deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into jamf

Browse Source
This commit is contained in:
Joey Caparas 2020-09-11 10:25:38 -07:00
commit d245da8665
582 changed files with 12332 additions and 5086 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
.openpublishing.redirection.json
View File

@ -857,12 +857,12 @@
}, },
{ {
"source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md", "source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md", "source_path": "windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-exploit-guard", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
@ -1210,11 +1210,6 @@
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction",
"redirect_document_id": true "redirect_document_id": true
}, },
{
"source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": false
},
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access",
@ -1435,16 +1430,6 @@
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false "redirect_document_id": false
}, },
{
"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
"redirect_document_id": true
},
{ {
"source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md", "source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
@ -1795,6 +1780,21 @@
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation",
"redirect_document_id": true "redirect_document_id": true
}, },
{
"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score",
@ -1805,11 +1805,26 @@
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": true "redirect_document_id": true
}, },
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/configuration-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
"redirect_document_id": true
},
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md", "source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": false "redirect_document_id": false
}, },
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
"redirect_document_id": false
},
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md", "source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/partner-applications", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/partner-applications",
@ -1834,6 +1849,11 @@
"source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports",
"redirect_document_id": true "redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/api-power-bi",
"redirect_document_id": true
}, },
{ {
"source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md", "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
@ -1980,16 +2000,6 @@
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test",
"redirect_document_id": true "redirect_document_id": true
}, },
{
"source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard",
"redirect_document_id": true
},
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",

293
browsers/edge/group-policies/index.yml
View File

@ -1,229 +1,80 @@
### YamlMime:YamlDocument ### YamlMime:Landing
documentType: LandingData title: Microsoft Edge Legacy group policies # < 60 chars
summary: Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. # < 160 chars
title: Microsoft Edge Legacy group policies
metadata: metadata:
title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars.
title: Microsoft Edge Legacy group policies description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.
text: Some of the features in Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. (To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).)
keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile
ms.localizationpriority: medium ms.localizationpriority: medium
ms.prod: edge
author: shortpatti author: shortpatti
ms.author: pashort ms.author: pashort
ms.topic: landing-page
ms.date: 10/02/2018
ms.topic: article
ms.devlang: na ms.devlang: na
ms.date: 08/28/2020 #Required; mm/dd/yyyy format.
sections:
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
- title:
landingContent:
- items: # Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
- type: markdown # Card (optional)
- title: What's new
text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. linkLists:
- linkListType: whats-new
- items: links:
- text: Documentation for Microsoft Edge version 77 or later
- type: list url: https://docs.microsoft.com/DeployEdge/
- text: Microsoft Edge Legacydesktop appwill reach end of support on March 9, 2021
style: cards url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
className: cardsE # Card (optional)
- title: Group policies configure guidance part 1
columns: 3 linkLists:
- linkListType: reference
items: links:
- text: All group policies
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/address-bar-settings-gp url: /microsoft-edge/deploy/available-policies
- text: Address bar
html: <p>Learn how you can configure Microsoft Edge to show search suggestions in the address bar.</p> url: /microsoft-edge/deploy/group-policies/address-bar-settings-gp
- text: Adobe Flash
image: url: /microsoft-edge/deploy/group-policies/adobe-settings-gp
- text: Books Library
src: https://docs.microsoft.com/media/common/i_http.svg url: /microsoft-edge/deploy/group-policies/books-library-management-gp
- text: Browser experience
title: Address bar url: /microsoft-edge/deploy/group-policies/browser-settings-management-gp
- text: Developer tools
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/adobe-settings-gp url: /microsoft-edge/deploy/group-policies/developer-settings-gp
- text: Extensions
html: <p>Learn how you can configure Microsoft Edge to load Adobe Flash content automatically.</p> url: /microsoft-edge/deploy/group-policies/extensions-management-gp
- text: Favorites
image: url: /microsoft-edge/deploy/group-policies/favorites-management-gp
- text: Home button
src: https://docs.microsoft.com/media/common/i_setup.svg url: /microsoft-edge/deploy/group-policies/home-button-gp
title: Adobe Flash # Card (optional)
- title: Group policies configure guidance part 2
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/books-library-management-gp linkLists:
- linkListType: reference
html: <p>Learn how you can set up and use the books library, such as using a shared books folder for students and teachers.</p> links:
- text: Interoperability and enterprise mode
image: url: /microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
- text: New Tab page
src: https://docs.microsoft.com/media/common/i_library.svg url: /microsoft-edge/deploy/group-policies/new-tab-page-settings-gp
- text: Kiosk mode deployment in Microsoft Edge
title: Books Library url: /microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy
- text: Prelaunch Microsoft Edge and preload tabs
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/browser-settings-management-gp url: /microsoft-edge/deploy/group-policies/prelaunch-preload-gp
- text: Search engine customization
html: <p>Learn how you can customize the browser settings, such as printing and saving browsing history, plus more.</p> url: /microsoft-edge/deploy/group-policies/search-engine-customization-gp
- text: Security and privacy
image: url: /microsoft-edge/deploy/group-policies/security-privacy-management-gp
- text: Start page
src: https://docs.microsoft.com/media/common/i_management.svg url: /microsoft-edge/deploy/group-policies/start-pages-gp
- text: Sync browser
title: Browser experience url: /microsoft-edge/deploy/group-policies/sync-browser-settings-gp
- text: Telemetry and data collection
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/developer-settings-gp url: /microsoft-edge/deploy/group-policies/telemetry-management-gp
html: <p>Learn how to configure Microsoft Edge for development and testing.</p>
image:
src: https://docs.microsoft.com/media/common/i_config-tools.svg
title: Developer tools
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/extensions-management-gp
html: <p>Learn how you can configure Microsoft Edge to either prevent or allow users to install and run unverified extensions.</p>
image:
src: https://docs.microsoft.com/media/common/i_extensions.svg
title: Extensions
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/favorites-management-gp
html: <p>Learn how you can provision a standard favorites list as well as keep the favorites lists in sync between IE11 and Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_link.svg
title: Favorites
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/home-button-gp
html: <p>Learn how you can customize the home button or hide it.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Home button
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
html: <p>Learn how you use Microsoft Edge and Internet Explorer together for a full browsing experience.</p>
image:
src: https://docs.microsoft.com/media/common/i_management.svg
title: Interoperability and enterprise guidance
- href: https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy
html: <p>Learn how Microsoft Edge kiosk mode works with assigned access to let IT administrators create a tailored browsing experience designed for kiosk devices.</p>
image:
src: https://docs.microsoft.com/media/common/i_categorize.svg
title: Kiosk mode deployment in Microsoft Edge
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/new-tab-page-settings-gp
html: <p>Learn how to configure the New Tab page in Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: New Tab page
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/prelaunch-preload-gp
html: <p>Learn how pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Prelaunch Microsoft Edge and preload tabs
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/search-engine-customization-gp
html: <p>Learn how you can set the default search engine and configure additional ones.</p>
image:
src: https://docs.microsoft.com/media/common/i_search.svg
title: Search engine customization
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/security-privacy-management-gp
html: <p>Learn how you can keep your environment and users safe from attacks.</p>
image:
src: https://docs.microsoft.com/media/common/i_security-management.svg
title: Security and privacy
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/start-pages-gp
html: <p>Learn how to configure the Start pages in Microsoft Edge.</p>
image:
src: https://docs.microsoft.com/media/common/i_setup.svg
title: Start page
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/sync-browser-settings-gp
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.</p>
image:
src: https://docs.microsoft.com/media/common/i_sync.svg
title: Sync browser
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/telemetry-management-gp
html: <p>Learn how you can configure Microsoft Edge to collect certain data.</p>
image:
src: https://docs.microsoft.com/media/common/i_data-collection.svg
title: Telemetry and data collection
- href: https://docs.microsoft.com/microsoft-edge/deploy/available-policies
html: <p>View all available group policies for Microsoft Edge on Windows 10.</p>
image:
src: https://docs.microsoft.com/media/common/i_policy.svg
title: All group policies

186
browsers/edge/microsoft-edge.yml
View File

@ -1,60 +1,144 @@
### YamlMime:YamlDocument ### YamlMime:Landing
title: Microsoft Edge Legacy # < 60 chars
summary: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # < 160 chars
documentType: LandingData
title: Microsoft Edge
metadata: metadata:
title: Microsoft Edge title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories
ms.prod: edge
ms.localizationpriority: medium ms.localizationpriority: medium
author: lizap author: lizap
ms.author: elizapo ms.author: elizapo
manager: dougkim manager: dougkim
ms.topic: article ms.topic: landing-page
ms.devlang: na ms.devlang: na
ms.date: 08/19/2020 #Required; mm/dd/yyyy format.
sections: # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
- items:
- type: markdown landingContent:
text: " # Cards and links should be based on top customer tasks or top subjects
Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Start card title with a verb
" # Card (optional)
- title: What's new - title: What's new
- items: linkLists:
- type: markdown - linkListType: whats-new
text: " links:
Find out the latest and greatest news on Microsoft Edge.<br> - text: Documentation for Microsoft Edge version 77 or later
<table><tr><td><img src='images/new1.png' width='192' height='192'><br>**The latest in Microsoft Edge**<br>See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update!<br><a href='https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97'>Find out more</a></td><td><img src='images/new2.png' width='192' height='192'><br>**Evaluate the impact**<br>Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization.<br><a href='microsoft-edge-forrester'>Download the reports</a></td></tr><tr><td><img src='images/new3.png' width='192' height='192'><br>**Microsoft Edge for iOS and Android**<br>Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use.<br><a href='https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android'>Learn more</a></td><td><img src='images/new4.png' width='192' height='192'><br>**Application Guard**<br>Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise.<br><a href='https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview'>Learn more</a></td></tr> url: https://docs.microsoft.com/DeployEdge/
</table> - text: Microsoft Edge Legacydesktop appwill reach end of support on March 9, 2021
" url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
- title: Compatibility - text: The latest in Microsoft Edge
- items: url: https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97
- type: markdown - text: Microsoft Edge for iOS and Android
text: " url: https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android
Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.<br> - text: Application Guard
<table><tr><td><img src='images/compat1.png' width='192' height='192'><br>**Test your site on Microsoft Edge**<br>Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.<br><a href='https://developer.microsoft.com/microsoft-edge/tools/remote/'>Test your site on Microsoft Edge for free on BrowserStack</a><br><a href='https://sonarwhal.com/'>Use sonarwhal to improve your website.</a></td><td><img src='images/compat2.png' width='192' height='192'><br>**Improve compatibility with Enterprise Mode**<br>With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility'>Use Enterprise mode to improve compatibility</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal'>Enterprise Site List Portal</a><br><a href='https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/04/25/the-ultimate-browser-strategy-on-windows-10/'>Ultimate browser strategy on Windows 10</a></td><td><img src='images/compat3.png' width='192' height='192'><br>**Web Application Compatibility Lab Kit**<br>The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.<br><a href='web-app-compat-toolkit'>Find out more</a></td></tr> url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview
</table> - linkListType: download
" links:
- title: Security - text: Evaluate the impact
- items: url: /microsoft-edge/deploy/microsoft-edge-forrester
- type: markdown
text: " # Card (optional)
Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.<br> - title: Test your site on Microsoft Edge
<table><tr><td><img src='images/security1.png' width='192' height='192'><br>**NSS Labs web browser security reports**<br>See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.<br><a href='https://www.microsoft.com/download/details.aspx?id=54773'>Download the reports</a></td><td><img src='images/security2.png' width='192' height='192'><br>**Microsoft Edge sandbox**<br>See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.<br><a href='https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/'>Find out more</a></td><td><img src='images/security3.png' width='192' height='192'><br>**Windows Defender SmartScreen**<br>Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.<br><a href='https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview'>Read the docs</a></td></tr> linkLists:
</table> - linkListType: overview
" links:
- title: Deployment and end user readiness - text: Test your site on Microsoft Edge for free on BrowserStack
- items: url: https://developer.microsoft.com/microsoft-edge/tools/remote/
- type: markdown - text: Use sonarwhal to improve your website
text: " url: https://sonarwhal.com/
Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.<br>
<table><tr><td><img src='images/deploy-land.png' width='192' height='192'><br>**Deployment**<br>Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/'>Microsoft Edge deployment guide</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-faq'>Microsoft Edge FAQ</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/hardware-and-software-requirements'>System requirements and language support</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/available-policies'>Group Policy and MDM settings in Microsoft Edge</a><br><a href='https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit'>Download the Web Application Compatibility Lab Kit</a><br><a href='edge-technical-demos.md'>Microsoft Edge training and demonstrations</a></td><td><img src='images/enduser-land.png' width='192' height='192'><br>**End user readiness**<br>Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.<br><a href='https://go.microsoft.com/fwlink/?linkid=825648'>Quick Start: Microsoft Edge (PDF, .98 MB)</a><br><a href='https://go.microsoft.com/fwlink/?linkid=825661'>Find it faster with Microsoft Edge (PDF, 605 KB)</a><br><a href='https://go.microsoft.com/fwlink/?linkid=825653'>Use Microsoft Edge to collaborate (PDF, 468 KB)</a><br><a href='https://microsoftedgetips.microsoft.com/en-us/2/39'>Import bookmarks</a><br><a href='https://microsoftedgetips.microsoft.com/en-us/2/18'>Password management</a><br><a href='https://myignite.microsoft.com/sessions/56630?source=sessions'>Microsoft Edge tips and tricks (video, 20:26)</a></td></tr> # Card (optional)
</table> - title: Improve compatibility with Enterprise Mode
" linkLists:
- title: Stay informed - linkListType: how-to-guide
- items: links:
- type: markdown - text: Use Enterprise mode to improve compatibility
text: " url: /microsoft-edge/deploy/emie-to-improve-compatibility
<table><tr><td><img src='images/wipinsider.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Get the latest tools, tips, and expert guidance on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/edgeblog.png' width='192' height='192'><br>**Microsoft Edge Dev blog**<br>Keep up with the latest browser trends, security tips, and news for IT professionals.<br><a href='https://blogs.windows.com/msedgedev'>Read the blog</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Microsoft Edge Dev on Twitter**<br>Get the latest news and updates from the Microsoft Web Platform team.<br><a href='https://twitter.com/MSEdgeDev'>Visit Twitter</a></td></tr> - text: Turn on Enterprise Mode and use a site list
</table> url: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list
" - text: Enterprise Site List Portal
url: https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal
# Card (optional)
- title: Web Application Compatibility Lab Kit
linkLists:
- linkListType: overview
links:
- text: Overview
url: /microsoft-edge/deploy/emie-to-improve-compatibility
# Card (optional)
- title: Security
linkLists:
- linkListType: download
links:
- text: NSS Labs web browser security reports
url: https://www.microsoft.com/download/details.aspx?id=54773
- linkListType: overview
links:
- text: Microsoft Edge sandbox
url: https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/
- text: Windows Defender SmartScreen
url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview
# Card (optional)
- title: Deployment
linkLists:
- linkListType: overview
links:
- text: Microsoft Edge deployment guide
url: /microsoft-edge/deploy/
- text: Microsoft Edge FAQ
url: /microsoft-edge/deploy/microsoft-edge-faq
- text: System requirements and language support
url: /microsoft-edge/deploy/hardware-and-software-requirements
- text: Group Policy and MDM settings in Microsoft Edge
url: /microsoft-edge/deploy/available-policies
- text: Microsoft Edge training and demonstrations
url: /microsoft-edge/deploy/edge-technical-demos
- linkListType: download
links:
- text: Web Application Compatibility Lab Kit
url: https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit
# Card (optional)
- title: End user readiness
linkLists:
- linkListType: video
links:
- text: Microsoft Edge tips and tricks (video, 20:26)
url: https://myignite.microsoft.com/sessions/56630?source=sessions
- linkListType: download
links:
- text: Quick Start - Microsoft Edge (PDF, .98 MB)
url: https://go.microsoft.com/fwlink/?linkid=825648
- text: Find it faster with Microsoft Edge (PDF, 605 KB)
url: https://go.microsoft.com/fwlink/?linkid=825661
- text: Use Microsoft Edge to collaborate (PDF, 468 KB)
url: https://go.microsoft.com/fwlink/?linkid=825653
- text: Group Policy and MDM settings in Microsoft Edge
url: /microsoft-edge/deploy/available-policies
- text: Microsoft Edge training and demonstrations
url: /microsoft-edge/deploy/edge-technical-demos
- linkListType: how-to-guide
links:
- text: Import bookmarks
url: https://microsoftedgetips.microsoft.com/2/39
- text: Password management
url: https://microsoftedgetips.microsoft.com/2/18
# Card (optional)
- title: Stay informed
linkLists:
- linkListType: overview
links:
- text: Sign up for the Windows IT Pro Insider
url: https://aka.ms/windows-it-pro-insider
- text: Microsoft Edge Dev blog
url: https://blogs.windows.com/msedgedev
- text: Microsoft Edge Dev on Twitter
url: https://twitter.com/MSEdgeDev

7
education/windows/set-up-school-pcs-whats-new.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: medium ms.localizationpriority: medium
author: dansimp author: dansimp
ms.author: dansimp ms.author: dansimp
ms.date: 09/25/2019 ms.date: 08/31/2020
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
--- ---
@ -18,6 +18,11 @@ manager: dansimp
Learn whats new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases. Learn whats new with the Set up School PCs app each week. Find out about new app features and functionality, see updated screenshots, and find information about past releases.
## Week of August 24, 2020
### Longer device names supported in app
You can now give devices running Windows 10, version 2004 and later a name that's up to 53 characters long.
## Week of September 23, 2019 ## Week of September 23, 2019
### Easier way to deploy Office 365 to your classroom devices ### Easier way to deploy Office 365 to your classroom devices

10
education/windows/take-a-test-multiple-pcs.md
View File

@ -145,8 +145,8 @@ To set up a test account through Windows Configuration Designer, follow these st
- username@tenant.com - username@tenant.com
4. Under **Runtime settings**, go to **TakeATest** and configure the following settings: 4. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
1. In **LaunchURI**, enter the assessment URL. - In **LaunchURI**, enter the assessment URL.
2. In **TesterAccount**, enter the test account you entered in step 3. - In **TesterAccount**, enter the test account you entered in step 3.
3. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package). 3. Follow the steps to [build a package](https://technet.microsoft.com/itpro/windows/configure/provisioning-create-package#build-package).
@ -166,9 +166,9 @@ This sample PowerShell script configures the tester account and the assessment U
- Use your tester account for **-UserName** - Use your tester account for **-UserName**
>[!NOTE] >[!NOTE]
>The account that you specify for the tester account must already exist on the device. >The account that you specify for the tester account must already exist on the device. For steps to create the tester account, see [Set up a dedicated test account](https://docs.microsoft.com/education/windows/take-a-test-single-pc#set-up-a-dedicated-test-account).
``` ```powershell
$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'"; $obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
$obj.LaunchURI='https://www.foo.com'; $obj.LaunchURI='https://www.foo.com';
$obj.TesterAccount='TestAccount'; $obj.TesterAccount='TestAccount';
@ -232,7 +232,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with: 1. Embed a link or create a desktop shortcut with:
``` ```http
ms-edu-secureassessment:<URL>#enforceLockdown ms-edu-secureassessment:<URL>#enforceLockdown
``` ```

17
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -17,6 +17,23 @@ ms.date: 10/17/2017
# Add unsigned app to code integrity policy # Add unsigned app to code integrity policy
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
>
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
> - Sign a CI policy
> - Sign a catalog
> - Download root cert
> - Download history of your signing operations
>
> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.
**Applies to** **Applies to**

17
store-for-business/device-guard-signing-portal.md
View File

@ -17,6 +17,23 @@ ms.date: 10/17/2017
# Device Guard signing # Device Guard signing
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
>
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
> - Sign a CI policy
> - Sign a catalog
> - Download root cert
> - Download history of your signing operations
>
> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.
**Applies to** **Applies to**

2
store-for-business/prerequisites-microsoft-store-for-business.md
View File

@ -64,7 +64,7 @@ If your organization restricts computers on your network from connecting to the
starting with Windows 10, version 1607) starting with Windows 10, version 1607)
Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps. Store for Business requires Microsoft Windows HTTP Services (WinHTTP) to install, or update apps.
For more information about how to configure WinHTTP proxy settings to devices, see [Use Group Policy to apply WinHTTP proxy settings to Windows clients](https://support.microsoft.com/en-us/help/4494447/use-group-policy-to-apply-winhttp-proxy-settings-to-clients). For more information about how to configure WinHTTP proxy settings to devices, see [Use Group Policy to apply WinHTTP proxy settings to Windows clients](https://support.microsoft.com/help/4494447/use-group-policy-to-apply-winhttp-proxy-settings-to-clients).

18
store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
View File

@ -17,6 +17,24 @@ ms.date: 10/17/2017
# Sign code integrity policy with Device Guard signing # Sign code integrity policy with Device Guard signing
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
>
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
> - Sign a CI policy
> - Sign a catalog
> - Download root cert
> - Download history of your signing operations
>
> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.
**Applies to** **Applies to**
- Windows 10 - Windows 10

5
windows/application-management/manage-windows-mixed-reality.md
View File

@ -38,11 +38,10 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
> [!NOTE] > [!NOTE]
> You must download the FOD .cab file that matches your operating system version. > You must download the FOD .cab file that matches your operating system version.
1. Use `Add-Package` to add Windows Mixed Reality FOD to the image. 1. Use `Dism` to add Windows Mixed Reality FOD to the image.
```powershell ```powershell
Add-Package Dism /Online /Add-Package /PackagePath:(path)
Dism /Online /add-package /packagepath:(path)
``` ```
> [!NOTE] > [!NOTE]

6
windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -220,6 +220,9 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
## Kernel Phase ## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following: If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
@ -392,3 +395,6 @@ If the dump file shows an error that is related to a driver (for example, window
3. Navigate to C:\Windows\System32\Config\. 3. Navigate to C:\Windows\System32\Config\.
4. Rename the all five hives by appending ".old" to the name. 4. Rename the all five hives by appending ".old" to the name.
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).

4
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows ms.technology: windows
author: ManikaDhiman author: ManikaDhiman
ms.reviewer: jsuther1974 ms.reviewer: jsuther1974
ms.date: 05/21/2019 ms.date: 09/10/2020
--- ---
# ApplicationControl CSP # ApplicationControl CSP
@ -266,7 +266,7 @@ The following is an example of Delete command:
## PowerShell and WMI Bridge Usage Guidance ## PowerShell and WMI Bridge Usage Guidance
The ApplicationControl CSP can also be managed locally from PowerShell or via SCCM's task sequence scripting by leveraging the [WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by leveraging the [WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
### Setup for using the WMI Bridge ### Setup for using the WMI Bridge

4
windows/client-management/mdm/applocker-csp.md
View File

@ -35,7 +35,7 @@ Defines restrictions for applications.
> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. > Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.
> [!NOTE] > [!NOTE]
> Deploying policies via the AppLocker CSP will force a reboot during OOBE. > The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
Additional information: Additional information:
@ -484,7 +484,7 @@ The following list shows the apps that may be included in the inbox.
<td></td> <td></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td>Colour profile</td> <td>Color profile</td>
<td>b08997ca-60ab-4dce-b088-f92e9c7994f3</td> <td>b08997ca-60ab-4dce-b088-f92e9c7994f3</td>
<td></td> <td></td>
</tr> </tr>

10
windows/client-management/mdm/dmclient-csp.md
View File

@ -21,11 +21,15 @@ The following diagram shows the DMClient CSP in tree format.
![dmclient csp](images/provisioning-csp-dmclient-th2.png) ![dmclient csp](images/provisioning-csp-dmclient-th2.png)
<a href="" id="msft"></a>**./Vendor/MSFT**
All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path.
<a href="" id="dmclient"></a>**DMClient** <a href="" id="dmclient"></a>**DMClient**
Root node for the CSP. Root node for the CSP.
<a href="" id="updatemanagementserviceaddress"></a>**UpdateManagementServiceAddress** <a href="" id="updatemanagementserviceaddress"></a>**UpdateManagementServiceAddress**
For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node. For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
<a href="" id="hwdevid"></a>**HWDevID** <a href="" id="hwdevid"></a>**HWDevID**
Added in Windows 10, version 1703. Returns the hardware device ID. Added in Windows 10, version 1703. Returns the hardware device ID.
@ -221,7 +225,7 @@ Added in Windows 10, version 1607. Returns the hardware device ID.
Supported operation is Get. Supported operation is Get.
<a href="" id="provider-providerid-commercialid"></a>**Provider/*ProviderID*/CommercialID** <a href="" id="provider-providerid-commercialid"></a>**Provider/*ProviderID*/CommercialID**
Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.. Added in Windows 10, version 1607. Configures the identifier used to uniquely associate this diagnostic data of this device as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data with your organization.
Supported operations are Add, Get, Replace, and Delete. Supported operations are Add, Get, Replace, and Delete.
@ -265,7 +269,7 @@ Supported operations are Add, Delete, Get, and Replace. Value type is integer.
<a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken** <a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken**
Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained. Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token cannot be obtained.
Supported operations are Add, Delete, Get, and Replace. Value type is bool. Supported operations are Add, Delete, Get, and Replace. Value type is bool.

15
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -170,11 +170,16 @@ Requirements:
1. Download: 1. Download:
- 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) - 1803 --> [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880)
- 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) - 1809 --> [Administrative Templates (.admx) for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576)
- 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) - 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
- 1909 --> [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](
https://www.microsoft.com/download/confirmation.aspx?id=1005915)
- 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
2. Install the package on the Domain Controller. 2. Install the package on the Domain Controller.
@ -185,6 +190,10 @@ Requirements:
- 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** - 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
- 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3** - 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**
- 1909 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2019 Update (1909)**
- 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**. 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.

17
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc) - [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation** - **Change history in MDM documentation**
- [September 2020](#september-2020)
- [August 2020](#august-2020) - [August 2020](#august-2020)
- [July 2020](#july-2020) - [July 2020](#july-2020)
- [June 2020](#june-2020) - [June 2020](#june-2020)
@ -438,9 +439,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li> <li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li>
<li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li> <li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li>
<li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li> <li>LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li> <li>LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</li>
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li> <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</li>
<li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li> <li>LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</li>
@ -458,7 +456,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</li>
<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li> <li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
<li>Notifications/DisallowCloudNotification</li> <li>Notifications/DisallowCloudNotification</li>
@ -768,7 +765,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li> <li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li> <li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>
@ -1414,6 +1410,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<li>Update/ExcludeWUDriversInQualityUpdate</li> <li>Update/ExcludeWUDriversInQualityUpdate</li>
<li>Update/PauseFeatureUpdates</li> <li>Update/PauseFeatureUpdates</li>
<li>Update/PauseQualityUpdates</li> <li>Update/PauseQualityUpdates</li>
<li>Update/SetProxyBehaviorForUpdateDetection</li>
<li>Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)</li> <li>Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)</li>
<li>WindowsInkWorkspace/AllowWindowsInkWorkspace</li> <li>WindowsInkWorkspace/AllowWindowsInkWorkspace</li>
<li>WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</li> <li>WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</li>
@ -1996,6 +1993,11 @@ How do I turn if off? | The service can be stopped from the "Services" console o
## Change history in MDM documentation ## Change history in MDM documentation
### September 2020
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:<br>- RecoveryConsole_AllowAutomaticAdministrativeLogon <br>- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways<br>- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible<br>- DomainMember_DisableMachineAccountPasswordChanges<br>- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems<br>|
### August 2020 ### August 2020
|New or updated topic | Description| |New or updated topic | Description|
|--- | ---| |--- | ---|
@ -2436,9 +2438,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
<ul> <ul>
<li>Bluetooth/AllowPromptedProximalConnections</li> <li>Bluetooth/AllowPromptedProximalConnections</li>
<li>KioskBrowser/EnableEndSessionButton</li> <li>KioskBrowser/EnableEndSessionButton</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</li>
<li>LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic</li>
@ -2647,7 +2646,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</li>
<li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li> <li>LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</li>
<li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li>
<li>RestrictedGroups/ConfigureGroupMembership</li> <li>RestrictedGroups/ConfigureGroupMembership</li>
@ -3018,7 +3016,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li> <li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li> <li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li> <li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li> <li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li> <li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>

18
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -2498,15 +2498,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly" id="localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly" id="localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a>
</dd> </dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
</dd>
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
</dd> </dd>
@ -2585,18 +2576,12 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers" id="localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers" id="localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a>
</dd> </dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
</dd>
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
</dd> </dd>
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile" id="localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile" id="localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a>
</dd> </dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems">LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</a>
</dd>
<dd> <dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a> <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
</dd> </dd>
@ -3918,6 +3903,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a> <a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
</dd> </dd>
<dd>
<a href="./policy-csp-update.md#update-setproxybehaviorforupdatedetection"id="update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
</dd>
<dd> <dd>
<a href="./policy-csp-update.md#update-targetreleaseversion"id="update-targetreleaseversion">Update/TargetReleaseVersion</a> <a href="./policy-csp-update.md#update-targetreleaseversion"id="update-targetreleaseversion">Update/TargetReleaseVersion</a>
</dd> </dd>

110
windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
View File

@ -72,23 +72,23 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -155,23 +155,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -236,23 +236,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -317,23 +317,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -399,23 +399,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -477,23 +477,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -555,23 +555,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -634,23 +634,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -712,23 +712,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -793,23 +793,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -874,23 +874,23 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Home</td> <td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>

72
windows/client-management/mdm/policy-csp-admx-appcompat.md
View File

@ -79,19 +79,19 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -156,19 +156,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -227,19 +227,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -302,19 +302,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -378,19 +378,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -456,19 +456,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -523,19 +523,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -597,19 +597,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -670,19 +670,19 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>

6
windows/client-management/mdm/policy-csp-admx-auditsettings.md
View File

@ -45,11 +45,11 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -57,7 +57,7 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>

132
windows/client-management/mdm/policy-csp-admx-dnsclient.md
View File

@ -108,11 +108,11 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -120,7 +120,7 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -176,11 +176,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -188,7 +188,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -253,11 +253,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -265,7 +265,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -322,11 +322,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -334,7 +334,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -409,11 +409,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -421,7 +421,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -478,11 +478,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -490,7 +490,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -547,11 +547,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -559,7 +559,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -618,11 +618,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -630,7 +630,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -691,11 +691,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -703,7 +703,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -766,11 +766,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -778,7 +778,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -840,11 +840,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -852,7 +852,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -916,11 +916,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -928,7 +928,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -985,11 +985,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -997,7 +997,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1058,11 +1058,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1070,7 +1070,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1134,11 +1134,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1146,7 +1146,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1205,11 +1205,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1217,7 +1217,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1281,11 +1281,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1293,7 +1293,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1350,11 +1350,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1362,7 +1362,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1422,11 +1422,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1434,7 +1434,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1497,11 +1497,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1509,7 +1509,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1568,11 +1568,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1580,7 +1580,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -1655,11 +1655,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -1667,7 +1667,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>

12
windows/client-management/mdm/policy-csp-admx-eventforwarding.md
View File

@ -49,11 +49,11 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -61,7 +61,7 @@ manager: dansimp
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>
@ -122,11 +122,11 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Pro</td> <td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Business</td> <td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
<tr> <tr>
<td>Enterprise</td> <td>Enterprise</td>
@ -134,7 +134,7 @@ ADMX Info:
</tr> </tr>
<tr> <tr>
<td>Education</td> <td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr> </tr>
</table> </table>

3
windows/client-management/mdm/policy-csp-defender.md
View File

@ -2313,6 +2313,9 @@ ADMX Info:
Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
> [!NOTE]
> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. For more information about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
<!--/Description--> <!--/Description-->
<!--SupportedValues--> <!--SupportedValues-->
The following list shows the supported values: The following list shows the supported values:

2
windows/client-management/mdm/policy-csp-deviceguard.md
View File

@ -90,7 +90,7 @@ Secure Launch configuration:
- 1 - Enables Secure Launch if supported by hardware - 1 - Enables Secure Launch if supported by hardware
- 2 - Disables Secure Launch. - 2 - Disables Secure Launch.
For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows). For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How a hardware-based root of trust helps protect Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
<!--/Description--> <!--/Description-->
<!--ADMXMapped--> <!--ADMXMapped-->

376
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -45,15 +45,6 @@ manager: dansimp
<dd> <dd>
<a href="#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a> <a href="#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly">LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly</a>
</dd> </dd>
<dd>
<a href="#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways</a>
</dd>
<dd>
<a href="#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible">LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible</a>
</dd>
<dd>
<a href="#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges">LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges</a>
</dd>
<dd> <dd>
<a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a> <a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
</dd> </dd>
@ -132,18 +123,12 @@ manager: dansimp
<dd> <dd>
<a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a> <a href="#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers">LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers</a>
</dd> </dd>
<dd>
<a href="#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
</dd>
<dd> <dd>
<a href="#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a> <a href="#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
</dd> </dd>
<dd> <dd>
<a href="#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a> <a href="#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile">LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile</a>
</dd> </dd>
<dd>
<a href="#localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems">LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</a>
</dd>
<dd> <dd>
<a href="#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a> <a href="#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
</dd> </dd>
@ -714,256 +699,6 @@ GP Info:
<hr/> <hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt or sign secure channel data (always)
This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted.
When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass through authentication, LSA SID/name Lookup etc.
This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. Specifically it determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. If this policy is enabled, then the secure channel will not be established unless either signing or encryption of all secure channel traffic is negotiated. If this policy is disabled, then encryption and signing of all secure channel traffic is negotiated with the Domain Controller in which case the level of signing and encryption depends on the version of the Domain Controller and the settings of the following two policies:
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Default: Enabled.
Notes:
If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic.
Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not.
<!--/Description-->
<!--RegistryMapped-->
GP Info:
- GP English name: *Domain member: Digitally encrypt or sign secure channel data (always)*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
<!--/RegistryMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible"></a>**LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Digitally encrypt secure channel data (when possible)
This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates.
When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller for its domain. This secure channel is used to perform operations such as NTLM pass-through authentication, LSA SID/name Lookup etc.
This setting determines whether or not the domain member attempts to negotiate encryption for all secure channel traffic that it initiates. If enabled, the domain member will request encryption of all secure channel traffic. If the domain controller supports encryption of all secure channel traffic, then all secure channel traffic will be encrypted. Otherwise only logon information transmitted over the secure channel will be encrypted. If this setting is disabled, then the domain member will not attempt to negotiate secure channel encryption.
Default: Enabled.
Important
There is no known reason for disabling this setting. Besides unnecessarily reducing the potential confidentiality level of the secure channel, disabling this setting may unnecessarily reduce secure channel throughput, because concurrent API calls that use the secure channel are only possible when the secure channel is signed or encrypted.
Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains.
<!--/Description-->
<!--RegistryMapped-->
GP Info:
- GP English name: *Domain member: Digitally encrypt secure channel data (when possible)*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
<!--/RegistryMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges"></a>**LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
> [!WARNING]
> Starting in the version 1809 of Windows, this policy is deprecated.
Domain member: Disable machine account password changes
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days.
Default: Disabled.
Notes
This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions.
This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names.
<!--/Description-->
<!--RegistryMapped-->
GP Info:
- GP English name: *Domain member: Disable machine account password changes*
- GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
<!--/RegistryMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy--> <!--Policy-->
<a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** <a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**
@ -2902,60 +2637,6 @@ GP Info:
<hr/> <hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon"></a>**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Description-->
Recovery console: Allow automatic administrative logon
This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
Default: This policy is not defined and automatic administrative logon is not allowed.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Description-->
<!--SupportedValues-->
Valid values:
- 0 - disabled
- 1 - enabled (allow automatic administrative logon)
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy--> <!--Policy-->
<a href="" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** <a href="" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**
@ -3095,63 +2776,6 @@ GP Info:
<hr/> <hr/>
<!--Policy-->
<a href="" id="localpoliciessecurityoptions-systemobjects-requirecaseinsensitivityfornonwindowssubsystems"></a>**LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
System objects: Require case insensitivity for non-Windows subsystems
This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX.
If this setting is enabled, case insensitivity is enforced for all directory objects, symbolic links, and IO objects, including file objects. Disabling this setting does not allow the Win32 subsystem to become case sensitive.
Default: Enabled.
<!--/Description-->
<!--/Policy-->
<hr/>
<!--Policy--> <!--Policy-->
<a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** <a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**

75
windows/client-management/mdm/policy-csp-update.md
View File

@ -194,6 +194,9 @@ manager: dansimp
<dd> <dd>
<a href="#update-setedurestart">Update/SetEDURestart</a> <a href="#update-setedurestart">Update/SetEDURestart</a>
</dd> </dd>
<dd>
<a href="#update-setproxybehaviorforupdatedetection">Update/SetProxyBehaviorForUpdateDetection</a>
</dd>
<dd> <dd>
<a href="#update-targetreleaseversion">Update/TargetReleaseVersion</a> <a href="#update-targetreleaseversion">Update/TargetReleaseVersion</a>
</dd> </dd>
@ -4133,6 +4136,78 @@ The following list shows the supported values:
<hr/> <hr/>
<!--Policy-->
<a href="" id="update-setproxybehaviorforupdatedetection"></a>**Update/SetProxyBehaviorForUpdateDetection**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 1607 and later. By default, HTTP WSUS servers scan only if system proxy is configured. This policy setting allows you to configure user proxy as a fallback for detecting updates while using an HTTP based intranet server despite the vulnerabilities it presents.
This policy setting does not impact those customers who have, per Microsoft recommendation, secured their WSUS server with TLS/SSL protocol, thereby using HTTPS based intranet servers to keep systems secure. That said, if a proxy is required, we recommend configuring a system proxy to ensure the highest level of security.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Select the proxy behavior for Windows Update client for detecting updates with non-TLS (HTTP) based service*
- GP name: *Select the proxy behavior*
- GP element: *Select the proxy behavior*
- GP path: *Windows Components/Windows Update/Specify intranet Microsoft update service location*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Allow system proxy only for HTTP scans.
- 1 - Allow user proxy to be used as a fallback if detection using system proxy fails.
> [!NOTE]
> Configuring this policy setting to 1 exposes your environment to potential security risk and makes scans unsecure.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy--> <!--Policy-->
<a href="" id="update-targetreleaseversion"></a>**Update/TargetReleaseVersion** <a href="" id="update-targetreleaseversion"></a>**Update/TargetReleaseVersion**

3
windows/client-management/mdm/policy-csps-supported-by-group-policy.md
View File

@ -533,9 +533,6 @@ ms.date: 07/18/2019
- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia) - [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters) - [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly) - [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked) - [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)

1
windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
View File

@ -66,6 +66,7 @@ ms.date: 07/18/2019
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) - [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Update/SetProxyBehaviorForUpdateDetection](policy-csp-update.md#update-setproxybehaviorforupdatedetection)
## Related topics ## Related topics

10
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -30,9 +30,11 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
Value type is integer. Supported operations are Add, Get, Replace, and Delete. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values: The following list shows the supported values:
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment. - 0 - Disable Microsoft Defender Application Guard
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container. - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType** <a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Determines the type of content that can be copied from the host to Application Guard environment and vice versa.
@ -297,4 +299,4 @@ ADMX Info:
- GP name: *AuditApplicationGuard* - GP name: *AuditApplicationGuard*
- GP path: *Windows Components/Microsoft Defender Application Guard* - GP path: *Windows Components/Microsoft Defender Application Guard*
- GP ADMX file name: *AppHVSI.admx* - GP ADMX file name: *AppHVSI.admx*
<!--/ADMXMapped--> <!--/ADMXMapped-->

9
windows/client-management/new-policies-for-windows-10.md
View File

@ -5,7 +5,7 @@ ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
ms.author: dansimp ms.author: dansimp
keywords: ["MDM", "Group Policy"] keywords: ["MDM", "Group Policy", "GP"]
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
@ -21,9 +21,12 @@ ms.topic: reference
**Applies to** **Applies to**
- Windows 10 - Windows 10
- Windows 10 Mobile
Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591). As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows, refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference".
For example, searching for "Windows 2004" + "Group Policy Settings Reference Spreadsheet" in a web browser will return to you the link to download the Group Policy Settings Reference Spreadsheet for Windows 2004.
The latest [group policy reference for Windows 10 version 2004 is available here](https://www.microsoft.com/download/101451).
## New Group Policy settings in Windows 10, version 1903 ## New Group Policy settings in Windows 10, version 1903

2
windows/client-management/windows-10-support-solutions.md
View File

@ -131,4 +131,4 @@ This section contains advanced troubleshooting topics and links to help you reso
## Other Resources ## Other Resources
### [Troubleshooting Windows Server components](https://docs.microsoft.com/windows-server/troubleshoot/windows-server-support-solutions) - [Troubleshooting Windows Server components](https://docs.microsoft.com/windows-server/troubleshoot/windows-server-troubleshooting)

2
windows/deployment/deploy-m365.md
View File

@ -3,7 +3,7 @@ title: Deploy Windows 10 with Microsoft 365
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
ms.author: greglin ms.author: greglin
description: Concepts about deploying Windows 10 for M365 description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library

2
windows/deployment/deploy-whats-new.md
View File

@ -3,7 +3,7 @@ title: What's new in Windows 10 deployment
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
ms.author: greglin ms.author: greglin
description: Changes and new features related to Windows 10 deployment description: Use this article to learn about new solutions and online content related to deploying Windows 10 in your organization.
keywords: deployment, automate, tools, configure, news keywords: deployment, automate, tools, configure, news
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.localizationpriority: medium ms.localizationpriority: medium

2
windows/deployment/deploy-windows-to-go.md
View File

@ -1,6 +1,6 @@
--- ---
title: Deploy Windows To Go in your organization (Windows 10) title: Deploy Windows To Go in your organization (Windows 10)
description: This topic helps you to deploy Windows To Go in your organization. description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/mbr-to-gpt.md
View File

@ -1,6 +1,6 @@
--- ---
title: MBR2GPT title: MBR2GPT
description: How to use the MBR2GPT tool to convert MBR partitions to GPT description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk.
keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy

2
windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
View File

@ -1,6 +1,6 @@
--- ---
title: Best practice recommendations for Windows To Go (Windows 10) title: Best practice recommendations for Windows To Go (Windows 10)
description: Best practice recommendations for Windows To Go description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available.
ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/planning/deployment-considerations-for-windows-to-go.md
View File

@ -1,6 +1,6 @@
--- ---
title: Deployment considerations for Windows To Go (Windows 10) title: Deployment considerations for Windows To Go (Windows 10)
description: Deployment considerations for Windows To Go description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go.
ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/planning/features-lifecycle.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows 10 features lifecycle title: Windows 10 features lifecycle
description: Learn about the lifecycle of Windows 10 features description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: plan ms.mktglfcycl: plan
ms.localizationpriority: medium ms.localizationpriority: medium

4
windows/deployment/planning/windows-10-removed-features.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows 10 - Features that have been removed title: Windows 10 - Features that have been removed
description: Learn about features and functionality that has been removed or replaced in Windows 10 description: In this article, learn about the features and functionality that have been removed or replaced in Windows 10.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: plan ms.mktglfcycl: plan
ms.localizationpriority: medium ms.localizationpriority: medium
@ -27,7 +27,7 @@ The following features and functionalities have been removed from the installed
|Feature | Details and mitigation | Removed in version | |Feature | Details and mitigation | Removed in version |
| ----------- | --------------------- | ------ | | ----------- | --------------------- | ------ |
| Connect app | The [Connect app](https://docs.microsoft.com/windows-hardware/design/device-experiences/wireless-projection-understanding) for wireless projection using Miracast is no longer installed by default, but is available as an optional feature. To install the app, click on **Settings** > **Apps** > **Optional features** > **Add a feature** and then install the **Wireless Display** app. | 2004 | | Connect app | The **Connect** app for wireless projection using Miracast is no longer installed by default, but is available as an optional feature. To install the app, click on **Settings** > **Apps** > **Optional features** > **Add a feature** and then install the **Wireless Display** app. | 2004 |
| Rinna and Japanese Address suggestion | The Rinna and Japanese Address suggestion service for Microsoft Japanese Input Method Editor (IME) ended on August 13th, 2020. For more information, see [Rinna and Japanese Address suggestion will no longer be offered](https://support.microsoft.com/help/4576767/windows-10-rinna-and-japanese-address-suggestion) | 2004 | | Rinna and Japanese Address suggestion | The Rinna and Japanese Address suggestion service for Microsoft Japanese Input Method Editor (IME) ended on August 13th, 2020. For more information, see [Rinna and Japanese Address suggestion will no longer be offered](https://support.microsoft.com/help/4576767/windows-10-rinna-and-japanese-address-suggestion) | 2004 |
| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 | | Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 |
| Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | | Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 |

2
windows/deployment/update/feature-update-conclusion.md
View File

@ -1,6 +1,6 @@
--- ---
title: Best practices for feature updates - conclusion title: Best practices for feature updates - conclusion
description: Final thoughts about how to deploy feature updates description: This article includes final thoughts about how to deploy and stay up-to-date with Windows 10 feature updates.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

2
windows/deployment/update/feature-update-maintenance-window.md
View File

@ -1,6 +1,6 @@
--- ---
title: Best practices - deploy feature updates during maintenance windows title: Best practices - deploy feature updates during maintenance windows
description: Learn how to deploy feature updates during a maintenance window description: Learn how to configure maintenance windows and how to deploy feature updates during a maintenance window.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

2
windows/deployment/update/feature-update-mission-critical.md
View File

@ -1,6 +1,6 @@
--- ---
title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices
description: Learn how to deploy feature updates to your mission-critical devices description: Learn how to use the Microsoft Endpoint Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

2
windows/deployment/update/feature-update-user-install.md
View File

@ -1,6 +1,6 @@
--- ---
title: Best practices - deploy feature updates for user-initiated installations title: Best practices - deploy feature updates for user-initiated installations
description: Learn how to manually deploy feature updates description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

BIN
windows/deployment/update/images/UC_workspace_safeguard_queries.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 253 KiB

2
windows/deployment/update/olympia/olympia-enrollment-guidelines.md
View File

@ -1,6 +1,6 @@
--- ---
title: Olympia Corp enrollment guidelines title: Olympia Corp enrollment guidelines
description: Olympia Corp enrollment guidelines description: Learn about the Olympia Corp enrollment and setting up an Azure Active Directory-REGISTERED Windows 10 device or an Azure Active Directory-JOINED Windows 10 device.
ms.author: jaimeo ms.author: jaimeo
ms.topic: article ms.topic: article
ms.prod: w10 ms.prod: w10

14
windows/deployment/update/update-compliance-configuration-manual.md
View File

@ -17,13 +17,14 @@ ms.topic: article
# Manually Configuring Devices for Update Compliance # Manually Configuring Devices for Update Compliance
There are a number of requirements to consider when manually configuring Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
The requirements are separated into different categories: The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured. 1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations. 2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations.
3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality. 3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
4. [**Run a full Census sync**](#run-a-full-census-sync) on new devices to ensure that all necessary data points are collected.
## Required policies ## Required policies
@ -75,3 +76,14 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic
## Required services ## Required services
Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically. Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
## Run a full Census sync
Census is a service that runs on a regular schedule on Windows devices. A number of key device attributes, like what operating system edition is installed on the device, are included in the Census payload. However, to save network load and system resources, data that tends to be more static (like edition) is sent approximately once per week rather than on every daily run. Because of this, these attributes can take longer to appear in Update Compliance unless you start a full Census sync. The Update Compliance Configuration Script does this.
A full Census sync adds a new registry value to Census's path. When this registry value is added, Census's configuration is overridden to force a full sync. For Census to work normally, this registry value should be enabled, Census should be started manually, and then the registry value should be disabled. Follow these steps:
1. For every device you are manually configuring for Update Compliance, add or modify the registry key located at **HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census** to include a new **DWORD value** named **FullSync** and set to **1**.
2. Run Devicecensus.exe with administrator privileges on every device. Devicecensus.exe is in the System32 folder. No additional run parameters are required.
3. After Devicecensus.exe has run, the **FullSync** registry value can be removed or set to **0**.

2
windows/deployment/update/update-compliance-delivery-optimization.md
View File

@ -2,7 +2,7 @@
title: Delivery Optimization in Update Compliance (Windows 10) title: Delivery Optimization in Update Compliance (Windows 10)
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
description: new Delivery Optimization data displayed in Update Compliance description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.pagetype: deploy ms.pagetype: deploy

21
windows/deployment/update/update-compliance-feature-update-status.md
View File

@ -2,7 +2,7 @@
title: Update Compliance - Feature Update Status report title: Update Compliance - Feature Update Status report
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
description: Find the latest status of feature updates with an overview of the Feature Update Status report. description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.pagetype: deploy ms.pagetype: deploy
@ -35,13 +35,21 @@ Refer to the following list for what each state means:
* Devices that have failed the given feature update installation are counted as **Update failed**. * Devices that have failed the given feature update installation are counted as **Update failed**.
* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category. * If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
## Compatibility holds ## Safeguard holds
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device's upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release. Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows 10 release information page for any given release.
### Opting out of compatibility hold ## Queries for safeguard holds
Microsoft will release a device from a compatibility hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired. Update Compliance reporting offers two queriesto help you retrieve data related to safeguard holds.The first queryshows the device data for alldevices that are affected by safeguard holds. The second queryshows data specific to devices running the target build.
![Left pane showing Need Attention, Security update status, feature update status, and Windows Defender AV status, with Need Attention selected. Right pane shows the list of queries relevant to the Need Attention status, with "Devices with a safeguard hold" and "Target build distribution of devices with a safeguard hold" queries highlighted](images/UC_workspace_safeguard_queries.png)
Update Compliance reporting will display the Safeguard IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards.
### Opting out of safeguard hold
Microsoft will release a device from a safeguard hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired.
To opt out, set the registry key as follows: To opt out, set the registry key as follows:
- Registry Key Path :: **Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion** - Registry Key Path :: **Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion**
@ -50,6 +58,5 @@ To opt out, set the registry key as follows:
- Type :: **REG_DWORD** - Type :: **REG_DWORD**
- Value :: **0** - Value :: **0**
Setting this registry key to **0** will force the device to opt out from *all* safeguard holds. Any other value, or deleting the key, will resume compatibility protection on the device.
Setting this registry key to **0** will force the device to opt out from *all* compatibility holds. Any other value, or deleting the key, will resume compatibility protection on the device.

5
windows/deployment/update/update-compliance-monitor.md
View File

@ -17,11 +17,6 @@ ms.topic: article
# Monitor Windows Updates with Update Compliance # Monitor Windows Updates with Update Compliance
> [!IMPORTANT]
> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance Microsoft Defender Antivirus reporting and Perspectives are now scheduled to be removed beginning Monday, May 11, 2020.
> * The retirement of Microsoft Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to for threats with [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) and [Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
> * The Perspectives feature of Update Compliance will be retired Monday, May 11, 2020. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
## Introduction ## Introduction
Update Compliance enables organizations to: Update Compliance enables organizations to:

3
windows/deployment/update/update-compliance-need-attention.md
View File

@ -2,8 +2,7 @@
title: Update Compliance - Need Attention! report title: Update Compliance - Need Attention! report
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
description: an overview of the Update Compliance Need Attention! report description: Learn how the Needs attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.pagetype: deploy ms.pagetype: deploy
audience: itpro audience: itpro

2
windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
View File

@ -26,7 +26,7 @@ WaaSDeploymentStatus records track a specific update's installation progress on
|**DeploymentError** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. | |**DeploymentError** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
|**DeploymentErrorCode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. | |**DeploymentErrorCode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
|**DeploymentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Failed` |The high level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Cancelled**: The update was cancelled.<li> **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.| |**DeploymentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Failed` |The high level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Cancelled**: The update was cancelled.<li> **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
|**DetailedStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but has not begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.| |**DetailedStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but has not begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.|
|**ExpectedInstallDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. | |**ExpectedInstallDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. | |**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
|**OriginBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. | |**OriginBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |

2
windows/deployment/update/update-compliance-security-update-status.md
View File

@ -2,7 +2,7 @@
title: Update Compliance - Security Update Status report title: Update Compliance - Security Update Status report
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
description: an overview of the Security Update Status report description: Learn how the Security Update Status section provides information about security updates across all devices.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.pagetype: deploy ms.pagetype: deploy

2
windows/deployment/update/update-compliance-using.md
View File

@ -2,7 +2,7 @@
title: Using Update Compliance (Windows 10) title: Using Update Compliance (Windows 10)
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
description: Explains how to begin using Update Compliance. description: Learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status.
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy

4
windows/deployment/update/waas-delivery-optimization-setup.md
View File

@ -95,7 +95,7 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload much more content over a longer period. In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload much more content over a longer period.
To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **6048000** (7 days) or more (up to 30 days). To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **604800** (7 days) or more (up to 30 days).
To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DOMaxCacheAge to 7 or more (up to 30 days). To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DOMaxCacheAge to 7 or more (up to 30 days).
@ -191,7 +191,7 @@ With no options, this cmdlet returns these data:
- overall efficiency - overall efficiency
- efficiency in the peered files - efficiency in the peered files
Using the `-ListConnections` option returns these detauls about peers: Using the `-ListConnections` option returns these details about peers:
- destination IP address - destination IP address
- peer type - peer type

5
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -119,8 +119,13 @@ A compliance deadline policy (released in June 2019) enables you to set separate
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation. This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
#### Update Baseline
The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
>[!NOTE]
>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether youre using deferrals or target version to manage which updates are offered to your devices when.
<!-- <!--

2
windows/deployment/update/waas-restart.md
View File

@ -1,6 +1,6 @@
--- ---
title: Manage device restarts after updates (Windows 10) title: Manage device restarts after updates (Windows 10)
description: tbd description: Use Group Policy settings, mobile device management (MDM) or Registry to configure when devices will restart after a Windows 10 update is installed.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy

2
windows/deployment/update/waas-servicing-channels-windows-10-updates.md
View File

@ -1,6 +1,6 @@
--- ---
title: Assign devices to servicing channels for Windows 10 updates (Windows 10) title: Assign devices to servicing channels for Windows 10 updates (Windows 10)
description: tbd description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM .
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy

17
windows/deployment/update/waas-wufb-csp-mdm.md
View File

@ -52,9 +52,12 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to receive pre-release versions of the next feature update #### I want to receive pre-release versions of the next feature update
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
2. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
3. Use [Update/BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation. 1. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
4. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
1. Use [Update/BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
#### I want to manage which released feature update my devices receive #### I want to manage which released feature update my devices receive
@ -102,7 +105,7 @@ Now all devices are paused from updating for 35 days. When the pause is removed,
#### I want to stay on a specific version #### I want to stay on a specific version
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of using the Update/TargetReleaseVersion (or DeployFeatureUpdates in Windows 10, version 1803 and later) setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition. If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-information/).
### Manage how users experience updates ### Manage how users experience updates
@ -138,7 +141,7 @@ We recommend that you use set specific deadlines for feature and quality updates
- [Update/ConfigureDeadlineGracePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) - [Update/ConfigureDeadlineGracePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot) - [Update/ConfigureDeadlineNoAutoReboot](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot)
These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours. These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose: These notifications are what the user sees depending on the settings you choose:
@ -172,8 +175,8 @@ There are additional settings that affect the notifications.
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use the [Update/UpdateNotificationLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values: We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use the [Update/UpdateNotificationLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
**0** (default) Use the default Windows Update notifications **0** (default) Use the default Windows Update notifications<br/>
**1** Turn off all notifications, excluding restart warnings **1** Turn off all notifications, excluding restart warnings<br/>
**2** Turn off all notifications, including restart warnings **2** Turn off all notifications, including restart warnings
> [!NOTE] > [!NOTE]

2
windows/deployment/update/windows-update-error-reference.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Update error code list by component title: Windows Update error code list by component
description: Reference information for Windows Update error codes description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: ms.mktglfcycl:
audience: itpro audience: itpro

2
windows/deployment/update/windows-update-logs.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Update log files title: Windows Update log files
description: Learn about the Windows Update log files description: Learn about the Windows Update log files and how to merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: ms.mktglfcycl:
audience: itpro audience: itpro

2
windows/deployment/update/windows-update-resources.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Update - Additional resources title: Windows Update - Additional resources
description: Use these resource to troubleshoot and reset Windows Update. description: In this article, learn details about to troubleshooting WSUS and resetting Windows Update components manually.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: ms.mktglfcycl:
audience: itpro audience: itpro

9
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Update troubleshooting title: Windows Update troubleshooting
description: Learn how to troubleshoot Windows Update description: Learn about troubleshooting Windows Update, issues related to HTTP/Proxy, and why some features are offered and others aren't.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: ms.mktglfcycl:
audience: itpro audience: itpro
@ -115,7 +115,8 @@ If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_M
You may choose to apply a rule to permit HTTP RANGE requests for the following URLs: You may choose to apply a rule to permit HTTP RANGE requests for the following URLs:
*.download.windowsupdate.com *.download.windowsupdate.com
*.dl.delivery.mp.microsoft.com *.dl.delivery.mp.microsoft.com
*.delivery.mp.microsoft.com
*.emdl.ws.microsoft.com *.emdl.ws.microsoft.com
If you cannot permit RANGE requests, keep in mind that this means you are downloading more content than needed in updates (as delta patching will not work). If you cannot permit RANGE requests, keep in mind that this means you are downloading more content than needed in updates (as delta patching will not work).
@ -166,6 +167,10 @@ Check that your device can access these Windows Update endpoints:
- `http://*.download.windowsupdate.com` - `http://*.download.windowsupdate.com`
- `http://wustat.windows.com` - `http://wustat.windows.com`
- `http://ntservicepack.microsoft.com` - `http://ntservicepack.microsoft.com`
- `https://*.prod.do.dsp.mp.microsoft.com`
- `http://*.dl.delivery.mp.microsoft.com`
- `https://*.delivery.mp.microsoft.com`
- `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
Allow these endpoints for future use. Allow these endpoints for future use.

2
windows/deployment/update/wufb-autoupdate.md
View File

@ -1,6 +1,6 @@
--- ---
title: Setting up Automatic Update in Windows Update for Business (Windows 10) title: Setting up Automatic Update in Windows Update for Business (Windows 10)
description: Learn how to configure Automatic Update group policies in Windows Update for Business. description: In this article, learn how to configure Automatic Update in Windows Update for Business with group policies.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

2
windows/deployment/update/wufb-onboard.md
View File

@ -1,6 +1,6 @@
--- ---
title: Onboarding to Windows Update for Business (Windows 10) title: Onboarding to Windows Update for Business (Windows 10)
description: Learn how to get started using Windows Update for Business. description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
audience: itpro audience: itpro

2
windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
View File

@ -1,6 +1,6 @@
--- ---
title: Windows Upgrade and Migration Considerations (Windows 10) title: Windows Upgrade and Migration Considerations (Windows 10)
description: Windows Upgrade and Migration Considerations description: Discover the Microsoft tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.
ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281 ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/migrate-application-settings.md
View File

@ -1,6 +1,6 @@
--- ---
title: Migrate Application Settings (Windows 10) title: Migrate Application Settings (Windows 10)
description: Migrate Application Settings description: Learn how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml.
ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07 ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/migration-store-types-overview.md
View File

@ -1,6 +1,6 @@
--- ---
title: Migration Store Types Overview (Windows 10) title: Migration Store Types Overview (Windows 10)
description: Migration Store Types Overview description: Learn about the migration store types and how to determine which migration store type best suits your needs.
ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70 ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/offline-migration-reference.md
View File

@ -1,6 +1,6 @@
--- ---
title: Offline Migration Reference (Windows 10) title: Offline Migration Reference (Windows 10)
description: Offline Migration Reference description: Offline migration enables the ScanState tool to run inside a different Windows OS than the Windows OS from which ScanState is gathering files and settings.
ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/understanding-migration-xml-files.md
View File

@ -1,6 +1,6 @@
--- ---
title: Understanding Migration XML Files (Windows 10) title: Understanding Migration XML Files (Windows 10)
description: Modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files. description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files.
ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7 ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-best-practices.md
View File

@ -1,6 +1,6 @@
--- ---
title: USMT Best Practices (Windows 10) title: USMT Best Practices (Windows 10)
description: USMT Best Practices description: Learn about general and security-related best practices when using User State Migration Tool (USMT) 10.0.
ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2 ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-choose-migration-store-type.md
View File

@ -1,6 +1,6 @@
--- ---
title: Choose a Migration Store Type (Windows 10) title: Choose a Migration Store Type (Windows 10)
description: Choose a Migration Store Type description: Learn how to choose a migration store type and estimate the amount of disk space needed for computers in your organization.
ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-command-line-syntax.md
View File

@ -1,6 +1,6 @@
--- ---
title: User State Migration Tool (USMT) Command-line Syntax (Windows 10) title: User State Migration Tool (USMT) Command-line Syntax (Windows 10)
description: User State Migration Tool (USMT) Command-line Syntax description: Learn about the User State Migration Tool (USMT) command-line syntax for using the ScanState tool, LoadState tool, and UsmtUtils tool.
ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514 ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-common-issues.md
View File

@ -1,6 +1,6 @@
--- ---
title: Common Issues (Windows 10) title: Common Issues (Windows 10)
description: Common Issues description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools.
ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1 ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-configxml-file.md
View File

@ -1,6 +1,6 @@
--- ---
title: Config.xml File (Windows 10) title: Config.xml File (Windows 10)
description: Config.xml File description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool.
ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8 ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-conflicts-and-precedence.md
View File

@ -1,6 +1,6 @@
--- ---
title: Conflicts and Precedence (Windows 10) title: Conflicts and Precedence (Windows 10)
description: Conflicts and Precedence description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence.
ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-custom-xml-examples.md
View File

@ -1,6 +1,6 @@
--- ---
title: Custom XML Examples (Windows 10) title: Custom XML Examples (Windows 10)
description: Custom XML Examples description: Use custom XML examples to learn how to migrate an unsupported application, migrate files and registry keys, and migrate the My Videos folder.
ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0 ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-customize-xml-files.md
View File

@ -1,6 +1,6 @@
--- ---
title: Customize USMT XML Files (Windows 10) title: Customize USMT XML Files (Windows 10)
description: Customize USMT XML Files description: Learn how to customize USMT XML files. Also, learn about the migration XML files that are included with USMT.
ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-exclude-files-and-settings.md
View File

@ -1,6 +1,6 @@
--- ---
title: Exclude Files and Settings (Windows 10) title: Exclude Files and Settings (Windows 10)
description: Exclude Files and Settings description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file.
ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
View File

@ -1,6 +1,6 @@
--- ---
title: Extract Files from a Compressed USMT Migration Store (Windows 10) title: Extract Files from a Compressed USMT Migration Store (Windows 10)
description: Extract Files from a Compressed USMT Migration Store description: In this article, learn how to extract files from a compressed User State Migration Tool (USMT) migration store.
ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33 ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-faq.md
View File

@ -1,6 +1,6 @@
--- ---
title: Frequently Asked Questions (Windows 10) title: Frequently Asked Questions (Windows 10)
description: Frequently Asked Questions description: Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

4
windows/deployment/usmt/usmt-general-conventions.md
View File

@ -1,6 +1,6 @@
--- ---
title: General Conventions (Windows 10) title: General Conventions (Windows 10)
description: General Conventions description: Learn about general XML guidelines and how to use XML helper functions in the XML Elements library to change migration behavior.
ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6 ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
@ -35,7 +35,7 @@ Before you modify the .xml files, become familiar with the following guidelines:
You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files. You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files.
- **Conflits** - **Conflicts**
In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).

28
windows/deployment/usmt/usmt-how-it-works.md
View File

@ -1,6 +1,6 @@
--- ---
title: How USMT Works (Windows 10) title: How USMT Works (Windows 10)
description: How USMT Works description: Learn how USMT works and how it includes two tools that migrate settings and data - ScanState and LoadState.
ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171 ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
@ -10,7 +10,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
audience: itpro audience: itpro
author: greg-lindsay author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article ms.topic: article
--- ---
@ -19,17 +18,13 @@ ms.topic: article
USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer. USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer.
- [ScanState Process](#bkmk-ssprocess) - [ScanState Process](#the-scanstate-process)
- [LoadState Process](#the-loadstate-process)
- [LoadState Process](#bkmk-lsprocess)
**Note**   **Note**  
For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
## <a href="" id="bkmk-ssprocess"></a>The ScanState Process
## The ScanState Process
When you run the ScanState tool on the source computer, it goes through the following process: When you run the ScanState tool on the source computer, it goes through the following process:
@ -40,9 +35,7 @@ When you run the ScanState tool on the source computer, it goes through the foll
There are three types of components: There are three types of components:
- Components that migrate the operating system settings - Components that migrate the operating system settings
- Components that migrate application settings - Components that migrate application settings
- Components that migrate users files - Components that migrate users files
The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line. The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line.
@ -58,8 +51,6 @@ When you run the ScanState tool on the source computer, it goes through the foll
**Note**   **Note**  
From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users files. ScanState processes all components in the same way. From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users files. ScanState processes all components in the same way.
2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory. 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory.
3. For each selected component, ScanState evaluates the &lt;detects&gt; section. If the condition in the &lt;detects&gt; section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues. 3. For each selected component, ScanState evaluates the &lt;detects&gt; section. If the condition in the &lt;detects&gt; section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues.
@ -73,8 +64,6 @@ When you run the ScanState tool on the source computer, it goes through the foll
**Note**   **Note**  
ScanState ignores some subsections such as &lt;destinationCleanup&gt; and &lt;locationModify&gt;. These sections are evaluated only on the destination computer. ScanState ignores some subsections such as &lt;destinationCleanup&gt; and &lt;locationModify&gt;. These sections are evaluated only on the destination computer.
5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile. 5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile.
6. In the "Saving" phase, ScanState writes the migration units that were collected to the store location. 6. In the "Saving" phase, ScanState writes the migration units that were collected to the store location.
@ -82,9 +71,7 @@ When you run the ScanState tool on the source computer, it goes through the foll
**Note**   **Note**  
ScanState does not modify the source computer in any way. ScanState does not modify the source computer in any way.
## The LoadState Process
## <a href="" id="bkmk-lsprocess"></a>The LoadState Process
The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer. The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer.
@ -132,13 +119,10 @@ The LoadState process is very similar to the ScanState process. The ScanState to
**Important** **Important**
It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as &lt;locationModify&gt;, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran. It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as &lt;locationModify&gt;, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran.
5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a &lt;merge&gt; rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed. 5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a &lt;merge&gt; rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed.
## Related topics ## Related topics
[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)

2
windows/deployment/usmt/usmt-how-to.md
View File

@ -1,6 +1,6 @@
--- ---
title: User State Migration Tool (USMT) How-to topics (Windows 10) title: User State Migration Tool (USMT) How-to topics (Windows 10)
description: User State Migration Tool (USMT) How-to topics description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3 ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
View File

@ -1,6 +1,6 @@
--- ---
title: Identify File Types, Files, and Folders (Windows 10) title: Identify File Types, Files, and Folders (Windows 10)
description: Identify File Types, Files, and Folders description: Learn how to identify the file types, files, folders, and settings that you want to migrate when you're planning your migration.
ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0 ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-identify-users.md
View File

@ -1,6 +1,6 @@
--- ---
title: Identify Users (Windows 10) title: Identify Users (Windows 10)
description: Identify Users description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts.
ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-log-files.md
View File

@ -1,6 +1,6 @@
--- ---
title: Log Files (Windows 10) title: Log Files (Windows 10)
description: Log Files description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations.
ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649 ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
View File

@ -1,6 +1,6 @@
--- ---
title: Migrate EFS Files and Certificates (Windows 10) title: Migrate EFS Files and Certificates (Windows 10)
description: Migrate EFS Files and Certificates description: Learn how to migrate Encrypting File System (EFS) certificates. Also, learn where to find information about how to identify file types, files, and folders.
ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1 ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-migrate-user-accounts.md
View File

@ -1,6 +1,6 @@
--- ---
title: Migrate User Accounts (Windows 10) title: Migrate User Accounts (Windows 10)
description: Migrate User Accounts description: Learn how to migrate user accounts and how to specify which users to include and exclude by using the User options on the command line.
ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09 ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-overview.md
View File

@ -1,6 +1,6 @@
--- ---
title: User State Migration Tool (USMT) Overview (Windows 10) title: User State Migration Tool (USMT) Overview (Windows 10)
description: User State Migration Tool (USMT) Overview description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems.
ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-plan-your-migration.md
View File

@ -1,6 +1,6 @@
--- ---
title: Plan Your Migration (Windows 10) title: Plan Your Migration (Windows 10)
description: Plan Your Migration description: Learn how to your plan your migration carefully so your migration can proceed smoothly and so that you reduce the risk of migration failure.
ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-recognized-environment-variables.md
View File

@ -1,6 +1,6 @@
--- ---
title: Recognized Environment Variables (Windows 10) title: Recognized Environment Variables (Windows 10)
description: Recognized Environment Variables description: Learn how to use environment variables to identify folders that may be different on different computers.
ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-reference.md
View File

@ -1,6 +1,6 @@
--- ---
title: User State Migration Toolkit (USMT) Reference (Windows 10) title: User State Migration Toolkit (USMT) Reference (Windows 10)
description: User State Migration Toolkit (USMT) Reference description: Use this User State Migration Toolkit (USMT) article to learn details about USMT, like operating system, hardware, and software requirements, and user prerequisites.
ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-reroute-files-and-settings.md
View File

@ -1,6 +1,6 @@
--- ---
title: Reroute Files and Settings (Windows 10) title: Reroute Files and Settings (Windows 10)
description: Reroute Files and Settings description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings.
ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-resources.md
View File

@ -1,6 +1,6 @@
--- ---
title: USMT Resources (Windows 10) title: USMT Resources (Windows 10)
description: USMT Resources description: Learn about User State Migration Tool (USMT) online resources, including Microsoft Visual Studio and forums.
ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43 ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-return-codes.md
View File

@ -1,6 +1,6 @@
--- ---
title: Return Codes (Windows 10) title: Return Codes (Windows 10)
description: Return Codes description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps.
ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22 ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

36
windows/deployment/usmt/usmt-scanstate-syntax.md
View File

@ -1,6 +1,6 @@
--- ---
title: ScanState Syntax (Windows 10) title: ScanState Syntax (Windows 10)
description: ScanState Syntax description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
@ -64,11 +64,9 @@ This section explains the syntax and usage of the **ScanState** command-line opt
The **ScanState** command's syntax is: The **ScanState** command's syntax is:
scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\] > scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
For example: For example, to create a Config.xml file in the current directory, use:
To create a Config.xml file in the current directory, use:
`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13` `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
@ -313,8 +311,8 @@ USMT provides the following options to specify what files you want to migrate.
USMT provides several options that you can use to analyze problems that occur during migration. USMT provides several options that you can use to analyze problems that occur during migration.
**Note** > [!NOTE]
The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option. > The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
@ -617,13 +615,12 @@ You can use the following options to migrate encrypted files. In all cases, by d
For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
**Note** > [!NOTE]
EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files > EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
> [!CAUTION]
**Caution** > Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
@ -720,7 +717,7 @@ The following table indicates which command-line options are not compatible with
<td align="left"><p>/<strong>nocompress</strong></p></td> <td align="left"><p>/<strong>nocompress</strong></p></td>
<td align="left"><p></p></td> <td align="left"><p></p></td>
<td align="left"><p></p></td> <td align="left"><p></p></td>
<td align="left"><p>X</p></td> <td align="left"><p></p></td>
<td align="left"><p>N/A</p></td> <td align="left"><p>N/A</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
@ -853,9 +850,8 @@ The following table indicates which command-line options are not compatible with
</table> </table>
> [!NOTE]
**Note** > You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
@ -864,11 +860,3 @@ You must specify either the /**key** or /**keyfile** option with the /**encrypt*
[XML Elements Library](usmt-xml-elements-library.md) [XML Elements Library](usmt-xml-elements-library.md)

2
windows/deployment/usmt/usmt-test-your-migration.md
View File

@ -1,6 +1,6 @@
--- ---
title: Test Your Migration (Windows 10) title: Test Your Migration (Windows 10)
description: Test Your Migration description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization.
ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-topics.md
View File

@ -1,6 +1,6 @@
--- ---
title: User State Migration Tool (USMT) Overview Topics (Windows 10) title: User State Migration Tool (USMT) Overview Topics (Windows 10)
description: User State Migration Tool (USMT) Overview Topics description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals.
ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-utilities.md
View File

@ -1,6 +1,6 @@
--- ---
title: UsmtUtils Syntax (Windows 10) title: UsmtUtils Syntax (Windows 10)
description: UsmtUtils Syntax description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface.
ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

2
windows/deployment/usmt/usmt-what-does-usmt-migrate.md
View File

@ -1,6 +1,6 @@
--- ---
title: What does USMT migrate (Windows 10) title: What does USMT migrate (Windows 10)
description: What does USMT migrate description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language.
ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7 ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi

Some files were not shown because too many files have changed in this diff Show More