deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into waastelescope

Browse Source
This commit is contained in:
jaimeo
2020-06-08 08:39:42 -07:00
parent 6fdaaa5d2a 5ee957666b
commit d8c129bba2
125 changed files with 5727 additions and 1291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/deployment/TOC.yml
View File

@ -44,7 +44,11 @@
- name: Define your servicing strategy
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Best practices for feature updates on mission-critical devices
href: update/feature-update-mission-critical.md
href: update/feature-update-mission-critical.md
- name: Windows 10 deployment considerations
href: planning/windows-10-deployment-considerations.md
- name: Windows 10 infrastructure requirements
href: planning/windows-10-infrastructure-requirements.md
- name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- name: Features removed or planned for replacement
@ -126,7 +130,7 @@
- name: Deploy updates with Configuration Manager
href: update/deploy-updates-configmgr.md
- name: Deploy updates with Intune
href: update/waas-wufb-csp-mdm.md
href: update/deploy-updates-intune.md
- name: Deploy updates with WSUS
href: update/waas-manage-updates-wsus.md
- name: Deploy updates with Group Policy
@ -238,13 +242,13 @@
href: update/windows-update-overview.md
- name: Servicing stack updates
href: update/servicing-stack-updates.md
- name: How Windows Update works
href: update/how-windows-update-works.md
- name: Additional Windows Update settings
href: update/waas-wu-settings.md
- name: Delivery Optimization reference
href: update/waas-delivery-optimization-reference.md
- name: Windows 10 in S mode
href: s-mode.md
- name: Switch to Windows 10 Pro or Enterprise from S mode
href: windows-10-pro-in-s-mode.md
- name: Windows 10 deployment tools
items:

113
windows/deployment/index.yml
View File

@ -22,73 +22,126 @@ landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: Overview
- title: Deploy Windows 10
linkLists:
- linkListType: overview
links:
- text: Windows 10 deployment scenarios
url: windows-10-deployment-scenarios.md
- linkListType: quickstart
links:
- text: Demonstrate Autopilot deployment
url: windows-autopilot/demonstrate-deployment-on-vm.md
- text: Deploy Windows 10 in a test lab
url: windows-10-poc.md
- linkListType: architecture
links:
- text: Windows 10 deployment considerations
url: planning/windows-10-deployment-considerations.md
- text: Windows 10 infrastructure requirements
url: planning/windows-10-infrastructure-requirements.md
- text: Windows 10 features lifecycle
url: planning/features-lifecycle.md
- text: Plan for volume activation
url: volume-activation/plan-for-volume-activation-client.md
- linkListType: how-to-guide
links:
- text: Prepare for Zero Touch Installation with Configuration Manager
url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
- text: Prepare to deploy Windows 10 with MDT
url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- linkListType: deploy
links:
- text: Windows Autopilot scenarios and capabilities
url: windows-autopilot/windows-autopilot-scenarios.md
- text: Deploy Windows 10 to a new device with Configuration Manager
url: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
- text: Deploy a Windows 10 image using MDT
url: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
- text: Resolve Windows 10 upgrade errors
url: upgrade/resolve-windows-10-upgrade-errors.md
# Card (optional)
- title: Update Windows 10
linkLists:
- linkListType: overview
links:
- text: What is Windows as a service?
url: update/waas-overview.md
- text: Types of Windows updates
url: update/waas-quick-start.md#definitions
# Card (optional)
- title: Get started
linkLists:
- linkListType: get-started
links:
- text: Demonstrate Autopilot deployment
url: windows-autopilot/demonstrate-deployment-on-vm.md
- text: Servicing the Windows 10 operating system
url: update/waas-servicing-strategy-windows-10-updates.md
- text: Deploy Windows 10 in a test lab
url: windows-10-poc.md
# Card (optional)
- title: Deployment planning
linkLists:
- linkListType: architecture
links:
- text: Create a deployment plan
url: update/create-deployment-plan.md
- text: Define readiness criteria
url: update/plan-define-readiness.md
- text: Evaluate infrastructure and tools
url: update/eval-infra-tools.md
- text: Determine application readiness
url: update/plan-determine-app-readiness.md
- text: Define your servicing strategy
url: update/waas-servicing-strategy-windows-10-updates.md
# Card
- title: Prepare to deploy Windows 10
linkLists:
- linkListType: how-to-guide
links:
- text: Prepare to deploy Windows 10
url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- text: Evaluate and update infrastructure
url: update/update-policies.md
- text: Build a successful servicing strategy
url: update/waas-deployment-rings-windows-10-updates.md
# Card
- title: Deploy Windows 10
linkLists:
- linkListType: deploy
links:
- text: Deploy Windows 10 with Autopilot
url: windows-autopilot/windows-autopilot-scenarios.md
- text: Assign devices to servicing channels
url: update/waas-servicing-channels-windows-10-updates.md
- text: Deploy Windows 10 updates
url: update/index.md
url: update/waas-servicing-channels-windows-10-updates.md
- text: Troubleshoot Windows Update
url: update/windows-update-troubleshooting.md
# Card (optional)
- title: Also see
- title: Resources
linkLists:
- linkListType: reference
links:
- text: How does Windows Update work?
url: update/how-windows-update-works.md
- text: Unified Update Platform (UUP) architecture
url: update/windows-update-overview.md#unified-update-platform-uup-architecture
- text: Servicing stack updates
url: update/servicing-stack-updates.md
- text: Manage additional Windows Update setings
url: update/waas-wu-settings.md
- text: Delivery Optimization reference
url: update/waas-delivery-optimization-reference.md
- text: Convert an MBR partition to GPT
url: mbr-to-gpt.md
- text: VAMT technical reference
url: volume-activation/volume-activation-management-tool.md
- text: User State Migration Tool (USMT) overview
url: usmt/usmt-overview.md
- linkListType: learn
links:
- text: Windows 10 release information
url: https://docs.microsoft.com/en-us/windows/release-information/
url: https://docs.microsoft.com/windows/release-information/
- text: What's new in Windows 10
url: https://docs.microsoft.com/en-us/windows/whats-new/
url: https://docs.microsoft.com/windows/whats-new/
- text: Microsoft 365 for enterprise documention
url: https://docs.microsoft.com/microsoft-365/enterprise/
- text: Microsoft Surface documentation
url: https://docs.microsoft.com/surface/
- text: Evaluate Windows 10 Enterprise
url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise
- text: Microsoft FastTrack cloud solutions
url: https://www.microsoft.com/fasttrack/
- text: Microsoft Intune documentation
url: https://docs.microsoft.com/mem/intune/
- text: Microsoft Endpoint Configuration Manager documentation
url: https://docs.microsoft.com/mem/configmgr/
- text: Windows 10 Enterprise Security
url: https://docs.microsoft.com/en-us/windows/security/
url: https://docs.microsoft.com/windows/security/
- text: Desktop Deployment Center
url: https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home

276
windows/deployment/planning/windows-10-deployment-considerations.md
View File

@ -1,144 +1,132 @@
---
title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deploy, upgrade, update, in-place
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: plan
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Windows 10 deployment considerations
**Applies to**
- Windows 10
There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
For many years, organizations have deployed new versions of Windows using a “wipe and load” deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
Windows 10 also introduces two additional scenarios that organizations should consider:
- **In-place upgrade**, which provides a simple, automated process that leverages the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
- **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.
So how do you choose? At a high level:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Consider ...</th>
<th align="left">For these scenarios</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left">In-place upgrade</td>
<td align="left"><ul>
<li><p>When you want to keep all (or at least most) existing applications</p></li>
<li><p>When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)</p></li>
<li><p>To migrate from Windows 10 to a later Windows 10 release</p></li>
</ul></td>
</tr>
<tr class="even">
<td align="left">Traditional wipe-and-load</td>
<td align="left"><ul>
<li><p>When you upgrade significant numbers of applications along with the new Windows OS</p></li>
<li><p>When you make significant device or operating system configuration changes</p></li>
<li><p>When you “start clean”. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs</p></li>
<li><p>When you migrate from Windows Vista or other previous operating system versions</p></li>
</ul></td>
</tr>
<tr class="odd">
<td align="left">Dynamic provisioning</td>
<td align="left"><ul>
<li><p>For new devices, especially in “choose your own device” scenarios when simple configuration (not reimaging) is all that is required</p></li>
<li><p>When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps</p></li>
</ul></td>
</tr>
</tbody>
</table>
 
## Migration from previous Windows versions
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
Note that the original Windows 8 release is only supported until January 2016. Organizations that do not think they can complete a full Windows 10 migration by that date should deploy Windows 8.1 now and consider Windows 10 after Windows 8 has been removed from the environment.
For existing Windows PCs running Windows Vista, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](https://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](https://go.microsoft.com/fwlink/p/?LinkId=625074).
For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
For organizations that do not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
## Setup of new computers
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
- **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=625075).
- **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=625076).
In either of these scenarios, you can make a variety of configuration changes to the PC:
- Transform the edition (SKU) of Windows 10 that is in use.
- Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
- Install apps, language packs, and updates.
- Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
## Stay up to date
For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods:
- Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update). Note that this will require updates to WSUS, which are only available for Windows Server 2012 and Windows Server 2012 R2, not previous versions.
- System Center Configuration Manager task sequences (with Configuration Manager 2012, 2012 R2, and later versions).
- System Center Configuration Manager vNext software update capabilities (deploying like an update).
Note that these upgrades (which are installed differently than monthly updates) will leverage an in-place upgrade process. Unlike updates, which are relatively small, these upgrades will include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
Over time, this upgrade process will be optimized to reduce the overall time and network bandwidth consumed.
## Related topics
[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
 
 
---
title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: deploy, upgrade, update, in-place
ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: plan
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Windows 10 deployment considerations
**Applies to**
- Windows 10
There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
For many years, organizations have deployed new versions of Windows using a “wipe and load” deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
Windows 10 also introduces two additional scenarios that organizations should consider:
- **In-place upgrade**, which provides a simple, automated process that leverages the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
- **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.
So how do you choose? At a high level:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Consider ...</th>
<th align="left">For these scenarios</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left">In-place upgrade</td>
<td align="left"><ul>
<li><p>When you want to keep all (or at least most) existing applications</p></li>
<li><p>When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)</p></li>
<li><p>To migrate from Windows 10 to a later Windows 10 release</p></li>
</ul></td>
</tr>
<tr class="even">
<td align="left">Traditional wipe-and-load</td>
<td align="left"><ul>
<li><p>When you upgrade significant numbers of applications along with the new Windows OS</p></li>
<li><p>When you make significant device or operating system configuration changes</p></li>
<li><p>When you “start clean”. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs</p></li>
<li><p>When you migrate from Windows Vista or other previous operating system versions</p></li>
</ul></td>
</tr>
<tr class="odd">
<td align="left">Dynamic provisioning</td>
<td align="left"><ul>
<li><p>For new devices, especially in “choose your own device” scenarios when simple configuration (not reimaging) is all that is required</p></li>
<li><p>When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps</p></li>
</ul></td>
</tr>
</tbody>
</table>
 
## Migration from previous Windows versions
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
For PCs running operating systems older than Windows 7, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
## Setting up new computers
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
- **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=625075).
- **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=625076).
In either of these scenarios, you can make a variety of configuration changes to the PC:
- Transform the edition (SKU) of Windows 10 that is in use.
- Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
- Install apps, language packs, and updates.
- Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
## Stay up to date
For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will be deployed two times per year. You can deploy these upgrades by using a variety of methods:
- Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update).
- Configuration Manager task sequences.
- Configuration Manager software update capabilities (deploying like an update).
These upgrades (which are installed differently than monthly updates) leverage an in-place upgrade process. Unlike updates, which are relatively small, these upgrades will include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
The upgrade process is also optimized to reduce the overall time and network bandwidth consumed.
## Related topics
[Windows 10 compatibility](windows-10-compatibility.md)<br>
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
 
 

40
windows/deployment/planning/windows-10-infrastructure-requirements.md
View File

@ -26,38 +26,24 @@ There are specific infrastructure requirements to deploy and manage Windows 10
## High-level requirements
For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage.
For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.)
## Deployment tools
A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
The latest version of the Windows Assessment and Deployment Toolkit (ADK) is available for download [here](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
The latest version of the Microsoft Deployment Toolkit (MDT) is available for download [here](https://docs.microsoft.com/mem/configmgr/mdt/release-notes).
For System Center Configuration Manager, Windows 10 support is offered with various releases:
| Release | Windows 10 management? | Windows 10 deployment? |
|---------------------------------------------|------------------------|------------------------------------------------|
| System Center Configuration Manager 2007 | Yes, with a hotfix | No |
| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 |
| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 |
> [!NOTE]
> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require Microsoft Endpoint Configuration Manager current branch for supported management.
 
For Configuration Manager, Windows 10 version specific support is offered with [various releases](https://docs.microsoft.com/mem/configmgr/core/plan-design/configs/support-for-windows-10).
For more details about Microsoft Endpoint Configuration Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
## Management tools
In addition to Microsoft Endpoint Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
@ -72,8 +58,6 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) |
| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 |
 
For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090).
For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
@ -81,20 +65,17 @@ For devices you manage with mobile device management (MDM) solutions such as Mic
Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
1. Select the **Options** node, and then click **Products and Classifications**.
2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**.
3. From the **Synchronizations** node, right-click and choose **Synchronize Now**.
![figure 1](images/fig4-wsuslist.png)
Figure 1. WSUS product list with Windows 10 choices
WSUS product list with Windows 10 choices
Because Windows 10 updates are cumulative in nature, each months new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
## Activation
Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
| Product | Required update |
@ -104,26 +85,21 @@ Windows 10 volume license editions of Windows 10 will continue to support all
| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) |
 
Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/)
Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.)
Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
Note that Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
## Related topics
[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
<BR>[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
<BR>[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)<br>
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)<br>
[Windows 10 compatibility](windows-10-compatibility.md)<br>
 

6
windows/deployment/update/plan-determine-app-readiness.md
View File

@ -43,7 +43,7 @@ Combining the various validation methods with the app classifications you've pre
|Test in pilot | x | x | x |
## Identify users
### Identify users
Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you'll have to choose which users are best suited for validation testing. Some factors to consider include:
@ -53,7 +53,7 @@ Since your organization no doubt has a wide variety of users, each with differen
You could seek volunteers who enjoy working with new features and include them in the pilot deployment. You might want to avoid using core users like department heads or project managers. Current application owners, operations personnel, and developers can help you identify the most appropriate pilot users.
## Identify and set up devices for validation
### Identify and set up devices for validation
In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection will include devices representing all of the hardware models in your environment.
@ -64,7 +64,7 @@ There is more than one way to choose devices for app validation:
- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
## Desktop Analytics
### Desktop Analytics
Desktop Analytics can make all of the tasks discussed in this article significantly easier:

158
windows/deployment/update/prepare-deploy-windows.md Normal file
View File

@ -0,0 +1,158 @@
---
title: Prepare to deploy Windows
description:
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
---
# Prepare to deploy Windows
Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows 10. The planning phase will have left you with these useful items:
- A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md)
- A plan for [testing and validating](plan-determine-app-readiness.md) apps
- An assessment of your [deployment infrastructure](eval-infra-tools.md) and definitions for operational readiness
- A [deployment plan](create-deployment-plan.md) that defines the rings you want to use
Now you're ready to actually start making changes in your environment to get ready to deploy.
## Prepare infrastructure and environment
- Deploy site server updates for Configuration Manager.
- Update non-Microsoft security tools like security agents or servers.
- Update non-Microsoft management tools like data loss prevention agents.
Your infrastructure probably includes many different components and tools. Youll need to ensure your environment isnt affected by issues due to the changes you make to the various parts of the infrastructure. Follow these steps:
1. Review all of the infrastructure changes that youve identified in your plan. Its important to understand the changes that need to be made and to detail how to implement them. This prevents problems later on.
2. Validate your changes. Youll validate the changes for your infrastructures components and tools, to help you understand how your changes could affect your production environment.
3. Implement the changes. Once the changes have been validated, you can implement the changes across the wider infrastructure.
You should also look at your organizations environments configuration and outline how youll implement any necessary changes previously identified in the plan phase to support the update. Consider what youll need to do for the various settings and policies that currently underpin the environment. For example:
- Implement new draft security guidance. New versions of Windows can include new features that improve your environments security. Your security teams will want to make appropriate changes to security related configurations.
- Update security baselines. Security teams understand the relevant security baselines and will have to work to make sure all baselines fit into whatever guidance they have to adhere to.
However, your configuration will consist of many different settings and policies. Its important to only apply changes where they are necessary, and where you gain a clear improvement. Otherwise, your environment might face issues that will slow down the update process. You want to ensure your environment isnt affected adversely because of changes you make. For example:
1. Review new security settings. Your security team will review the new security settings, to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
2. Review security baselines for changes. Security teams will also review all the necessary security baselines, to ensure the changes can be implemented, and ensure your environment remains compliant.
3. Implement and validate security settings and baseline changes. Your security teams will then implement all of the security settings and baselines, having addressed any potential outstanding issues.
## Prepare applications and devices
You've previously decided on which validation methods you want to use to validate apps in the upcoming pilot deployment phase. Now is a good time to make sure that individual devices are ready and able to install the next update without difficulty.
### Ensure updates are available
Enable update services on devices. Ensure that every device is running all the services Windows Update relies on. Sometimes users or even malware can disable the services Windows Update requires to work correctly. Make sure the following services are running:
- Background Intelligent Transfer Service
- Background Tasks Infrastructure Service
- BranchCache (if you use this feature for update deployment)
- ConfigMgr Task Sequence Agent (if you use Configuration Manager to deploy updates)
- Cryptographic Services
- DCOM Server Process Launcher
- Device Install
- Delivery Optimization
- Device Setup Manager
- License Manager
- Microsoft Account Sign-in Assistant
- Microsoft Software Shadow Copy Provider
- Remote Procedure Call (RPC)
- Remote Procedure Call (RPC) Locator
- RPC Endpoint Mapper
- Service Control Manager
- Task Scheduler
- Token Broker
- Update Orchestrator Service
- Volume Shadow Copy Service
- Windows Automatic Update Service
- Windows Backup
- Windows Defender Firewall
- Windows Management Instrumentation
- Windows Management Service
- Windows Module Installer
- Windows Push Notification
- Windows Security Center Service
- Windows Time Service
- Windows Update
- Windows Update Medic Service
You can check these services manually by using Services.msc, or by using PowerShell scripts, Desktop Analytics, or other methods.
### Network configuration
Ensure that devices can reach necessary Windows Update endpoints through the firewall.
### Optimize download bandwidth
Set up [Delivery Optimization](waas-delivery-optimization.md) for peer network sharing or Microsoft Connected Cache.
### Address unhealthy devices
In the course of surveying your device population, either with Desktop Analytics or by some other means, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems.
- **Low disk space:** Quality updates require a minimum of two GB to successfully install. Feature updates require between 8 and 15 GB depending upon the configuration. On Windows 10, version 1903 and later you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve this by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
- C:\Windows\temp
- C:\Windows\cbstemp (though this file might be necessary to investigate update failures)
- C:\Windows\WindowsUpdate.log (though this file might be necessary to investigate update failures)
- C:\Windows.Old (these files should automatically clean up after 10 days or might ask the device user for permission to clean up sooner when constrained for disk space)
You can also create and run scripts to perform additional cleanup actions on devices, with administrative rights, or use Group Policy settings.
- Clean up the Windows Store Cache by running C:\Windows\sytem32\wsreset.exe
- Optimize the WinSxS folder on the client machine by using **Dism.exe /online /Cleanup-Image /StartComponentCleanup**
- Compact the operating system by running **Compact.exe /CompactOS:always**
- Remove Windows Features on Demand that the user doesn't need. See [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) for more guidance.
- Move Windows Known Folders to OneDrive. See [Use Group Policy to control OneDrive sync settings](https://docs.microsoft.com/onedrive/use-group-policy) for more information.
- Clean up the Software Distribution folder. Try deploying these commands as a batch file to run on devices to reset the download state of Windows Updates:
```
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
```
- **Application and driver updates:** Out-of-date app or driver software can prevent devices from updating successfully. Desktop Analytics will help you identify drivers and applications that need attention. You can also
check for known issues in order to take any appropriate action. Deploy any updates from the vendor(s) for any problematic application or driver versions to resolve issues.
- **Corruption:** In rare circumstances, a device that has repeated installation errors might be corrupted in a way that prevents the system from applying a new update. You might have to repair the Component Based Store from another source. You can do this with the [System File Checker](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
## Prepare capability
In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You'll need to complete these higher-level tasks to gain those new capabilities:
- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions will come with new policies that you use to update ADMX templates.
- Validate new changes to understand how they affect the wider environment.
- Remediate any potential problems that have been identified through validation.
## Prepare users
Users often feel like they are forced into updating their devices randomly. They often don't fully understand why an update is needed, and they don't know when updates would be applied to their devices ahead of time. It's best to ensure that upcoming updates are communicated clearly and with adequate warning.
You can employ a variety of measures to achieve this, for example:
- Send overview email about the update and how it will be deployed to the entire organization.
- Send personalized emails to users about the update with specific details.
- Set an opt-out deadline for employees that need to remain on the current version for a bit longer, due to a business need.
- Provide the ability to voluntarily update at users convenience.
- Inform users of a mandatory installation date when the update will be installed on all devices.

2
windows/deployment/update/update-compliance-monitor.md
View File

@ -1,5 +1,5 @@
---
title: Monitor Windows Updates and Windows Defender AV with Update Compliance (Windows 10)
title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance (Windows 10)
ms.reviewer:
manager: laurawi
description: You can use Update Compliance in Azure Portal to monitor the progress of updates and key antimalware protection features on devices in your network.

2
windows/deployment/upgrade/setupdiag.md
View File

@ -39,7 +39,7 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these
With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](https://docs.microsoft.com/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario).
During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
When run by Windows Setup, the following [parameters](#parameters) are used:

1
windows/deployment/windows-autopilot/autopilot-faq.md
View File

@ -144,6 +144,7 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
| What are some common causes of registration failures? |1. Bad or missing hardware hash entries can lead to faulty registration attempts <br>2. Hidden special characters in CSV files. <br><br>To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.|
| Is Autopilot supported on IoT devices? | Autopilot is not supported on IoT Core devices, and there are currently no plans to add this support. Autopilot is supported on Windows 10 IoT Enterprise SAC devices. Autopilot is supported on Windows 10 Enterprise LTSC 2019 and above; it is not supported on earlier versions of LTSC.|
| Is Autopilot supported in all regions/countries? | Autopilot only supports customers using global Azure. Global Azure does not include the three entities listed below:<br>- Azure Germany <br>- Azure China 21Vianet<br>- Azure Government<br>So, if a customer is set up in global Azure, there are no region restrictions. For example, if Contoso uses global Azure but has employees working in China, the Contoso employees working in China would be able to use Autopilot to deploy devices. If Contoso uses Azure China 21Vianet, the Contoso employees would not be able to use Autopilot.|
| I need to register a device that's been previously registered to another organisation. | Partners registering devices through partner center can also deregister the device if it's moving between different customer tenants. If this isn't possible, as a last resort you can raise a ticket through the Intune "Help and Support" node and our support teams will assist you. |
## Glossary