From f88e7e9e51dad1f5a265a7b3ad626edb5519121f Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Wed, 4 Mar 2020 14:58:04 -0800 Subject: [PATCH 1/7] Update wufb-compliancedeadlines.md I have updated to clarify that the change is for version 1709 and above *note* for 1903 and above. I have changed all instances of this in the document (or at least tried to). @jaimeo can you approve? --- .../update/wufb-compliancedeadlines.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index df08dd3caa..6d43d7c97d 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -16,15 +16,15 @@ ms.topic: article Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions. -The compliance options have changed with the release of Windows 10, version 1903: +The compliance options have changed for devices on Windows 10, version 1709 and above: -- [Starting with Windows 10, version 1903](#starting-with-windows-10-version-1903) -- [Prior to Windows 10, version 1903](#prior-to-windows-10-version-1903) +- [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above) +- [For prior to Windows 10, version 1709](#prior-to-windows-10-version-1709) -## Starting with Windows 10, version 1903 +## For Windows 10, version 1709 and above -With a current version of Windows 10, it's best to use the new policy introduced in Windows 10, version 1903: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings: +With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings: - Update/ConfigureDeadlineForFeatureUpdates - Update/ConfigureDeadlineForQualityUpdates @@ -43,7 +43,7 @@ Further, the policy includes the option to opt out of automatic restarts until t |Policy|Description | |-|-| -| (starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. | +| (For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. | @@ -51,9 +51,9 @@ Further, the policy includes the option to opt out of automatic restarts until t |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days| |-|-|-|-|-| -|(starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 | +|(For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 | -When **Specify deadlines for automatic updates and restarts** is set (starting in Windows 10, version 1903): +When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above): **While restart is pending, before the deadline occurs:** - For the first few days, the user receives a toast notification @@ -75,7 +75,7 @@ When **Specify deadlines for automatic updates and restarts** is set (starting i -## Prior to Windows 10, version 1903 +## Prior to Windows 10, version 1709 Two compliance flows are available: From 4c7b5d1203883663b0d4667b7ebf611b89f5c32d Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Wed, 4 Mar 2020 15:22:43 -0800 Subject: [PATCH 2/7] Update command-line-arguments-windows-defender-antivirus.md --- .../command-line-arguments-windows-defender-antivirus.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 17897257a2..cbcf1227ad 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -30,6 +30,9 @@ You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. +> +> If you're running with an updated Windows Defender Platform version, please run MpCmdRun from below location: +> **C:\ProgramData\Microsoft\Windows Defender\Platform\** The utility has the following commands: @@ -44,7 +47,7 @@ MpCmdRun.exe -scan -2 | Command | Description | |:----|:----| | `-?` **or** `-h` | Displays all available options for this tool | -| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | +| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. | | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-GetFiles` | Collects support information | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | From e5487aa068fa582f53c39f9e1539aa3ee010e562 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:12:53 -0800 Subject: [PATCH 3/7] Update windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md Thanks @illfated Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../command-line-arguments-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index cbcf1227ad..9c01591c7c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -31,7 +31,7 @@ You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. > -> If you're running with an updated Windows Defender Platform version, please run MpCmdRun from below location: +> If you're running an updated Windows Defender Platform version, please run MpCmdRun from the location below: > **C:\ProgramData\Microsoft\Windows Defender\Platform\** The utility has the following commands: From 219661338ec82e86bf3b3178a8e695a4c291f631 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:15:51 -0800 Subject: [PATCH 4/7] Update command-line-arguments-windows-defender-antivirus.md --- ...mmand-line-arguments-windows-defender-antivirus.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 9c01591c7c..163a11cade 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.reviewer: +ms.reviewer: ksarens manager: dansimp --- @@ -22,17 +22,12 @@ manager: dansimp - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. - -This utility can be useful when you want to automate Windows Defender Antivirus use. - -You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt. +You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt. > [!NOTE] > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. > -> If you're running an updated Windows Defender Platform version, please run MpCmdRun from the location below: -> **C:\ProgramData\Microsoft\Windows Defender\Platform\** +> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\`. The utility has the following commands: From cf9c175dfb117d2c4164c0f4d9d9c06753ffb611 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 5 Mar 2020 08:16:59 -0800 Subject: [PATCH 5/7] Update command-line-arguments-windows-defender-antivirus.md --- .../command-line-arguments-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 163a11cade..b42e1c8729 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -46,7 +46,7 @@ MpCmdRun.exe -scan -2 | `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing | | `-GetFiles` | Collects support information | | `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder | -| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | +| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set | | `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence | | `-RemoveDefinitions [-Engine]` | Restores the previous installed engine | | `-SignatureUpdate [-UNC \| -MMPC]` | Checks for new Security intelligence updates | From 6d2509762eab1caf18316f7d9a8d2606b1852376 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 5 Mar 2020 14:10:23 -0800 Subject: [PATCH 6/7] Fixing layout of list items. --- .../update/wufb-compliancedeadlines.md | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 6d43d7c97d..2262091944 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -55,24 +55,27 @@ Further, the policy includes the option to opt out of automatic restarts until t When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above): -**While restart is pending, before the deadline occurs:** -- For the first few days, the user receives a toast notification -- After this period, the user receives this dialog: + - **While restart is pending, before the deadline occurs:** -![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png) -- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: + - For the first few days, the user receives a toast notification + + - After this period, the user receives this dialog: + + ![The notification users get for an impending restart prior to deadline](images/wufb-update-deadline-warning.png) + + - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) -**If the restart is still pending after the deadline passes:** -- Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching: + - **If the restart is still pending after the deadline passes:** + + - Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching: -![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png) -- Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification: - -![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png) + ![The notification users get for an approaching restart deadline](images/wufb-pastdeadline-restart-warning.png) + - Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification: + ![The notification users get for an imminent restart after the deadline](images/wufb-pastdeadline-restartnow.png) ## Prior to Windows 10, version 1709 From 8343c2a696a8f5b65425a52fd8e4000e2ef6324e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 5 Mar 2020 14:33:58 -0800 Subject: [PATCH 7/7] Indented additional content, added white space --- windows/deployment/update/wufb-compliancedeadlines.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 2262091944..41edd21e70 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -65,7 +65,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur: -![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) + ![The notification users get for an impending restart 15 minutes prior to restart](images/wufb-restart-imminent-warning.png) - **If the restart is still pending after the deadline passes:** @@ -122,9 +122,11 @@ Once the device is in the pending restart state, it will attempt to restart the #### Notification experience for deadline Notification users get for a quality update deadline: + ![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png) Notification users get for a feature update deadline: + ![The notification users get for an impending feature update deadline](images/wufb-feature-notification.png) ### Deadline with user engagement