mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
fix merge conflict
This commit is contained in:
Meghan Stewart
commit
d07275136c
@ -705,6 +705,21 @@
|
||||
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "store-for-business/device-guard-signing-portal.md",
|
||||
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
|
||||
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
|
||||
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
|
||||
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
|
||||
@ -20244,6 +20259,26 @@
|
||||
"source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md",
|
||||
"redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/deployment/windows-autopatch/prepare/index.md",
|
||||
"redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/deployment/windows-autopatch/deploy/index.md",
|
||||
"redirect_url": "/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/deployment/windows-autopatch/operate/index.md",
|
||||
"redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md",
|
||||
"redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies",
|
||||
"redirect_document_id": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -134,7 +134,6 @@ The following applications can also run on Windows 11 SE, and can be deployed us
|
||||
| Respondus Lockdown Browser | 2.0.9.00 | Win32 | Respondus |
|
||||
| Safe Exam Browser | 3.3.2.413 | Win32 | Safe Exam Browser |
|
||||
| Senso.Cloud | 2021.11.15.0 | Win32 | Senso.Cloud |
|
||||
| Smoothwall monitor | 2.8.0 | Win32 | Smoothwall Ltd |
|
||||
| SuperNova Magnifier & Screen Reader | 21.02 | Win32 | Dolphin Computer Access |
|
||||
| SuperNova Magnifier & Speech | 21.02 | Win32 | Dolphin Computer Access |
|
||||
| VitalSourceBookShelf | 10.2.26.0 | Win32 | VitalSource Technologies Inc |
|
||||
|
||||
@ -1,119 +0,0 @@
|
||||
---
|
||||
title: Add unsigned app to code integrity policy (Windows 10)
|
||||
description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
|
||||
ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
|
||||
ms.reviewer:
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: store, security
|
||||
ms.author: cmcatee
|
||||
author: cmcatee-MSFT
|
||||
manager: scotv
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/21/2021
|
||||
---
|
||||
|
||||
# Add unsigned app to code integrity policy
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
|
||||
>
|
||||
> Following are the major changes we are making to the service:
|
||||
>
|
||||
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
|
||||
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
|
||||
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
|
||||
>
|
||||
> The following functionality will be available via these PowerShell cmdlets:
|
||||
>
|
||||
> - Get a CI policy
|
||||
> - Sign a CI policy
|
||||
> - Sign a catalog
|
||||
> - Download root cert
|
||||
> - Download history of your signing operations
|
||||
>
|
||||
> For any questions, please contact us at DGSSMigration@microsoft.com.
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
|
||||
|
||||
## Create a code integrity policy based on a reference device
|
||||
|
||||
To add an unsigned app to a code integrity policy, your code integrity policy must be created from golden image machine. For more information, see [Create a Device Guard code integrity policy based on a reference device](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
|
||||
## Create catalog files for your unsigned app
|
||||
|
||||
Creating catalog files starts the process for adding an unsigned app to a code integrity policy.
|
||||
|
||||
Before you get started, be sure to review these best practices and requirements:
|
||||
|
||||
### Requirements
|
||||
|
||||
- You'll use Package Inspector during this process.
|
||||
- Only perform this process with a code integrity policy running in audit mode. You should not perform this process on a system running an enforced Device Guard policy.
|
||||
|
||||
### Best practices
|
||||
|
||||
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-a-code-integrity-policy-based-on-a-reference-device) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
|
||||
|
||||
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
|
||||
|
||||
### To create catalog files for your unsigned app
|
||||
|
||||
1. Start Package Inspector to scan the C drive.
|
||||
|
||||
`PackageInspector.exe Start C:`
|
||||
|
||||
2. Copy the installation media to the C drive.
|
||||
|
||||
Copying the installation media to the C drive ensures that Package Inspector finds and catalogs the installer. If you skip this step, the code integrity policy may trust the application to run, but not trust it to be installed.
|
||||
|
||||
3. Install and start the app.
|
||||
|
||||
All binaries that are used while Package Inspector is running will be part of the catalog files. After the installation, start the app and make sure that any product updates are installed and any downloadable content was found during the scan. Then, close and restart the app to make sure that the scan found all binaries.
|
||||
|
||||
4. Stop the scan and create definition and catalog files.
|
||||
|
||||
After app install is complete, stop the Package Inspector scan and create catalog and definition files on your desktop.
|
||||
|
||||
`$ExamplePath=$env:userprofile+"\Desktop"`
|
||||
|
||||
`$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"`
|
||||
|
||||
`$CatDefName=$ExamplePath+"\LOBApp.cdf"`
|
||||
|
||||
`PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName`
|
||||
|
||||
The Package Inspector scan catalogs the hash values for each binary file that is finds. If the app that was scanned are updated, do this process again to trust the new binaries hash values.
|
||||
|
||||
After you're done, the files are saved to your desktop. You still need to sign the catalog file so that it will be trusted within the code integrity policy.
|
||||
|
||||
## Catalog signing with Device Guard signing portal
|
||||
|
||||
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
|
||||
|
||||
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.
|
||||
|
||||
### To sign a catalog file with Device Guard signing portal
|
||||
|
||||
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Settings**, click **Store settings**, and then click **Device Guard**.
|
||||
3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files-for-your-unsigned-app).
|
||||
4. After the files are uploaded, click **Sign** to sign the catalog files.
|
||||
5. Click Download to download each item:
|
||||
- signed catalog file
|
||||
- default policy
|
||||
- root certificate for your organization
|
||||
|
||||
When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
|
||||
6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
|
||||
7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
@ -1,201 +0,0 @@
|
||||
---
|
||||
title: Device Guard signing (Windows 10)
|
||||
description: Device Guard signing is a Device Guard feature that is available in the Microsoft Store for Business and Microsoft Store for Education.
|
||||
ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: store, security
|
||||
author: TrudyHa
|
||||
ms.author: TrudyHa
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/21/2021
|
||||
---
|
||||
|
||||
# Device Guard signing
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
|
||||
>
|
||||
> Following are the major changes we are making to the service:
|
||||
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
|
||||
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
|
||||
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
|
||||
>
|
||||
> The following functionality will be available via these PowerShell cmdlets:
|
||||
> - Get a CI policy
|
||||
> - Sign a CI policy
|
||||
> - Sign a catalog
|
||||
> - Download root cert
|
||||
> - Download history of your signing operations
|
||||
>
|
||||
> For any questions, please contact us at DGSSMigration@microsoft.com.
|
||||
|
||||
Device Guard signing is a Device Guard feature that gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files.
|
||||
|
||||
Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features use new virtualization-based security options and the trust-nothing mobile device operating system model. A key feature in this model is called configurable code integrity, which allows your organization to choose exactly which software or trusted software publishers are allowed to run code on your client machines. Also, Device Guard offers organizations a way to sign existing line-of-business (LOB) applications so that they can trust their own code, without the requirement that the application be repackaged. Also, this same method of signing allows organizations to trust individual third-party applications. For more information, see [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
| ----- | ----------- |
|
||||
| [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) | When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies. |
|
||||
| [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) | Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal. |
|
||||
|
||||
## Device Guard Signing Service (v2) PowerShell Commands
|
||||
|
||||
> [!NOTE]
|
||||
> [.. common ..] are parameters common across all commands that are documented below the command definitions.
|
||||
|
||||
**Get-DefaultPolicy** Gets the default .xml policy file associated with the current tenant.
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**OutFile** - string, mandatory - The filename where the default policy file should be persisted to disk. The file name should be an .xml file. If the file already exists, it will be overwritten (note: create the folder first).
|
||||
|
||||
**PassThru** - switch, optional - If present, returns an XmlDocument object returning the default policy file.
|
||||
|
||||
- Command running time:
|
||||
|
||||
The average running time is under 20 seconds but may be up to 3 minutes.
|
||||
|
||||
**Get-RootCertificate** Gets the root certificate for the current tenant. All Authenticode and policy signing certificates will eventually chain up to this root certificate.
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
Get-RootCertificate -OutFile filename [-PassThru] [.. common ..]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**OutFile** - string, mandatory - The filename where the root certificate file should be persisted to disk. The file name should be a .cer file. If the file already exists, it will be overwritten (note: create the folder first).
|
||||
|
||||
**PassThru** - switch, optional - If present, returns an X509Certificate2 object returning the default policy file.
|
||||
|
||||
- Command running time:
|
||||
|
||||
The average running time is under 20 seconds but may be up to 3 minutes.
|
||||
|
||||
**Get-SigningHistory** Gets information for the latest 100 files signed by the current tenant. Results are returned as a collection with elements in reverse chronological order (most recent to least recent).
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
Get-SigningHistory -OutFile filename [-PassThru] [.. common ..]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**OutFile** - string, mandatory - The filename where the signing history file should be persisted to disk. The file name should be a .xml file. If the file already exists, it will be overwritten (note: create the folder first).
|
||||
|
||||
**PassThru** - switch, optional - If present, returns XML objects returning the XML file.
|
||||
|
||||
- Command running time:
|
||||
|
||||
The average running time is under 10 seconds.
|
||||
|
||||
**Submit-SigningJob** Submits a file to the service for signing and timestamping. The module supports valid file type for Authenticode signing is Catalog file (.cat). Valid file type for policy signing is binary policy files with the extension (.bin) that have been created via the ConvertFrom-CiPolicy cmdlet. Otherwise, binary policy file may not be deployed properly.
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**InFile** - string, mandatory - The file to be signed. This should be a file of the types described in description above (.cat or .bin).
|
||||
|
||||
**OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. (note: create the folder first)
|
||||
|
||||
**NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip timestamping the output file, and it will be signed only.
|
||||
|
||||
**TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping, refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
|
||||
|
||||
**JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build rocess the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory command.
|
||||
|
||||
**Submit-SigningV1MigrationPolicy** Submits a file to the service for signing and timestamping. The only valid file type for policy
|
||||
signing is binary policy files with the extension (.bin) that have been created via the [ConvertFromCiPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet. Otherwise, binary policy file may not be deployed properly. Note: Only use for V1 migration.
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**InFile** - string, mandatory - The file to be signed. This should be a file of the types described in description above (.bin).
|
||||
|
||||
**OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten.
|
||||
|
||||
> [!NOTE]
|
||||
> Create the folder first.
|
||||
|
||||
**NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip timestamping the output file, and it will be signed only.
|
||||
|
||||
**TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping, refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
|
||||
|
||||
**JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build process the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory command.
|
||||
|
||||
- Command running time:
|
||||
|
||||
The average running time is under 20 seconds but may be up to 3 minutes.
|
||||
|
||||
**Common parameters [.. common ..]**
|
||||
|
||||
In addition to cmdlet-specific parameters, each cmdlet understands the following common parameters.
|
||||
|
||||
- Usage:
|
||||
|
||||
```powershell
|
||||
... [-NoPrompt] [-Credential $creds] [-AppId AppId] [-Verbose]
|
||||
```
|
||||
|
||||
- Parameters:
|
||||
|
||||
**NoPrompt** - switch, optional - If present, indicates that the script is running in a headless
|
||||
environment and that all UI should be suppressed. If UI must be displayed (e.g., for
|
||||
authentication) when the switch is set, the operation will instead fail.
|
||||
|
||||
**Credential + AppId** - PSCredential - A login credential (username and password) and AppId.
|
||||
|
||||
|
||||
## File and size limits
|
||||
When you're uploading files for Device Guard signing, there are a few limits for files and file size:
|
||||
|
||||
| Description | Limit |
|
||||
|-------------------------------------------------------|----------|
|
||||
| Maximum size for a policy or catalog file | 3.5 MB |
|
||||
| Maximum size for multiple files (uploaded in a group) | 4 MB |
|
||||
| Maximum number of files per upload | 15 files |
|
||||
|
||||
## File types
|
||||
Catalog and policy files have required files types.
|
||||
|
||||
| File | Required file type |
|
||||
|---------------|--------------------|
|
||||
| catalog files | .cat |
|
||||
| policy files | .bin |
|
||||
|
||||
## Store for Business roles and permissions
|
||||
Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role.
|
||||
|
||||
## Device Guard signing certificates
|
||||
All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
|
||||
@ -1,63 +0,0 @@
|
||||
---
|
||||
title: Sign code integrity policy with Device Guard signing (Windows 10)
|
||||
description: Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
|
||||
ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: store, security
|
||||
author: TrudyHa
|
||||
ms.author: TrudyHa
|
||||
ms.topic: conceptual
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/21/2021
|
||||
---
|
||||
|
||||
# Sign code integrity policy with Device Guard signing
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
|
||||
>
|
||||
> Following are the major changes we are making to the service:
|
||||
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
|
||||
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
|
||||
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
|
||||
>
|
||||
> The following functionality will be available via these PowerShell cmdlets:
|
||||
> - Get a CI policy
|
||||
> - Sign a CI policy
|
||||
> - Sign a catalog
|
||||
> - Download root cert
|
||||
> - Download history of your signing operations
|
||||
>
|
||||
> For any questions, please contact us at DGSSMigration@microsoft.com.
|
||||
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
|
||||
|
||||
## Sign your code integrity policy
|
||||
Before you get started, be sure to review these best practices:
|
||||
|
||||
**Best practices**
|
||||
|
||||
- Test your code integrity policies on a group of devices before deploying them to a large group of devices.
|
||||
- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
|
||||
|
||||
**To sign a code integrity policy**
|
||||
|
||||
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
|
||||
2. Click **Manage**, click **Store settings**, and then click **Device Guard**.
|
||||
3. Click **Upload** to upload your code integrity policy.
|
||||
4. After the files are uploaded, click **Sign** to sign the code integrity policy.
|
||||
5. Click **Download** to download the signed code integrity policy.
|
||||
|
||||
When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.
|
||||
@ -5,6 +5,7 @@ ms.prod: windows-client
|
||||
author: nicholasswhite
|
||||
ms.author: nwhite
|
||||
manager: aaroncz
|
||||
ms.date: 12/07/2017
|
||||
ms.reviewer:
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
|
||||
@ -4,6 +4,7 @@ ms.reviewer:
|
||||
author: nicholasswhite
|
||||
ms.author: nwhite
|
||||
manager: aaroncz
|
||||
ms.date: 12/07/2017
|
||||
description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
|
||||
ms.prod: windows-client
|
||||
ms.localizationpriority: medium
|
||||
|
||||
@ -5,9 +5,11 @@ ms.reviewer:
|
||||
author: nicholasswhite
|
||||
ms.author: nwhite
|
||||
manager: aaroncz
|
||||
ms.date: 12/07/2017
|
||||
ms.prod: windows-client
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-apps
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Sideload line of business (LOB) apps in Windows client devices
|
||||
|
||||
@ -4,6 +4,7 @@ ms.reviewer:
|
||||
author: nicholasswhite
|
||||
ms.author: nwhite
|
||||
manager: aaroncz
|
||||
ms.date: 12/07/2017
|
||||
description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
|
||||
ms.prod: windows-client
|
||||
ms.localizationpriority: medium
|
||||
|
||||
@ -9,6 +9,7 @@ ms.prod: windows-client
|
||||
ms.technology: itpro-manage
|
||||
author: vinaypamnani-msft
|
||||
ms.collection: highpri
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Azure Active Directory integration with MDM
|
||||
|
||||
@ -7,6 +7,7 @@ ms.localizationpriority: medium
|
||||
ms.author: vinpa
|
||||
ms.topic: conceptual
|
||||
ms.technology: itpro-manage
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# How Mobile Device Management Providers support eSIM Management on Windows
|
||||
|
||||
@ -12,6 +12,7 @@ ms.prod: windows-client
|
||||
ms.technology: itpro-manage
|
||||
author: vinaypamnani-msft
|
||||
ms.collection: highpri
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# MDM enrollment of Windows 10-based devices
|
||||
|
||||
@ -8,6 +8,7 @@ ms.technology: itpro-manage
|
||||
author: vinaypamnani-msft
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Firewall configuration service provider (CSP)
|
||||
|
||||
@ -9,6 +9,7 @@ author: vinaypamnani-msft
|
||||
ms.localizationpriority: medium
|
||||
ms.reviewer: bobgil
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policy CSP - Authentication
|
||||
|
||||
@ -9,6 +9,7 @@ author: vinaypamnani-msft
|
||||
ms.localizationpriority: medium
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policy CSP - ControlPolicyConflict
|
||||
|
||||
@ -9,6 +9,7 @@ author: vinaypamnani-msft
|
||||
ms.localizationpriority: medium
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policy CSP - InternetExplorer
|
||||
|
||||
@ -9,6 +9,7 @@ ms.technology: itpro-manage
|
||||
author: vinaypamnani-msft
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policy CSP - MixedReality
|
||||
|
||||
@ -205,7 +205,7 @@ Windows diagnostic data is collected when the Allow Telemetry policy setting is
|
||||
|
||||
If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
|
||||
|
||||
Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
|
||||
Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Windows Update for Business reports.
|
||||
|
||||
See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
|
||||
|
||||
@ -700,11 +700,11 @@ To enable this behavior, you must complete three steps:
|
||||
|
||||
1. Enable this policy setting.
|
||||
2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
|
||||
3. Set the Configure the Commercial ID setting for your Update Compliance workspace.
|
||||
3. If you're using Update Compliance rather than Windows Update for Business reports, set the Configure the Commercial ID setting for your Update Compliance workspace.
|
||||
|
||||
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
|
||||
|
||||
If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
|
||||
If you disable or don't configure this policy setting, devices won't appear in Windows Update for Business reports or Update Compliance.
|
||||
|
||||
<!--/Description-->
|
||||
<!--ADMXMapped-->
|
||||
|
||||
@ -8,6 +8,8 @@ author: aczechowski
|
||||
ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Configure Cortana in Windows 10 and Windows 11
|
||||
|
||||
@ -8,6 +8,8 @@ ms.author: aaroncz
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
|
||||
|
||||
@ -8,6 +8,8 @@ ms.author: aaroncz
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
|
||||
|
||||
@ -8,6 +8,8 @@ author: aczechowski
|
||||
ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Set up and test Cortana in Windows 10, version 2004 and later
|
||||
|
||||
@ -9,6 +9,8 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Customize the Start menu layout on Windows 11
|
||||
|
||||
@ -9,6 +9,8 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Customize the Taskbar on Windows 11
|
||||
|
||||
@ -10,6 +10,7 @@ ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Customize Windows 10 Start and taskbar with Group Policy
|
||||
|
||||
@ -9,6 +9,7 @@ ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Customize Windows 10 Start and taskbar with provisioning packages
|
||||
|
||||
@ -10,6 +10,7 @@ ms.localizationpriority: medium
|
||||
ms.prod: windows-client
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
# Find the Application User Model ID of an installed app
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@ ms.reviewer: sybruckm
|
||||
manager: aaroncz
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Guidelines for choosing an app for assigned access (kiosk mode)
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: reference
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# More kiosk methods and reference information
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Use MDM Bridge WMI Provider to create a Windows client kiosk
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
author: lizgt2000
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Configure kiosks and digital signs on Windows desktop editions
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policies enforced on kiosk devices
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Prepare a device for kiosk configuration
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Use Shell Launcher to create a Windows client kiosk
|
||||
|
||||
@ -10,6 +10,7 @@ ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Set up a single-app kiosk on Windows 10/11
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Validate kiosk configuration
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Assigned Access configuration (kiosk) XML reference
|
||||
|
||||
@ -10,6 +10,7 @@ ms.reviewer: sybruckm
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: how-to
|
||||
ms.collection: highpri
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Set up a multi-app kiosk on Windows 10 devices
|
||||
|
||||
@ -9,6 +9,7 @@ ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Lockdown features from Windows Embedded 8.1 Industry
|
||||
|
||||
@ -9,6 +9,7 @@ author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Manage Wi-Fi Sense in your company
|
||||
|
||||
@ -9,6 +9,7 @@ ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Configuration service providers for IT pros
|
||||
|
||||
@ -9,6 +9,7 @@ ms.author: lizlong
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Provision PCs with common settings for initial deployment (desktop wizard)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Provision PCs with apps
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Apply a provisioning package
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Windows Configuration Designer command-line interface (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Create a provisioning package
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# How provisioning works in Windows
|
||||
|
||||
@ -10,6 +10,7 @@ ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Install Windows Configuration Designer, and learn about any limitations
|
||||
|
||||
@ -9,6 +9,7 @@ ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.author: lizlong
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Create a provisioning package with multivariant settings
|
||||
|
||||
@ -10,6 +10,7 @@ ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: highpri
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Provisioning packages for Windows
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# PowerShell cmdlets for provisioning Windows client (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Use a script to install a desktop app in provisioning packages
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.reviewer: gkomatsu
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Settings changed when you uninstall a provisioning package
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Add image for secondary Microsoft Edge tiles
|
||||
|
||||
@ -8,6 +8,8 @@ ms.prod: windows-client
|
||||
author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Supported configuration service provider (CSP) policies for Windows 11 Start menu
|
||||
|
||||
@ -8,6 +8,8 @@ ms.prod: windows-client
|
||||
author: lizgt2000
|
||||
ms.localizationpriority: medium
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Supported configuration service provider (CSP) policies for Windows 11 taskbar
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Cellular (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Changes to settings in Windows Configuration Designer
|
||||
|
||||
@ -8,6 +8,7 @@ ms.author: aaroncz
|
||||
manager: dougeby
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# DeviceUpdateCenter (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Location (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Maps (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# NetworkProxy (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# NetworkQoSPolicy (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# OOBE (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Personalization (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Policies (Windows Configuration Designer reference)
|
||||
|
||||
@ -8,6 +8,7 @@ ms.author: aaroncz
|
||||
manager: dougeby
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Privacy (Windows Configuration Designer reference)
|
||||
|
||||
@ -8,6 +8,7 @@ ms.author: aaroncz
|
||||
ms.topic: article
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# StorageD3InModernStandby (Windows Configuration Designer reference)
|
||||
|
||||
@ -8,6 +8,7 @@ ms.author: aaroncz
|
||||
manager: dougeby
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Time
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# UnifiedWriteFilter (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# UniversalAppInstall (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# UniversalAppUninstall (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# UsbErrorsOEMOverride (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# WeakCharger (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# WindowsHelloForBusiness (Windows Configuration Designer reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# WindowsTeamSettings (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.localizationpriority: medium
|
||||
ms.author: aaroncz
|
||||
ms.topic: article
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# WLAN (reference)
|
||||
|
||||
@ -9,6 +9,7 @@ ms.topic: article
|
||||
ms.reviewer:
|
||||
manager: dougeby
|
||||
ms.technology: itpro-configure
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Windows Configuration Designer provisioning settings (reference)
|
||||
|
||||
@ -8,7 +8,6 @@ ms.prod: windows-client
|
||||
ms.localizationpriority: medium
|
||||
author: frankroj
|
||||
ms.topic: article
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.custom: seo-marvel-apr2020
|
||||
ms.date: 11/23/2022
|
||||
ms.technology: itpro-deploy
|
||||
|
||||
@ -34,4 +34,4 @@ This article lists the endpoints that need to be allowed through the firewall to
|
||||
| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Configuration Manager Distribution Point |
|
||||
| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Configuration Manager Distribution Point |
|
||||
| *.do.dsp.mp.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure |
|
||||
| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671 </br> MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
|
||||
| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com, github.com | AMQP / 5671 </br> MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
|
||||
|
||||
@ -6,9 +6,9 @@ ms.prod: windows-client
|
||||
author: carmenf
|
||||
ms.localizationpriority: medium
|
||||
ms.author: carmenf
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.technology: itpro-updates
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Using a proxy with Delivery Optimization
|
||||
|
||||
@ -6,9 +6,9 @@ ms.prod: windows-client
|
||||
author: carmenf
|
||||
ms.localizationpriority: medium
|
||||
ms.author: carmenf
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.technology: itpro-updates
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Delivery Optimization client-service communication explained
|
||||
|
||||
@ -3,14 +3,14 @@ title: Don't Remove images under do/images/elixir_ux - used by Azure portal Diag
|
||||
manager: aaroncz
|
||||
description: Elixir images read me file
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: nidos
|
||||
ms.localizationpriority: medium
|
||||
ms.author: nidos
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Read Me
|
||||
|
||||
@ -2,16 +2,34 @@
|
||||
title: Appendix
|
||||
manager: aaroncz
|
||||
description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Education.
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
author: amymzhou
|
||||
ms.author: amyzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Appendix
|
||||
|
||||
## Steps to obtain an Azure Subscription ID
|
||||
|
||||
<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
|
||||
[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
If you're not able to sign up for a Microsoft Azure subscription with the **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** error, see the following articles:
|
||||
- [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription).
|
||||
- [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
|
||||
|
||||
## Installing on VMWare
|
||||
|
||||
We've seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMWare. To do so, there are a couple of additional configurations to be made:
|
||||
|
||||
1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**.
|
||||
1. Using the HyperV Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to **Yes**.
|
||||
|
||||
## Diagnostics Script
|
||||
|
||||
If you're having issues with your MCC, we included a diagnostics script. The script collects all your logs and zips them into a single file. You can then send us these logs via email for the MCC team to debug.
|
||||
@ -33,17 +51,6 @@ To run this script:
|
||||
|
||||
1. [Email the MCC team](mailto:mccforenterprise@microsoft.com?subject=Debugging%20Help%20Needed%20for%20MCC%20for%20Enterprise) and attach this file asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during out debugging process.
|
||||
|
||||
## Steps to obtain an Azure Subscription ID
|
||||
|
||||
<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
|
||||
[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
If you're not able to sign up for a Microsoft Azure subscription with the error: **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** See [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription).
|
||||
|
||||
Also see [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
|
||||
|
||||
## IoT Edge runtime
|
||||
|
||||
The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices.
|
||||
@ -58,14 +65,6 @@ communication operations. The runtime performs several functions:
|
||||
|
||||
For more information on Azure IoT Edge, see the [Azure IoT Edge documentation](/azure/iot-edge/about-iot-edge).
|
||||
|
||||
## EFLOW
|
||||
|
||||
- [What is Azure IoT Edge for Linux on Windows](/azure/iot-edge/iot-edge-for-linux-on-windows)
|
||||
- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
|
||||
- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
|
||||
- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
|
||||
- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
|
||||
|
||||
## Routing local Windows Clients to an MCC
|
||||
|
||||
### Get the IP address of your MCC using ifconfig
|
||||
@ -115,3 +114,10 @@ To verify that the Delivery Optimization client can download content using MCC,
|
||||
|
||||
:::image type="content" source="./images/ent-mcc-delivery-optimization-activity.png" alt-text="Screenshot of the Delivery Optimization Activity Monitor.":::
|
||||
|
||||
## EFLOW
|
||||
|
||||
- [What is Azure IoT Edge for Linux on Windows](/azure/iot-edge/iot-edge-for-linux-on-windows)
|
||||
- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
|
||||
- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
|
||||
- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
|
||||
- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
|
||||
@ -2,12 +2,12 @@
|
||||
title: Deploying your cache node
|
||||
manager: dougeby
|
||||
description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
author: amymzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Deploying your cache node
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
title: Requirements for Microsoft Connected Cache (MCC) for Enterprise and Education
|
||||
manager: dougeby
|
||||
description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
author: amymzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Requirements of Microsoft Connected Cache for Enterprise and Education (early preview)
|
||||
@ -26,6 +26,9 @@ ms.topic: article
|
||||
The resources used for the preview and in the future when this product is ready for production will be free to you, like other caching solutions.
|
||||
|
||||
2. **Hardware to host MCC**: The recommended configuration will serve approximately 35000 managed devices, downloading a 2 GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
|
||||
|
||||
> [!NOTE]
|
||||
> Azure VMs are not currently supported. If you'd like to install your cache node on VMWare, see the [Appendix](mcc-enterprise-appendix.md) for a few additional configurations.
|
||||
|
||||
**EFLOW Requires Hyper-V support**
|
||||
- On Windows client, enable the Hyper-V feature
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
title: Update or uninstall Microsoft Connected Cache for Enterprise and Education
|
||||
manager: dougeby
|
||||
description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
author: amymzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
# Update or uninstall Microsoft Connected Cache for Enterprise and Education
|
||||
|
||||
|
||||
@ -3,14 +3,14 @@ title: Cache node configuration
|
||||
manager: aaroncz
|
||||
description: Configuring a cache node on Azure portal
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: amyzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Cache node configuration
|
||||
|
||||
@ -3,14 +3,14 @@ title: Create, provision, and deploy the cache node in Azure portal
|
||||
manager: aaroncz
|
||||
description: Instructions for creating, provisioning, and deploying Microsoft Connected Cache for ISP on Azure portal
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: nidos
|
||||
ms.localizationpriority: medium
|
||||
ms.author: nidos
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Create, Configure, provision, and deploy the cache node in Azure portal
|
||||
@ -98,9 +98,8 @@ There are five IDs that the device provisioning script takes as input in order t
|
||||
|---|---|
|
||||
| Customer ID | A unique alphanumeric ID that the cache nodes are associated with. |
|
||||
| Cache node ID | The unique alphanumeric ID of the cache node being provisioned. |
|
||||
| Customer Key | The unique alphanumeric ID that provides secure authentication of the cache node to Delivery Optimization services. |
|
||||
| Cache node name | The name of the cache node. |
|
||||
| Tenant ID | The unique ID associated with the Azure account. |
|
||||
| Customer key | The unique alphanumeric ID that provides secure authentication of the cache node to Delivery Optimization services. |
|
||||
| Registration key | Single use device registration key used by Microsoft Delivery Optimization services. |
|
||||
|
||||
:::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal.":::
|
||||
|
||||
|
||||
@ -8,13 +8,12 @@ metadata:
|
||||
author: amymzhou
|
||||
ms.author: amymzhou
|
||||
manager: aaroncz
|
||||
audience: ITPro
|
||||
ms.collection:
|
||||
- M365-security-compliance
|
||||
- highpri
|
||||
ms.topic: faq
|
||||
ms.date: 09/30/2022
|
||||
ms.custom: seo-marvel-apr2020
|
||||
ms.prod: windows-client
|
||||
title: Microsoft Connected Cache Frequently Asked Questions
|
||||
summary: |
|
||||
**Applies to**
|
||||
|
||||
@ -3,14 +3,14 @@ title: Operator sign up and service onboarding
|
||||
manager: aaroncz
|
||||
description: Service onboarding for Microsoft Connected Cache for ISP
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: nidos
|
||||
ms.localizationpriority: medium
|
||||
ms.author: nidos
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Operator sign up and service onboarding for Microsoft Connected Cache
|
||||
@ -22,9 +22,17 @@ ms.topic: article
|
||||
|
||||
This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview).
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before you begin sign up, ensure you have the following components:
|
||||
- **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You will need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, [visit this page](https://azure.microsoft.com/offers/ms-azr-0003p/).
|
||||
- **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
|
||||
- **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email.
|
||||
- **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed Ubuntu 20.04 LTS.
|
||||
|
||||
## Resource creation and sign up process
|
||||
|
||||
1. Navigate to the [Azure portal](https://www.portal.azure.com). In the top search bar, search for **Microsoft Connected Cache**.
|
||||
1. Navigate to the [Azure portal](https://www.portal.azure.com). Select **Create a Resource**. Then, search for **Microsoft Connected Cache**.
|
||||
|
||||
:::image type="content" source="./images/mcc-isp-search.png" alt-text="Screenshot of the Azure portal that shows the Microsoft Connected Cache resource in Azure marketplace.":::
|
||||
|
||||
|
||||
@ -3,13 +3,13 @@ title: Support and troubleshooting
|
||||
manager: aaroncz
|
||||
description: Troubleshooting issues for Microsoft Connected Cache for ISP
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
audience: itpro
|
||||
author: nidos
|
||||
ms.localizationpriority: medium
|
||||
ms.author: nidos
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: reference
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Support and troubleshooting
|
||||
|
||||
@ -3,14 +3,14 @@ title: Update or uninstall your cache node
|
||||
manager: aaroncz
|
||||
description: How to update or uninstall your cache node
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: amyzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Update or uninstall your cache node
|
||||
|
||||
@ -3,14 +3,14 @@ title: Verify cache node functionality and monitor health and performance
|
||||
manager: aaroncz
|
||||
description: How to verify the functionality of a cache node
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: amyzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Verify cache node functionality and monitor health and performance
|
||||
|
||||
@ -3,14 +3,14 @@ title: Enhancing VM performance
|
||||
manager: aaroncz
|
||||
description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
|
||||
keywords: updates, downloads, network, bandwidth
|
||||
ms.prod: w10
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: deploy
|
||||
audience: itpro
|
||||
author: amyzhou
|
||||
ms.localizationpriority: medium
|
||||
ms.author: amyzhou
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: reference
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Enhancing virtual machine performance
|
||||
|
||||
@ -8,7 +8,6 @@ author: amymzhou
|
||||
ms.author: amyzhou
|
||||
ms.reviewer: carmenf
|
||||
manager: aaroncz
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: how-to
|
||||
ms.date: 05/20/2022
|
||||
---
|
||||
|
||||
@ -4,7 +4,7 @@ metadata:
|
||||
description: The following is a list of frequently asked questions for Delivery Optimization.
|
||||
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
|
||||
ms.reviewer: aaroncz
|
||||
ms.prod: m365-security
|
||||
ms.prod: windows-client
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
|
||||
@ -7,10 +7,10 @@ ms.prod: windows-client
|
||||
author: carmenf
|
||||
ms.localizationpriority: medium
|
||||
ms.author: carmenf
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
ms.technology: itpro-updates
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Delivery Optimization reference
|
||||
|
||||
@ -7,10 +7,10 @@ ms.prod: windows-client
|
||||
author: carmenf
|
||||
ms.localizationpriority: medium
|
||||
ms.author: carmenf
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
ms.technology: itpro-updates
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# Set up Delivery Optimization for Windows
|
||||
|
||||
@ -7,12 +7,11 @@ author: carmenf
|
||||
ms.localizationpriority: medium
|
||||
ms.author: carmenf
|
||||
ms.collection:
|
||||
- M365-modern-desktop
|
||||
- m365initiative-coredeploy
|
||||
- highpri
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
ms.technology: itpro-updates
|
||||
ms.date: 12/31/2017
|
||||
---
|
||||
|
||||
# What is Delivery Optimization?
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user