microsoft Endpoint Configuration Manager server licenses (if the institution does not have Configuration Manager already).</li>
<li>Can deploy Windows 10 only to domain-joined (institution-owned devices).</li>
<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
</ul>
@ -265,7 +265,7 @@ Record the deployment methods you selected in Table 3.
|Selection | Deployment method|
|--------- | -----------------|
| |MDT by itself |
| |System Center Configuration Manager and MDT|
| |Microsoft Endpoint Configuration Manager and MDT|
*Table 3. Deployment methods selected*
@ -320,7 +320,7 @@ Select this method when you:</p>
<tr>
<td valign="top">Intune</td>
<td><p>Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.<br/><br/>
Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with System Center Configuration Manager is unavailable.<br/><br/>
Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with Configuration Manager is unavailable.<br/><br/>
Select this method when you:</p>
<ul>
@ -364,7 +364,7 @@ Record the configuration setting management methods you selected in Table 5. Alt
#### Select the app and update management products
For a district, there are many ways to manage apps and software updates. Table 6 lists the products that this guide describes and recommends. Although you could manage updates by using [Windows Updates or Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx), you still need to use System Center Configuration Manager or Intune to manage apps. Therefore, it only makes sense to use one or both of these tools for update management.
For a district, there are many ways to manage apps and software updates. Table 6 lists the products that this guide describes and recommends. Although you could manage updates by using [Windows Updates or Windows Server Update Services (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx), you still need to Configuration Manager or Intune to manage apps. Therefore, it only makes sense to use one or both of these tools for update management.
Use the information in Table 6 to determine which combination of app and update management products is right for your district.
@ -382,10 +382,10 @@ Use the information in Table 6 to determine which combination of app and update
<tbody>
<tr>
<td valign="top">System Center Configuration Manager</td>
<td><p>System Center Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.<br/><br/>System Center Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using System Center Configuration Manager. You can also manage Windows desktop and Microsoft Store applications.<br/><br/>Select this method when you:</p>
<td valign="top">Microsoft Endpoint Configuration Manager</td>
<td><p>Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.<br/><br/>Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager. You can also manage Windows desktop and Microsoft Store applications.<br/><br/>Select this method when you:</p>
<ul>
<li>Selected System Center Configuration Manager to deploy Windows 10.</li>
<li>Selected Configuration Manager to deploy Windows 10.</li>
<li>Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).</li>
<li>Want to manage AD DS domain-joined devices.</li>
<li>Have an existing AD DS infrastructure.</li>
@ -404,7 +404,7 @@ Use the information in Table 6 to determine which combination of app and update
</ul>
<p>The disadvantages of this method are that it:</p>
<ul>
<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
<li>Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).</li>
<li>Carries an additional cost for Windows Server licenses and the corresponding server hardware.</li>
<li>Can only manage domain-joined (institution-owned devices).</li>
<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
@ -441,12 +441,12 @@ Select this method when you:</p>
</tr>
<tr>
<td valign="top">System Center Configuration Manager and Intune (hybrid)</td>
<td><p>System Center Configuration Manager and Intune together extend System Center Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both System Center Configuration Manager and Intune.<br/><br/>
System Center Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using System Center Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.<br/><br/>
<td valign="top">Microsoft Endpoint Configuration Manager and Intune (hybrid)</td>
<td><p>Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.<br/><br/>
Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.<br/><br/>
Select this method when you:</p>
<ul>
<li>Selected System Center Configuration Manager to deploy Windows 10.</li>
<li>Selected Microsoft Endpoint Configuration Manager to deploy Windows 10.</li>
<li>Want to manage institution-owned and personal devices (does not require that the device be domain joined).</li>
<li>Want to manage domain-joined devices.</li>
<li>Want to manage Azure AD domain-joined devices.</li>
@ -466,7 +466,7 @@ Select this method when you:</p>
</ul>
<p>The disadvantages of this method are that it:</p>
<ul>
<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
<li>Carries an additional cost for Configuration Manager server licenses (if the institution does not have Configuration Manager already).</li>
<li>Carries an additional cost for Windows Server licenses and the corresponding server hardware.</li>
<li>Carries an additional cost for Intune subscription licenses.</li>
<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
@ -483,9 +483,9 @@ Record the app and update management methods that you selected in Table 7.
|Selection | Management method|
|----------|------------------|
| |System Center Configuration Manager by itself|
| |Microsoft Endpoint Configuration Manager by itself|
| |Intune by itself|
| |System Center Configuration Manager and Intune (hybrid mode)|
| |Microsoft Endpoint Configuration Manager and Intune (hybrid mode)|
*Table 7. App and update management methods selected*
@ -526,19 +526,19 @@ For more information about how to create a deployment share, see [Step 3-1: Crea
### Install the Configuration Manager console
>**Note**&nbsp;&nbsp;If you selected System Center Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
>**Note**&nbsp;&nbsp;If you selected Microsoft Endpoint Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
You can use System Center Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage System Center Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage System Center Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install System Center Configuration Manager primary site servers.
You can use Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install Configuration Manager primary site servers.
For more information about how to install the Configuration Manager console, see [Install System Center Configuration Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
For more information about how to install the Configuration Manager console, see [Install Microsoft Endpoint Configuration Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
### Configure MDT integration with the Configuration Manager console
>**Note**&nbsp;&nbsp;If you selected MDT only to deploy Windows 10 and your apps (and not System Center Configuration Manager) in the [Select the deployment methods](#select-the-deployment-methods) section, then skip this section and continue to the next.
>**Note**&nbsp;&nbsp;If you selected MDT only to deploy Windows 10 and your apps (and not Microsoft Endpoint Configuration Manager) in the [Select the deployment methods](#select-the-deployment-methods) section, then skip this section and continue to the next.
You can use MDT with System Center Configuration Manager to make ZTI operating system deployment easier. To configure MDT integration with System Center Configuration Manager, run the Configure ConfigMgr Integration Wizard. This wizard is installed when you install MDT.
You can use MDT with Configuration Manager to make ZTI operating system deployment easier. To configure MDT integration with Configuration Manager, run the Configure ConfigMgr Integration Wizard. This wizard is installed when you install MDT.
In addition to the admin device, run the Configure ConfigMgr Integration Wizard on each device that runs the Configuration Manager console to ensure that all Configuration Manager console installation can use the power of MDTSystem Center Configuration Manager integration.
In addition to the admin device, run the Configure ConfigMgr Integration Wizard on each device that runs the Configuration Manager console to ensure that all Configuration Manager console installation can use the power of MDTConfiguration Manager integration.
For more information, see [Enable Configuration Manager Console Integration for Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#EnableConfigurationManagerConsoleIntegrationforConfigurationManager).
@ -1077,7 +1077,7 @@ At the end of this section, you should know the Windows 10 editions and processo
## Prepare for deployment
Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and System Center Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Endpoint Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
### Configure the MDT deployment share
@ -1120,7 +1120,7 @@ Import device drivers for each device in your institution. For more information
<li>For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.</li>
</ul>
<br/>If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Microsoft Store or Microsoft Store for Business.<br/><br/>
If you have Intune or System Center Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the <a href="#deploy-and-manage-apps-by-using-intune" data-raw-source="[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)">Deploy and manage apps by using Intune</a> and <a href="#deploy-and-manage-apps-by-using-system-center-configuration-manager" data-raw-source="[Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager)">Deploy and manage apps by using System Center Configuration Manager</a> sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.<br/><br/>
If you have Intune or Microsoft Endpoint Configuration Manager, you can deploy Microsoft Store apps after you deploy Windows 10, as described in the <a href="#deploy-and-manage-apps-by-using-intune" data-raw-source="[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)">Deploy and manage apps by using Intune</a> and <a href="#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager" data-raw-source="[Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)">Deploy and manage apps by using Microsoft Endpoint Configuration Manager</a> sections. This method provides granular deployment of Microsoft Store apps, and you can use it for ongoing management of Microsoft Store apps. This is the preferred method of deploying and managing Microsoft Store apps.<br/><br/>
In addition, you must prepare your environment for sideloading Microsoft Store apps. For more information about how to:<br/><br/>
<ul>
<li>Prepare your environment for sideloading, see <a href="https://technet.microsoft.com/windows/jj874388.aspx" data-raw-source="[Try it out: sideload Microsoft Store apps](https://technet.microsoft.com/windows/jj874388.aspx)">Try it out: sideload Microsoft Store apps</a>.</li>
@ -1171,38 +1171,38 @@ For more information about how to update a deployment share, see <a href="https:
*Table 16. Tasks to configure the MDT deployment share*
### Configure System Center Configuration Manager
### Configure Microsoft Endpoint Configuration Manager
>**Note**&nbsp;&nbsp;If you have already configured your System Center Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
>**Note**&nbsp;&nbsp;If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
Before you can use System Center Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure System Center Configuration Manager to support the operating system deployment feature. If you dont have an existing System Center Configuration Manager infrastructure, you will need to deploy a new infrastructure.
Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you dont have an existing Configuration Manager infrastructure, you will need to deploy a new infrastructure.
Deploying a new System Center Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new System Center Configuration Manager infrastructure:
Deploying a new Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new Configuration Manager infrastructure:
* [Get ready for System Center Configuration Manager](https://technet.microsoft.com/library/mt608540.aspx)
* [Start using System Center Configuration Manager](https://technet.microsoft.com/library/mt608544.aspx)
* [Get ready for Configuration Manager](https://technet.microsoft.com/library/mt608540.aspx)
* [Start using Configuration Manager](https://technet.microsoft.com/library/mt608544.aspx)
#### To configure an existing System Center Configuration Manager infrastructure for operating system deployment
#### To configure an existing Microsoft Endpoint Configuration Manager infrastructure for operating system deployment
1. Perform any necessary infrastructure remediation.
Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in System Center Configuration Manager](https://technet.microsoft.com/library/mt627936.aspx).
Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627936.aspx).
2. Add the Windows PE boot images, Windows 10 operating systems, and other content.
You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
You can add this content by using System Center Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
You can add this content by using Microsoft Endpoint Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
3. Add device drivers.
You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
Create a System Center Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in System Center Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
Create a Microsoft Endpoint Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
4. Add Windows apps.
Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
Create a System Center Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx).
Create a Configuration Manager application for each Windows desktop or Microsoft Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx).
### Configure Window Deployment Services for MDT
@ -1226,13 +1226,13 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices).
### Configure Window Deployment Services for System Center Configuration Manager
### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
>**Note**&nbsp;&nbsp;If you have already configured your System Center Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
>**Note**&nbsp;&nbsp;If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
You can use Windows Deployment Services in conjunction with System Center Configuration to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
#### To configure Windows Deployment Services for System Center Configuration Manager
#### To configure Windows Deployment Services for Microsoft Endpoint Configuration Manager
1. Set up and configure Windows Deployment Services.
@ -1243,29 +1243,29 @@ You can use Windows Deployment Services in conjunction with System Center Config
* The Windows Deployment Services Help file, included in Windows Deployment Services
* [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx)
2. Configure a distribution point to accept PXE requests in System Center Configuration Manager.
2. Configure a distribution point to accept PXE requests in Configuration Manager.
To support PXE boot requests, you install the PXE service point site system role. Then, you must configure one or more distribution points to respond to PXE boot request.
For more information about how to perform this step, see [Install site system roles for System Center Configuration Manager](https://technet.microsoft.com/library/mt704036.aspx), [Use PXE to deploy Windows over the network with System Center Configuration Manager](https://technet.microsoft.com/library/mt627940.aspx), and [Configuring distribution points to accept PXE requests](https://technet.microsoft.com/library/mt627944.aspx#BKMK_PXEDistributionPoint).
For more information about how to perform this step, see [Install site system roles for Configuration Manager](https://technet.microsoft.com/library/mt704036.aspx), [Use PXE to deploy Windows over the network with Configuration Manager](https://technet.microsoft.com/library/mt627940.aspx), and [Configuring distribution points to accept PXE requests](https://technet.microsoft.com/library/mt627944.aspx#BKMK_PXEDistributionPoint).
3. Configure the appropriate boot images (Windows PE images) to deploy from the PXE-enabled distribution point.
Before a device can start a boot image from a PXE-enabled distribution point, you must change the properties of the boot image to enable PXE booting. Typically, you create this boot image when you created your MDT task sequence in the Configuration Manager console.
For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](https://technet.microsoft.com/library/mt627946.aspx#BKMK_BootImagePXE) and [Manage boot images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627946.aspx).
For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](https://technet.microsoft.com/library/mt627946.aspx#BKMK_BootImagePXE) and [Manage boot images with Configuration Manager](https://technet.microsoft.com/library/mt627946.aspx).
#### Summary
Your MDT deployment share and System Center Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for System Center Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and System Center Configuration Manager). Now, youre ready to capture the reference images for the different devices you have in your district.
Your MDT deployment share and Microsoft Endpoint Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, youre ready to capture the reference images for the different devices you have in your district.
## Capture the reference image
The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Office 365 ProPlus if you selected that student license plan.
After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into System Center Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
You will capture multiple reference images, one for each type of device that you have in your organization. You perform the steps in this section for each image (device) that you have in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
>**Note**&nbsp;&nbsp;You can use LTI in MDT or System Center Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
>**Note**&nbsp;&nbsp;You can use LTI in MDT or Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
### Customize the MDT deployment share
@ -1317,14 +1317,14 @@ In most instances, deployments occur without incident. Only in rare occasions do
### Import reference image
After you have captured the reference image (.wim file), import the image into the MDT deployment share or into System Center Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You will deploy the reference image to the student and faculty devices in your district.
After you have captured the reference image (.wim file), import the image into the MDT deployment share or into Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You will deploy the reference image to the student and faculty devices in your district.
Both the Deployment Workbench and the Configuration Manager console have wizards that help you import the reference image. After you import the reference image, you need to create a task sequence that will deploy the reference image.
For more information about how to import the reference image into:
* An MDT deployment share, see [Import a Previously Captured Image of a Reference Computer](https://technet.microsoft.com/library/dn759415.aspx#ImportaPreviouslyCapturedImageofaReferenceComputer).
* System Center Configuration Manager, see [Manage operating system images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627939.aspx) and [Customize operating system images with System Center Configuration Manager](https://technet.microsoft.com/library/mt627938.aspx).
* Microsoft Endpoint Configuration Manager, see [Manage operating system images with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627939.aspx) and [Customize operating system images with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627938.aspx).
### Create a task sequence to deploy the reference image
@ -1335,22 +1335,22 @@ As you might expect, both the Deployment Workbench and the Configuration Manager
For more information about how to create a task sequence in the:
* Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
* Configuration Manager console, see [Create a task sequence to install an operating system in System Center Configuration Manager](https://technet.microsoft.com/library/mt627927.aspx).
* Configuration Manager console, see [Create a task sequence to install an operating system in Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627927.aspx).
#### Summary
In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or System Center Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, youre ready to deploy Windows 10 and your apps to your devices.
In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or Microsoft Endpoint Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, youre ready to deploy Windows 10 and your apps to your devices.
## Prepare for device management
Before you deploy Windows 10 in your district, you must prepare for device management. You will deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
You also want to deploy apps and software updates after you deploy Windows 10. You need to manage apps and updates by using System Center Configuration Manager, Intune, or a combination of both (hybrid model).
You also want to deploy apps and software updates after you deploy Windows 10. You need to manage apps and updates by using Configuration Manager, Intune, or a combination of both (hybrid model).
### Select Microsoft-recommended settings
Microsoft has several recommended settings for educational institutions. Table 17 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 17 and evaluate their relevancy to your institution.
>**Note**&nbsp;&nbsp;The settings for Intune in Table 17 also apply to the System Center Configuration Manager and Intune management (hybrid) method.
>**Note**&nbsp;&nbsp;The settings for Intune in Table 17 also apply to the Configuration Manager and Intune management (hybrid) method.
Use the information in Table 17 to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
@ -1499,7 +1499,7 @@ For more information about Intune, see [Microsoft Intune Documentation](https://
### Deploy and manage apps by using Intune
If you selected to deploy and manage apps by using System Center Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager) section.
If you selected to deploy and manage apps by using Microsoft Endpoint Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or that another solution manages.
@ -1511,21 +1511,21 @@ For more information about how to configure Intune to manage your apps, see the
- [Protect apps and data with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/protect-apps-and-data-with-microsoft-intune)
- [Help protect your data with full or selective wipe using Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune)
### Deploy and manage apps by using System Center Configuration Manager
### Deploy and manage apps by using Microsoft Endpoint Configuration Manager
You can use System Center Configuration Manager to deploy Microsoft Store and Windows desktop apps. System Center Configuration Manager allows you to create a System Center Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a System Center Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
You can use Microsoft Endpoint Configuration Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
>**Note**&nbsp;&nbsp;When you configure System Center Configuration Manager and Intune in a hybrid model, you deploy apps by using System Center Configuration manager as described in this section.
>**Note**&nbsp;&nbsp;When you configure Configuration Manager and Intune in a hybrid model, you deploy apps by using Configuration Manager as described in this section.
System Center Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory.
Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory.
For more information about how to configure System Center Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx).
For more information about how to configure Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with Configuration Manager](https://technet.microsoft.com/library/mt627959.aspx).
### Manage updates by using Intune
If you selected to manage updates by using System Center Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Manage updates by using System Center Configuration Manager](#manage-updates-by-using-system-center-configuration-manager) section.
If you selected to manage updates by using Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Manage updates by using Microsoft Endpoint Configuration Manager](#manage-updates-by-using-microsoft-endpoint-configuration-manager) section.
To help ensure that your users have the most current features and security protection, keep Windows 10 and your apps current with updates. To configure Windows 10 and app updates, use the **Updates** workspace in Intune.
@ -1536,19 +1536,19 @@ For more information about how to configure Intune to manage updates and malware
- [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune)
- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
### Manage updates by using System Center Configuration Manager
### Manage updates by using Microsoft Endpoint Configuration Manager
To ensure that your users have the most current features and security protection, use the software updates feature in System Center Configuration Manager to manage updates. The software updates feature works in conjunction with WSUS to manage updates for Windows 10 devices.
To ensure that your users have the most current features and security protection, use the software updates feature in Configuration Manager to manage updates. The software updates feature works in conjunction with WSUS to manage updates for Windows 10 devices.
You configure the software updates feature to manage updates for specific versions of Windows and apps. Then, the software updates feature obtains the updates from Windows Updates by using the WSUS server in your environment. This integration provides greater granularity of control over updates and more specific targeting of updates to users and devices (compared to WSUS alone or Intune alone), which allows you to ensure that the right user or device gets the right updates.
>**Note**&nbsp;&nbsp;When you configure System Center Configuration Manager and Intune in a hybrid model, you use System Center Configuration manager to manage updates as described in this section.
>**Note**&nbsp;&nbsp;When you configure Configuration Manager and Intune in a hybrid model, you use Configuration manager to manage updates as described in this section.
For more information about how to configure System Center Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in System Center Configuration Manager](https://technet.microsoft.com/library/mt634340.aspx).
For more information about how to configure Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in Configuration Manager](https://technet.microsoft.com/library/mt634340.aspx).
#### Summary
In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or System Center Configuration Manager to manage your apps. Finally, you configured Intune or System Center Configuration Manager to manage software updates for Windows 10 and your apps.
In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Endpoint Configuration Manager to manage your apps. Finally, you configured Intune or Microsoft Endpoint Configuration Manager to manage software updates for Windows 10 and your apps.
## Deploy Windows 10 to devices
@ -1561,8 +1561,8 @@ Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these
|Task| |
|----|----|
|1. |Ensure that the target devices have sufficient system resources to run Windows 10.|
|2. |Identify the necessary devices drivers, and then import them into the MDT deployment share or System Center Configuration Manager.|
|3. |For each Microsoft Store and Windows desktop app, create an MDT application or System Center Configuration Manager application.|
|2. |Identify the necessary devices drivers, and then import them into the MDT deployment share or Microsoft Endpoint Configuration Manager.|
|3. |For each Microsoft Store and Windows desktop app, create an MDT application or Configuration Manager application.|
|4. |Notify the students and faculty about the deployment.|
*Table 18. Deployment preparation checklist*
@ -1692,7 +1692,7 @@ For more information about completing this task, see the “How do I find and re
For more information, see:
<ul>
<li><a href="#manage-updates-by-using-intune" data-raw-source="[Manage updates by using Intune](#manage-updates-by-using-intune)">Manage updates by using Intune</a></li>
<li><a href="#manage-updates-by-using-system-center-configuration-manager" data-raw-source="[Manage updates by using System Center Configuration Manager](#manage-updates-by-using-system-center-configuration-manager)">Manage updates by using System Center Configuration Manager</a></li>
<li><a href="#manage-updates-by-using-microsoft-endpoint-configuration-manager" data-raw-source="[Manage updates by using Microsoft Endpoint Configuration Manager](#manage-updates-by-using-microsoft-endpoint-configuration-manager)">Manage updates by using Microsoft Endpoint Configuration Manager</a></li>
</ul>
</td>
<td>x</td>
@ -1728,7 +1728,7 @@ For more information about completing this task, see the following resources:
For more information, see:
<ul>
<li><a href="#deploy-and-manage-apps-by-using-intune" data-raw-source="[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)">Deploy and manage apps by using Intune</a></li>
<li><a href="#deploy-and-manage-apps-by-using-system-center-configuration-manager" data-raw-source="[Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager)">Deploy and manage apps by using System Center Configuration Manager</a></li>
<li><a href="#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager" data-raw-source="[Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)">Deploy and manage apps by using Microsoft Endpoint Configuration Manager</a></li>
</ul>
</td>
<td></td>
@ -1739,10 +1739,10 @@ For more information, see:
<tr>
<td>Install new or update existing Microsoft Store apps used in the curriculum.<br/><br/>
Microsoft Store apps are automatically updated from Microsoft Store. The menu bar in the Microsoft Store app shows whether any Microsoft Store app updates are available for download.<br/><br/>
You can also deploy Microsoft Store apps directly to devices by using Intune, System Center Configuration Manager, or both in a hybrid configuration. For more information, see:
You can also deploy Microsoft Store apps directly to devices by using Intune, Microsoft Endpoint Configuration Manager, or both in a hybrid configuration. For more information, see:
<ul>
<li><a href="#deploy-and-manage-apps-by-using-intune" data-raw-source="[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)">Deploy and manage apps by using Intune</a></li>
<li><a href="#deploy-and-manage-apps-by-using-system-center-configuration-manager" data-raw-source="[Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager)">Deploy and manage apps by using System Center Configuration Manager</a></li>
<li><a href="#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager" data-raw-source="[Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager)">Deploy and manage apps by using Microsoft Endpoint Configuration Manager</a></li>
</ul>
</td>
<td></td>

2
education/windows/deploy-windows-10-in-a-school.md
View File

@ -88,7 +88,7 @@ Now that you have the plan (blueprint) for your classroom, youre ready to lea
The primary tool you will use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
You can use MDT as a stand-alone tool or integrate it with Microsoft System Center Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with System Center Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as System Center Configuration Manager) but result in fully automated deployments.
You can use MDT as a stand-alone tool or integrate it with Microsoft Endpoint Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as Configuration Manager) but result in fully automated deployments.
MDT includes the Deployment Workbench—a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps and migration of user settings on existing devices.

2
education/windows/take-a-test-multiple-pcs.md
View File

@ -28,7 +28,7 @@ Follow the guidance in this topic to set up Take a Test on multiple PCs.
To configure a dedicated test account on multiple PCs, select any of the following methods:
- [Provisioning package created through the Set up School PCs app](#set-up-a-test-account-in-the-set-up-school-pcs-app)
- [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education)
- [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
- [Mobile device management (MDM) or Microsoft Endpoint Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
- [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer)
- [Group Policy to deploy a scheduled task that runs a Powershell script](https://docs.microsoft.com/education/windows/take-a-test-multiple-pcs#create-a-scheduled-task-in-group-policy)

2
education/windows/take-tests-in-windows-10.md
View File

@ -48,7 +48,7 @@ There are several ways to configure devices for assessments. You can:
- **For multiple PCs**
You can use any of these methods:
- Mobile device management (MDM) or Microsoft System Center Configuration Manager
- Mobile device management (MDM) or Microsoft Endpoint Configuration Manager
- A provisioning package created in Windows Configuration Designer
- Group Policy to deploy a scheduled task that runs a Powershell script

8
mdop/agpm/resources-for-agpm.md
View File

@ -19,19 +19,19 @@ ms.date: 08/30/2016
### Documents for download
- [Advanced Group Policy Management 4.0 documents](https://go.microsoft.com/fwlink/?LinkID=158931)
- [Advanced Group Policy Management 4.0 documents](https://www.microsoft.com/download/details.aspx?id=13975)
### Microsoft Desktop Optimization Pack resources
- [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](https://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
- [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](https://go.microsoft.com/fwlink/?LinkID=159870) (https://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
- [Enterprise products: MDOP](https://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP.
### Group Policy resources
- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkID=145531) (http://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkID=145531) (https://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
- [Group Policy Team Blog](https://go.microsoft.com/fwlink/?LinkID=75192) (http://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
- [Group Policy Team Blog](https://go.microsoft.com/fwlink/?LinkID=75192) (https://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
- [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts.

2
mdop/appv-v4/about-microsoft-application-virtualization-45.md
View File

@ -27,7 +27,7 @@ Formerly known as SoftGrid Application Virtualization, Microsoft Application Vir
2. Application Virtualization Streaming Server, a lightweight version which also ships as part of the Microsoft Desktop Optimization Pack and Microsoft Application Virtualization for Remote Desktop Services packages, offers application streaming including package and active upgrades without the Active Directory Domain Services and database overheads, and enables administrators to deploy to existing servers or add streaming to Electronic Software Delivery (ESD) systems.
3. Standalone mode enables virtual applications to run without streaming and is interoperable with Microsoft Systems Management Server and System Center Configuration Manager 2007 and third-party ESD systems.
3. Standalone mode enables virtual applications to run without streaming and is interoperable with Microsoft Endpoint Configuration Manager and third-party ESD systems.
- Globalization: The product is localized across 11 languages, includes support for foreign language applications that use special characters, and supports foreign language Active Directory and servers and runtime locale detection.

2
mdop/appv-v4/app-v-upgrade-checklist.md
View File

@ -69,7 +69,7 @@ Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or
- Any virtual application packages sequenced in version 4.2 will not have to be sequenced again for use with version 4.5. However, you should consider upgrading the virtual packages to the Microsoft Application Virtualization 4.5 format if you want to apply default access control lists (ACLs) or generate a Windows Installer file. This is a simple process and requires only that the existing virtual application package be opened and saved with the App-V 4.5 Sequencer. This can be automated by using the App-VSequencer command-line interface. For more information, see [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md)
- One of the features of the 4.5 Sequencer is the ability to create Windows Installer (.msi) files as control points for virtual application package interoperability with electronic software distribution (ESD) systems, such as Microsoft System Center Configuration Manager 2007. Previous Windows Installer files created with the MSI tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 client that is subsequently upgraded to App-V 4.5 will continue to work, although they cannot be installed on the App-V 4.5 client. However, they cannot be removed or upgraded unless they are upgraded in the App-V 4.5 Sequencer. The original App-V package earlier than 4.5 has to be opened in the App-V 4.5 Sequencer and then saved as a Windows Installer File.
- One of the features of the 4.5 Sequencer is the ability to create Windows Installer (.msi) files as control points for virtual application package interoperability with electronic software distribution (ESD) systems, such as Microsoft Endpoint Configuration Manager. Previous Windows Installer files created with the MSI tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 client that is subsequently upgraded to App-V 4.5 will continue to work, although they cannot be installed on the App-V 4.5 client. However, they cannot be removed or upgraded unless they are upgraded in the App-V 4.5 Sequencer. The original App-V package earlier than 4.5 has to be opened in the App-V 4.5 Sequencer and then saved as a Windows Installer File.
**Note**
If the App-V 4.2 Client has already been upgraded to App-V 4.5, it is possible to script a workaround to preserve the version 4.2 packages on version 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key:\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]:

2
mdop/appv-v4/determine-your-streaming-method.md
View File

@ -24,7 +24,7 @@ The first time that a user double-clicks the icon that has been placed on a comp
The streaming source location is usually a server that is accessible by the users computer; however, some electronic distribution systems, such as Microsoft System Center Configuration Manager, can distribute the SFT file to the users computer and then stream the virtual application package locally from that computers cache.
The streaming source location is usually a server that is accessible by the users computer; however, some electronic distribution systems, such as Microsoft Endpoint Configuration Manager, can distribute the SFT file to the users computer and then stream the virtual application package locally from that computers cache.
**Note**  
A streaming source location for virtual packages can be set up on a computer that is not a server. This is especially useful in a small branch office that has no server.

2
mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
View File

@ -20,7 +20,7 @@ ms.date: 08/30/2016
If you plan to use an electronic software distribution (ESD) solution to deploy virtual applications, it is important to understand the factors that go into and are affected by that decision. This topic describes the benefits of using an ESD-based scenario and provides information about the publishing and package streaming methods that you will need to consider as you proceed with your deployment.
**Important**  
Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at <https://go.microsoft.com/fwlink/?LinkId=66999>.
Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using Microsoft Endpoint Configuration Manager, see the Configuration Manager documentation at <https://go.microsoft.com/fwlink/?LinkId=66999>.

2
mdop/appv-v4/overview-of-application-virtualization.md
View File

@ -21,7 +21,7 @@ Microsoft Application Virtualization (App-V) can make applications available to
The App-V client is the feature that lets the end user interact with the applications after they have been published to the computer. The client manages the virtual environment in which the virtualized applications run on each computer. After the client has been installed on a computer, the applications must be made available to the computer through a process known as *publishing*, which enables the end user to run the virtual applications. The publishing process copies the virtual application icons and shortcuts to the computer—typically on the Windows desktop or on the **Start** menu—and also copies the package definition and file type association information to the computer. Publishing also makes the application package content available to the end users computer.
The virtual application package content can be copied onto one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be copied directly to the end users computer—for example, if you are using an electronic software distribution system, such as Microsoft System Center Configuration Manager 2007. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications available to end users located all over the world. Managing the packages to ensure that the appropriate applications are available to all users where and when they need access to them is therefore an important requirement.
The virtual application package content can be copied onto one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be copied directly to the end users computer—for example, if you are using an electronic software distribution system, such as Microsoft Endpoint Configuration Manager. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications available to end users located all over the world. Managing the packages to ensure that the appropriate applications are available to all users where and when they need access to them is therefore an important requirement.
## Microsoft Application Virtualization System Features

2
mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md
View File

@ -21,7 +21,7 @@ Microsoft Application Virtualization Management provides the capability to make
The Application Virtualization Client is the Application Virtualization system component that enables the end user to interact with the applications after they have been published to the computer. The client manages the virtual environment in which the virtualized applications run on each computer. After the client has been installed on a computer, the applications must be made available to the computer through a process known as *publishing*, which enables the end user to run the virtual applications. The publishing process places the virtual application icons and shortcuts on the computer—typically on the Windows desktop or on the **Start** menu—and also places the package definition and file type association information on the computer. Publishing also makes the application package content available to the end users computer.
The virtual application package content can be placed on one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be placed directly on the end users computer—for example, if you are using an electronic software distribution system, such as Microsoft System Center Configuration Manager 2007. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications accessible to end users located all over the world. Managing the packages to ensure that the right applications are available to all users where and when they need access to them is therefore an essential requirement.
The virtual application package content can be placed on one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be placed directly on the end users computer—for example, if you are using an electronic software distribution system, such as Microsoft Endpoint Configuration Manager. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications accessible to end users located all over the world. Managing the packages to ensure that the right applications are available to all users where and when they need access to them is therefore an essential requirement.
The Application Virtualization Planning and Deployment Guide provides information to help you better understand and deploy the Microsoft Application Virtualization application and its components. It also provides step-by-step procedures for implementing the key deployment scenarios.

2
mdop/appv-v4/planning-for-migration-from-previous-versions.md
View File

@ -186,7 +186,7 @@ The following table lists which client versions will run packages created by usi
## Additional Migration Considerations
One of the features of the App-V 4.5 Sequencer is the ability to create Windows Installer files (.msi) as control points for virtual application package interoperability with electronic software distribution (ESD) systems such as Microsoft System Center Configuration Manager. Previous Windows Installer files created with the .msi tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 Client that is subsequently upgraded to 4.5 continue to work, although they cannot be installed on the 4.5 Client. However, they cannot be removed or upgraded unless they are upgraded in the 4.5 Sequencer. The original pre-4.5 virtual application package would need to be opened in the 4.5 Sequencer and then saved as a Windows Installer File.
One of the features of the App-V 4.5 Sequencer is the ability to create Windows Installer files (.msi) as control points for virtual application package interoperability with electronic software distribution (ESD) systems such as Microsoft Endpoint Configuration Manager. Previous Windows Installer files created with the .msi tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 Client that is subsequently upgraded to 4.5 continue to work, although they cannot be installed on the 4.5 Client. However, they cannot be removed or upgraded unless they are upgraded in the 4.5 Sequencer. The original pre-4.5 virtual application package would need to be opened in the 4.5 Sequencer and then saved as a Windows Installer File.
**Note**  
If the App-V 4.2 Client has already been upgraded to 4.5, it is possible to use script as a workaround to preserve the 4.2 packages on 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key \[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]:

2
mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md
View File

@ -19,7 +19,7 @@ ms.date: 06/16/2016
In Application Virtualization, after you have sequenced and tested a package, you need to deploy the virtual application package to the target computers. To accomplish this, you will need to determine where to put the package content and how to deliver it to the end user computers. An efficient, effective electronic software distributionbased deployment plan will help you avoid the situation where large numbers of end users computers need to retrieve the package content over slow network connections.
If you currently have an electronic software distribution (ESD) system in daily operation, you can use it to handle all necessary management tasks in Application Virtualization. This means that you can effectively use your existing infrastructure to the best advantage, without the need to add new servers and application software or incur the additional administrative overhead that these would require. Ideally, if you have System Center Configuration Manager 2007 R2 deployed and operational, you will find that Configuration Manager has built-in capability for performing the Application Virtualization management tasks.
If you currently have an electronic software distribution (ESD) system in daily operation, you can use it to handle all necessary management tasks in Application Virtualization. This means that you can effectively use your existing infrastructure to the best advantage, without the need to add new servers and application software or incur the additional administrative overhead that these would require. Ideally, if you have Microsoft Endpoint Configuration Manager deployed and operational, you will find that Configuration Manager has built-in capability for performing the Application Virtualization management tasks.
For in-depth information about performing an ESD-based deployment, [Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md).

44
mdop/appv-v5/app-v-50-prerequisites.md
View File

@ -100,8 +100,8 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
<tr class="odd">
<td align="left"><p><strong>Software requirements</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="http://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="http://www.microsoft.com/download/details.aspx?id=34595">http://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="https://www.microsoft.com/download/details.aspx?id=34595">https://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<p></p>
<div class="alert">
<strong>Note</strong><br/><p>Installing PowerShell 3.0 requires a restart.</p>
@ -109,7 +109,7 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
<div>
</div></li>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="http://support.microsoft.com/kb/2533623" data-raw-source="http://support.microsoft.com/kb/2533623">http://support.microsoft.com/kb/2533623</a>)</p>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="https://support.microsoft.com/kb/2533623" data-raw-source="https://support.microsoft.com/kb/2533623">https://support.microsoft.com/kb/2533623</a>)</p>
<p></p>
<div class="alert">
<strong>Important</strong><br/><p>You can download and install the previous KB article. However, it may have been replaced with a more recent version.</p>
@ -120,12 +120,12 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
<li><p>The client installer (.exe) will detect if it is necessary to install the following prerequisites, and it will do so accordingly:</p>
<p></p>
<ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="http://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="http://www.microsoft.com/download/details.aspx?id=40784">http://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="https://www.microsoft.com/download/details.aspx?id=40784">https://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<p>This prerequisite is only required if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=26999" data-raw-source="[The Microsoft Visual C++ 2010 Redistributable](https://www.microsoft.com/download/details.aspx?id=26999)">The Microsoft Visual C++ 2010 Redistributable</a> (<a href="https://go.microsoft.com/fwlink/?LinkId=26999" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=26999">https://go.microsoft.com/fwlink/?LinkId=26999</a>)</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638)">Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="http://www.microsoft.com/download/details.aspx?id=5638">http://www.microsoft.com/download/details.aspx?id=5638</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638)">Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="https://www.microsoft.com/download/details.aspx?id=5638">https://www.microsoft.com/download/details.aspx?id=5638</a>)</p></li>
</ul></li>
</ul></td>
</tr>
@ -158,8 +158,8 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
<tr class="odd">
<td align="left"><p><strong>Software requirements</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft.NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft.NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="http://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="http://www.microsoft.com/download/details.aspx?id=34595">http://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft.NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft.NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="https://www.microsoft.com/download/details.aspx?id=34595">https://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<p></p>
<div class="alert">
<strong>Note</strong><br/><p>Installing PowerShell 3.0 requires a restart.</p>
@ -178,12 +178,12 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
<li><p>The client (.exe) installer will detect if it is necessary to install the following prerequisites, and it will do so accordingly:</p>
<p></p>
<ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="http://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="http://www.microsoft.com/download/details.aspx?id=40784">http://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="https://www.microsoft.com/download/details.aspx?id=40784">https://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<p>This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=26999" data-raw-source="[The Microsoft Visual C++ 2010 Redistributable](https://www.microsoft.com/download/details.aspx?id=26999)">The Microsoft Visual C++ 2010 Redistributable</a> (<a href="https://go.microsoft.com/fwlink/?LinkId=26999" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=26999">https://go.microsoft.com/fwlink/?LinkId=26999</a>)</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638)">Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="http://www.microsoft.com/download/details.aspx?id=5638">http://www.microsoft.com/download/details.aspx?id=5638</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://www.microsoft.com/download/details.aspx?id=5638)">Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=5638" data-raw-source="https://www.microsoft.com/download/details.aspx?id=5638">https://www.microsoft.com/download/details.aspx?id=5638</a>)</p></li>
</ul></li>
</ul></td>
</tr>
@ -221,14 +221,14 @@ If the system requirements of a locally installed application exceed the require
<tr class="odd">
<td align="left"><p><strong>Software requirements</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="http://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="http://www.microsoft.com/download/details.aspx?id=40784">http://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="[Visual C++ Redistributable Packages for Visual Studio 2013](https://www.microsoft.com/download/details.aspx?id=40784)">Visual C++ Redistributable Packages for Visual Studio 2013</a> (<a href="https://www.microsoft.com/download/details.aspx?id=40784" data-raw-source="https://www.microsoft.com/download/details.aspx?id=40784">https://www.microsoft.com/download/details.aspx?id=40784</a>)</p>
<p>This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2.</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p>
<p></p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="http://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="http://www.microsoft.com/download/details.aspx?id=34595">http://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="https://www.microsoft.com/download/details.aspx?id=34595">https://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<p></p></li>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="http://support.microsoft.com/kb/2533623" data-raw-source="http://support.microsoft.com/kb/2533623">http://support.microsoft.com/kb/2533623</a>)</p>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="https://support.microsoft.com/kb/2533623" data-raw-source="https://support.microsoft.com/kb/2533623">https://support.microsoft.com/kb/2533623</a>)</p>
<p></p></li>
<li><p>For computers running Microsoft Windows Server 2008 R2 SP1, download and install <a href="https://go.microsoft.com/fwlink/?LinkId=286102" data-raw-source="[KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 )">KB2533623</a> (<a href="https://go.microsoft.com/fwlink/?LinkId=286102" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=286102">https://go.microsoft.com/fwlink/?LinkId=286102</a>)</p>
<p></p>
@ -254,7 +254,7 @@ The following prerequisites are already installed for computers that run Windows
- Windows PowerShell 3.0
- Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)
- Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (https://support.microsoft.com/kb/2533623)
**Important**
You can still download install the previous KB. However, it may have been replaced with a more recent version.
@ -292,8 +292,8 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
<tr class="odd">
<td align="left"><p><strong>Management Server</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="http://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="http://www.microsoft.com/download/details.aspx?id=34595">http://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="[Windows PowerShell 3.0](https://www.microsoft.com/download/details.aspx?id=34595)">Windows PowerShell 3.0</a> (<a href="https://www.microsoft.com/download/details.aspx?id=34595" data-raw-source="https://www.microsoft.com/download/details.aspx?id=34595">https://www.microsoft.com/download/details.aspx?id=34595</a>)</p>
<div class="alert">
<strong>Note</strong><br/><p>Installing PowerShell 3.0 requires a restart.</p>
</div>
@ -301,7 +301,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
</div></li>
<li><p>Windows Web Server with the IIS role enabled and the following features: <strong>Common HTTP Features</strong> (static content and default document), <strong>Application Development</strong> (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Management Tools</strong> (IIS Management Console).</p></li>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="http://support.microsoft.com/kb/2533623" data-raw-source="http://support.microsoft.com/kb/2533623">http://support.microsoft.com/kb/2533623</a>)</p>
<li><p>Download and install <a href="https://support.microsoft.com/kb/2533623" data-raw-source="[KB2533623](https://support.microsoft.com/kb/2533623)">KB2533623</a> (<a href="https://support.microsoft.com/kb/2533623" data-raw-source="https://support.microsoft.com/kb/2533623">https://support.microsoft.com/kb/2533623</a>)</p>
<p></p>
<div class="alert">
<strong>Important</strong><br/><p>You can still download install the previous KB. However, it may have been replaced with a more recent version.</p>
@ -309,7 +309,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
<div>
</div></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=13523" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](https://www.microsoft.com/download/details.aspx?id=13523)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=13523" data-raw-source="http://www.microsoft.com/download/details.aspx?id=13523">http://www.microsoft.com/download/details.aspx?id=13523</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=13523" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](https://www.microsoft.com/download/details.aspx?id=13523)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=13523" data-raw-source="https://www.microsoft.com/download/details.aspx?id=13523">https://www.microsoft.com/download/details.aspx?id=13523</a>)</p></li>
<li><p><a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)</a> (<a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=267110">https://go.microsoft.com/fwlink/?LinkId=267110</a>)</p></li>
<li><p>64-bit ASP.NET registration</p></li>
</ul>
@ -339,7 +339,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
</div>
<ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)</a>(<a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=267110">https://go.microsoft.com/fwlink/?LinkId=267110</a>)</p></li>
</ul>
<p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.</p>
@ -355,7 +355,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
<tr class="odd">
<td align="left"><p><strong>Reporting Server</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)</a>(<a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=267110">https://go.microsoft.com/fwlink/?LinkId=267110</a>)</p></li>
<li><div class="alert">
<strong>Note</strong><br/><p>To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.</p>
@ -380,7 +380,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
</div>
<ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)</a>(<a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=267110">https://go.microsoft.com/fwlink/?LinkId=267110</a>)</p></li>
</ul>
<p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.</p>
@ -396,7 +396,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
<tr class="odd">
<td align="left"><p><strong>Publishing Server</strong></p></td>
<td align="left"><ul>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="http://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="http://www.microsoft.com/download/details.aspx?id=17718">http://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="[Microsoft .NET Framework 4 (Full Package)](https://www.microsoft.com/download/details.aspx?id=17718)">Microsoft .NET Framework 4 (Full Package)</a> (<a href="https://www.microsoft.com/download/details.aspx?id=17718" data-raw-source="https://www.microsoft.com/download/details.aspx?id=17718">https://www.microsoft.com/download/details.aspx?id=17718</a>)</p></li>
<li><p><a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)">Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)</a>(<a href="https://go.microsoft.com/fwlink/?LinkId=267110" data-raw-source="https://go.microsoft.com/fwlink/?LinkId=267110">https://go.microsoft.com/fwlink/?LinkId=267110</a>)</p></li>
<li><p>Windows Web Server with the IIS role with the following features: <strong>Common HTTP Features</strong> (static content and default document), <strong>Application Development</strong> (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Management Tools</strong> (IIS Management Console)</p></li>
<li><p>64-bit ASP.NET registration</p></li>

2
mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
View File

@ -36,7 +36,7 @@ If you are using a certificate for authentication between MBAM servers, after up
### MBAM Svclog File Filling Disk Space
If you have followed Knowledge Base article 2668170, [http://support.microsoft.com/kb/2668170](https://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
If you have followed Knowledge Base article 2668170, [https://support.microsoft.com/kb/2668170](https://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
**Workaround**: None.

2
mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
View File

@ -92,7 +92,7 @@ Incorrectly editing the registry may severely damage your system. Before making
Important Information: Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their PCs. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available on [TechNet](https://technet.microsoft.com/library/cc709644.aspx).
Additional information on how to modify enable and disable error reporting is available at this support article: [(http://support.microsoft.com/kb/188296)](https://support.microsoft.com/kb/188296).
Additional information on how to modify enable and disable error reporting is available at this support article: [(https://support.microsoft.com/kb/188296)](https://support.microsoft.com/kb/188296).
### Microsoft Update

8
mdop/mbam-v25/troubleshooting-mbam-installation.md
View File

@ -335,7 +335,7 @@ The MBAM agent will be unable to post any updates to the database if connectivit
User: SYSTEM
Computer: TESTLABS.CONTOSO.COM
Description:
An error occured while applying MBAM policies.
An error occurred while applying MBAM policies.
Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\
Error code:
0x803D0010
@ -352,7 +352,7 @@ The MBAM agent will be unable to post any updates to the database if connectivit
User: SYSTEM
Computer: TESTLABS.CONTOSO.COM
Description:
An error occured while applying MBAM policies.
An error occurred while applying MBAM policies.
Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\
Error code:
0x803D0006
@ -420,7 +420,7 @@ The MBAM services may be unable to connect to the database server because of a n
Computer: MBAM2-Admin.contoso.com
Description:
Event code: 100001
Event message: SQL error occured
Event message: SQL error occurred
Event time: 7/11/2013 6:16:34 PM
Event time (UTC): 7/11/2013 12:46:34 PM
Event ID: 6615fb8eb9d54e778b933d5bb7ca91ed
@ -552,7 +552,7 @@ Review the activity in the service trace log for any error or warning entries. B
<Channel />
<Computer>XXXXXXXXXXX</Computer>
</System>
<ApplicationData>AddUpdateVolume: While executing sql transaction for add volume to store exception occured Key Recovery Data Store processing error: Violation of UNIQUE KEY constraint 'UniqueRecoveryKeyId'. Cannot insert duplicate key in object 'RecoveryAndHardwareCore.Keys'. The duplicate key value is (8637036e-b379-4798-bd9e-5a0b36296de3).
<ApplicationData>AddUpdateVolume: While executing sql transaction for add volume to store exception occurred Key Recovery Data Store processing error: Violation of UNIQUE KEY constraint 'UniqueRecoveryKeyId'. Cannot insert duplicate key in object 'RecoveryAndHardwareCore.Keys'. The duplicate key value is (8637036e-b379-4798-bd9e-5a0b36296de3).
</ApplicationData>
</E2ETraceEvent>

19
mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
View File

@ -26,24 +26,21 @@ Verify you have a current documentation of your MBAM environment, including all
### Upgrade steps
#### Steps to upgrade the MBAM Database (SQL Server)
1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one.
Note: You will not see an option to remove the Databases; this is expected.
> [!NOTE]
> You will not see an option to remove the Databases; this is expected.
2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: <https://www.microsoft.com/Licensing/servicecenter/default.aspx>
3. Do not configure it at this time 
4. Install the May 2019 Rollup: https://www.microsoft.com/download/details.aspx?id=58345
5. Using the MBAM Configurator; re-add the Reports role
6. This will configure the SSRS connection using the latest MBAM code from the rollup 
7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server.
8. At the end, you will be warned that the DBs already exist and werent created, but this is expected.
9. This process updates the existing databases to the current version being installed
4. Using the MBAM Configurator; re-add the Reports role
5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server
6. At the end, you will be warned that the DBs already exist and werent created, but this is expected
7. This process updates the existing databases to the current version being installed.
#### Steps to upgrade the MBAM Server (Running MBAM and IIS)
1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server
2. Install MBAM 2.5 SP1
3. Do not configure it at this time  
4. Install the May 2019 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=58345)
5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
6. This will configure the sites using the latest MBAM code from the May 2019 Rollup
7. Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
4. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
5. Open an elevated command prompt, type **IISRESET**, and hit Enter.
#### Steps to upgrade the MBAM Clients/Endpoints
1. Uninstall the 2.5 Agent from client endpoints

2
mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
View File

@ -81,7 +81,7 @@ When you install updates to Windows XP, make sure that you remain on the version
Although it is optional, we recommend that you install the following update for [hotfix KB972435](https://go.microsoft.com/fwlink/?LinkId=201077) (https://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
**Note**  
The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.

2
mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
View File

@ -29,7 +29,7 @@ If you are using System Center Configuration Manager 2007 SP2 and your MED-V wor
The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.

2
mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
View File

@ -29,7 +29,7 @@ If you are using System Center Configuration Manager 2007 SP2 and your MED-V wor
The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.

2
store-for-business/TOC.md
View File

@ -24,7 +24,7 @@
### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md)
### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md)
### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md)
### [Working with solution providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md)
### [Working with solution providers](work-with-partner-microsoft-store-business.md)
## [Billing and payments](billing-payments-overview.md)
### [Understand your invoice](billing-understand-your-invoice-msfb.md)
### [Payment methods](payment-methods.md)

83
store-for-business/work-with-partner-microsoft-store-business.md
View File

@ -1,83 +0,0 @@
---
title: Work with solution providers in Microsoft Store for Business and Education (Windows 10)
description: You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school.
keywords: partner, solution provider
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.date: 10/12/2018
ms.reviewer:
manager: dansimp
---
# Working with solution providers in Microsoft Store for Business
You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. There's a few steps involved in getting the things set up.
The process goes like this:
- Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business.
- Solution providers send a request from Partner center to customers to become their solution provider.
- Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
- Customers can manage settings for the relationship with Partner in Microsoft Store for Business.
## What can a solution provider do for my organization or school?
There are several ways that a solution provider can work with you. Solution providers will choose one of these when they send their request to work as a partner with you.
| Solution provider function | Description |
| ------ | ------------------- |
| Reseller | Solution providers sell Microsoft products to your organization or school. |
| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. |
| Reseller & delegated administrator | Solution providers that sell and manage Microsoft products and services to your organization or school. |
| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. |
| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. |
| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). |
| Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. |
## Find a solution provider
You can find partner in Microsoft Store for Business and Education.
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
2. Select **Find a solution provider**.
![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-find-partner.png)
3. Refine the list, or search for a solution provider.
![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-provider-list.png)
4. When you find a solution provider you're interested in working with, click **Contact**.
5. Complete and send the form.
The solution provider will get in touch with you. You'll have a chance to learn more about them. If you decide to work with the solution provider, they will send you an email invitation from Partner Center.
## Work with a solution provider
Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
**To accept a solution provider invitation**
1. **Follow email link** - You'll receive an email with a link to accept the solution provider invitation from your solution provider. The link will take you to Microsoft Store for Business or Education.
2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider.
![Image shows accepting an invitation from a solution provider in Microsoft Store for Business.](images/msft-accept-partner.png)
## Delegate admin privileges
Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad).
If you don't want to delegate admin privileges to the solution provider, you'll need to cancel the invitation instead of accepting it.
If you delegate admin privileges to a solution provider, you can remove that later.
**To remove delegate admin privileges**
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
2. Select **Partner**
3. Choose the Partner you want to manage.
4. Select **Remove Delegated Permissions**.
The solution provider will still be able to work with you, for example, as a Reseller.

4
windows/application-management/manage-windows-mixed-reality.md
View File

@ -33,14 +33,14 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
a. Download the FOD .cab file for [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
>[!NOTE]
>You must download the FOD .cab file that matches your operating system version.
b. Use `Add-Package` to add Windows Mixed Reality FOD to the image.
```
```powershell
Add-Package
Dism /Online /add-package /packagepath:(path)
```

2
windows/client-management/mdm/certificate-authentication-device-enrollment.md
View File

@ -15,7 +15,7 @@ ms.date: 06/26/2017
# Certificate authentication device enrollment
This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
> **Note**  To set up devices to use certificate authentication for enrollment, you should create a provisioning package. For more information about provisioning packages, see [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107).

2
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -1806,7 +1806,7 @@ The content below are the latest versions of the DDF files:
<Replace />
</AccessType>
<DefaultValue>4</DefaultValue>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.</Description>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.</Description>
<DFFormat>
<int />
</DFFormat>

2
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -957,7 +957,7 @@ The XML below is for Windows 10, version 1803.
<Get />
<Replace />
</AccessType>
<Description>Number of days after last sucessful sync to unenroll</Description>
<Description>Number of days after last successful sync to unenroll</Description>
<DFFormat>
<int />
</DFFormat>

2
windows/client-management/mdm/enterpriseappvmanagement-csp.md
View File

@ -89,7 +89,7 @@ The following diagram shows the EnterpriseAppVManagement configuration service p
- SYNC\_ERR\_PUBLISH\_GROUP_PACKAGES (3) - Publish group packages failed during publish.
- SYNC\_ERR\_UNPUBLISH_PACKAGES (4) - Unpublish packages failed during publish.
- SYNC\_ERR\_NEW_POLICY_WRITE (5) - New policy write failed during publish.
- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occured during publish.
- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occurred during publish.
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>

12
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -492,6 +492,18 @@ Supported operation is Execute, Add, Delete, and Get.
<a href="" id="appinstallation-packagefamilyname-hostedinstall"></a>**AppInstallation/*PackageFamilyName*/HostedInstall**
Required. Command to perform an install of an app package from a hosted location (this can be a local drive, a UNC, or https data source).
The following list shows the supported deployment options:
- ForceApplicationShutdown
- DevelopmentMode 
- InstallAllResources
- ForceTargetApplicationShutdown 
- ForceUpdateToAnyVersion
- DeferRegistration="1". If the app is in use at the time of installation. This stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
- StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
- ValidateDependencies="1". This is used at provisioning/staging time. If it is set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies are not present. Available in the latest insider flight of 20H1.
- ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
Supported operation is Execute, Add, Delete, and Get.
<a href="" id="appinstallation-packagefamilyname-lasterror"></a>**AppInstallation/*PackageFamilyName*/LastError**

2
windows/client-management/mdm/federated-authentication-device-enrollment.md
View File

@ -19,7 +19,7 @@ This section provides an example of the mobile device enrollment protocol using
The &lt;AuthenticationServiceURL&gt; element the discovery response message specifies web authentication broker page start URL.
For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
## In this topic

Some files were not shown because too many files have changed in this diff Show More