From a4e2f0bff8f921979b556831cf30cf4d66084fd4 Mon Sep 17 00:00:00 2001 From: Oleksandr Fisun <16293357+OtherF@users.noreply.github.com> Date: Wed, 14 Feb 2024 12:10:40 +0100 Subject: [PATCH 1/7] Update enhanced-phishing-protection.md Remove second table because it provides the same "Recommendations" like the previous table and might be confusing for Users. --- .../enhanced-phishing-protection.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md index 29ae7131f5..7a4a9369dc 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md +++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md @@ -91,7 +91,7 @@ By default, Enhanced Phishing Protection is deployed in audit mode, preventing n | Setting | Default Value | Recommendation | |---------------------------|------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Automatic Data Collection | **Enabled** for domain joined devices or devices enrolled with MDM.
**Disabled** for all other devices. | **Enabled**: Turns on collection of additional content for security analysis from a suspicious website or app to improve Microsoft's threat intelligence | +| Automatic Data Collection | **Enabled** for domain joined devices or devices enrolled with MDM.
**Disabled** for all other devices. | **Enabled**: Turns on collection of additional content for security analysis from a suspicious website or app to improve Microsoft's threat intelligence. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious. | | Service Enabled | **Enabled** | **Enabled**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users. | | Notify Malicious | **Disabled** for devices onboarded to MDE.
**Enabled** for all other devices. | **Enabled**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password. | | Notify Password Reuse | **Disabled** | **Enabled**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password. | @@ -99,14 +99,6 @@ By default, Enhanced Phishing Protection is deployed in audit mode, preventing n To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings. -| Setting | Default Value | Recommendation | -|---------------------------|------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Automatic Data Collection | **Disabled** for domain joined devices or devices enrolled with MDM.
**Enabled** for all other devices. | **Enabled**: Turns on collection of additional content when users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious. | -| Service Enabled | **Enabled** | **Enabled**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users. | -| Notify Malicious | **Disabled** for devices onboarded to MDE.
**Enabled** for all other devices. | **Enabled**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password. | -| Notify Password Reuse | **Disabled** | **Enabled**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password. | -| Notify Unsafe App | **Disabled** | **Enabled**: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps. | - #### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune) | Settings catalog element | Recommended value | From 5bd47ce048f0d63c042b12ec1bb18467294bfff1 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 14 Feb 2024 10:02:19 -0500 Subject: [PATCH 2/7] Updating Technet/MSDN links and getting rid of gremlins --- .../do/delivery-optimization-proxy.md | 6 +-- .../do/delivery-optimization-test.md | 30 +++++------ .../waas-delivery-optimization-reference.md | 12 ++--- .../do/waas-delivery-optimization-setup.md | 14 ++--- ...r-windows-8-windows-7-and-windows-vista.md | 2 +- .../windows-10-enterprise-faq-itpro.yml | 52 +++++++++---------- .../deployment/update/waas-configure-wufb.md | 35 ++++++------- ...s-servicing-strategy-windows-10-updates.md | 16 +++--- .../deployment/usmt/usmt-best-practices.md | 4 +- .../monitor-activation-client.md | 2 +- .../plan-for-volume-activation-client.md | 3 +- .../volume-activation-windows-10.md | 4 +- .../windows-10-poc-sc-config-mgr.md | 16 ++---- windows/deployment/windows-10-poc.md | 2 - ...-autopatch-device-registration-overview.md | 42 +++++++-------- ...utopatch-groups-manage-autopatch-groups.md | 46 ++++++++-------- .../windows-autopatch-groups-overview.md | 42 +++++++-------- ...ows-autopatch-post-reg-readiness-checks.md | 20 +++---- .../windows-autopatch-register-devices.md | 4 +- .../windows-autopatch-device-alerts.md | 6 +-- ...s-manage-windows-feature-update-release.md | 34 ++++++------ ...dows-autopatch-groups-update-management.md | 2 +- ...-groups-windows-feature-update-overview.md | 32 ++++++------ ...indows-feature-update-summary-dashboard.md | 2 +- ...ity-and-feature-update-reports-overview.md | 6 +-- ...-groups-windows-quality-update-overview.md | 8 +-- ...indows-quality-update-summary-dashboard.md | 2 +- ...windows-autopatch-groups-windows-update.md | 4 +- .../windows-autopatch-maintain-environment.md | 4 +- ...atch-manage-driver-and-firmware-updates.md | 14 ++--- ...autopatch-microsoft-365-apps-enterprise.md | 6 +-- ...autopatch-policy-health-and-remediation.md | 2 +- .../windows-autopatch-unenroll-tenant.md | 8 +-- .../windows-autopatch-deployment-guide.md | 2 +- .../overview/windows-autopatch-privacy.md | 2 +- ...indows-autopatch-roles-responsibilities.md | 2 +- ...ws-autopatch-conflicting-configurations.md | 16 +++--- ...tch-windows-update-unsupported-policies.md | 10 ++-- .../windows-autopatch-whats-new-2023.md | 2 +- 39 files changed, 254 insertions(+), 262 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index daa2eca850..b300268967 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -10,7 +10,7 @@ manager: aaroncz ms.reviewer: mstewart ms.collection: tier3 ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 - ✅ Windows 10 - ✅ Delivery Optimization @@ -21,11 +21,11 @@ ms.date: 06/02/2023 When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls. -Delivery Optimization provides a token to WinHttp that corresponds to the user that is signed in currently. In turn, WinHttp automatically authenticates the user against the proxy server set either in Internet Explorer or in the **Proxy Settings** menu in Windows. +Delivery Optimization provides a token to WinHttp that corresponds to the user that is signed in currently. In turn, WinHttp automatically authenticates the user against the proxy server set either in Internet Explorer or in the **Proxy Settings** menu in Windows. For downloads that use Delivery Optimization to successfully use the proxy, you should set the proxy via Windows **Proxy Settings** or the Internet Explorer proxy settings. -Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required. +Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the "NetworkService" context if proxy authentication is required. > [!NOTE] > We don't recommend that you use `netsh winhttp set proxy ProxyServerName:PortNumber`. Using this offers no auto-detection of the proxy, no support for an explicit PAC URL, and no authentication to the proxy. This setting is ignored by WinHTTP for requests that use auto-discovery (if an interactive user token is used). diff --git a/windows/deployment/do/delivery-optimization-test.md b/windows/deployment/do/delivery-optimization-test.md index 51daba73a3..8f6386d9bf 100644 --- a/windows/deployment/do/delivery-optimization-test.md +++ b/windows/deployment/do/delivery-optimization-test.md @@ -10,9 +10,9 @@ ms.reviewer: mstewart manager: aaroncz ms.collection: tier3 ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 -- ✅ Windows 10 +- ✅ Windows 10 - ✅ Delivery Optimization ms.date: 11/08/2022 --- @@ -25,15 +25,15 @@ Delivery Optimization is a powerful and useful tool to help enterprises manage b ## Monitoring The Results -Since Delivery Optimization is on by default, you'll be able to monitor the value either through the Windows Settings for ‘Delivery Optimization’, using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report.](../update/wufb-reports-workbook.md) experience in Azure. +Since Delivery Optimization is on by default, you'll be able to monitor the value either through the Windows Settings for 'Delivery Optimization', using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report.](../update/wufb-reports-workbook.md) experience in Azure. -In the case where Delivery Optimization isn't working in your environment, it's important to investigate to get to the root of the problem. We recommend a test environment be created to easily evaluate typical devices to ensure Delivery Optimization is working properly. For starters, ‘Scenario 1: Basic Setup’ should be created to test the use of Delivery Optimization between two machines. This scenario is designed to eliminate any noise in the environment to ensure there's nothing preventing Delivery Optimization from working on the devices. Once you have a baseline, you can expand the test environment for more sophisticated tests. +In the case where Delivery Optimization isn't working in your environment, it's important to investigate to get to the root of the problem. We recommend a test environment be created to easily evaluate typical devices to ensure Delivery Optimization is working properly. For starters, 'Scenario 1: Basic Setup' should be created to test the use of Delivery Optimization between two machines. This scenario is designed to eliminate any noise in the environment to ensure there's nothing preventing Delivery Optimization from working on the devices. Once you have a baseline, you can expand the test environment for more sophisticated tests. ## Expectations and Goals The focus of the testing scenarios in this article is primarily centered on demonstrating the Delivery Optimization policies centered around the successful downloading of bytes using P2P. More specifically, the goal will be to show peer to peer is working as expected, using the following criteria: -* Peers can find each other (for example on the same LAN / subnet / Group – matching your 'Download Mode' policy). +* Peers can find each other (for example on the same LAN / subnet / Group - matching your 'Download Mode' policy). * Files are downloading in the expected 'Download Mode' policy setting (validates connectivity to DO cloud, HTTP, and local configs). * At least some downloads happening via P2P (validates connectivity between peers). @@ -45,7 +45,7 @@ Several elements that influence overall peering, using Delivery Optimization. Th ### Delivery Optimization is a Hybrid P2P Platform -* Delivery Optimization’s hybrid approach to downloading from multiple sources (HTTP and peer) in parallel is especially critical for large-scale environments, constantly assessing the optimal source from which to deliver the content. In conjunction, the distribution of content cache, across participating devices, contributes to Delivery Optimization’s ability to find bandwidth savings as more peers become available. +* Delivery Optimization's hybrid approach to downloading from multiple sources (HTTP and peer) in parallel is especially critical for large-scale environments, constantly assessing the optimal source from which to deliver the content. In conjunction, the distribution of content cache, across participating devices, contributes to Delivery Optimization's ability to find bandwidth savings as more peers become available. * At the point a download is initiated, the DO client starts downloading from the HTTP source and discovering peers simultaneously. With a smaller file, most of the bytes could be downloaded from an HTTP source before connecting to a peer, even though peers are available. With a larger file and quality LAN peers, it might reduce the HTTP request rate to near zero, but only after making those initial requests from HTTP. @@ -74,7 +74,7 @@ Machine 1 will download zero bytes from peers and Machine 2 will download 50-99% |Pause Windows Updates | This controls the test environment so no other content is made available during the test, and potentially altering the outcome of the test. If there are problems and no peering happens, use 'Get-DeliveryOptimizationStatus' on the first machine to return a real-time list of the connected peers. | |Ensure all Store apps are up to date | This will help prevent any new, unexpected updates to download during testing. | |Delivery Optimization 'Download Mode' Policy | 2 (Group)(set on each machine) | -|Delivery Optimization 'GroupID' Policy | Set the *same* 'GUID' on each test machine. A GUID is a required value, which can be generated using PowerShell, ‘[[guid]::NewGuid().](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)’. | +|Delivery Optimization 'GroupID' Policy | Set the *same* 'GUID' on each test machine. A GUID is a required value, which can be generated using PowerShell, '[[guid]::NewGuid().](https://devblogs.microsoft.com/scripting/powertip-create-a-new-guid-by-using-powershell/)'. | |**Required on Windows 11 devices only** set Delivery Optimization 'Restrict Peer Selection' policy | 0-NAT (set on each machine). The default behavior in Windows 11 is set to '2-Local Peer Discovery'. For testing purposes, this needs to be scoped to the NAT. | #### Test Instructions @@ -126,7 +126,7 @@ Machine 1 will download zero bytes from peers and Machine 2 will find peers and |Disk size | 127 GB | |Network | Connected to same network, one that is representative of the corporate network. | |Delivery Optimization 'Download Mode' Policy| 2 (Group)(set on each machine) | -|Delivery Optimization 'Group ID' Policy| Set the *same* 'GUID' on each test machine. A GUID is required value, which can be generated using PowerShell, '[guid]::NewGuid().](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)'. | +|Delivery Optimization 'Group ID' Policy| Set the *same* 'GUID' on each test machine. A GUID is required value, which can be generated using PowerShell, '[guid]::NewGuid().](https://devblogs.microsoft.com/scripting/powertip-create-a-new-guid-by-using-powershell/)'. | |Delivery Optimization 'Delay background download from http' Policy | 60 (set on each machine) | |Delivery Optimization 'Delay foreground download from http Policy |60 (set on each machine) | @@ -134,13 +134,13 @@ Machine 1 will download zero bytes from peers and Machine 2 will find peers and The following set of instructions will be used for each machine: -1. Clear the DO cache: ‘Delete-DeliveryOptimizationCache’. +1. Clear the DO cache: 'Delete-DeliveryOptimizationCache'. 2. Open MS Store and search for 'Asphalt Legends 9'. Select *Get* to initiate the download of the content (content size: ~3.4 GB). 3. Open PowerShell console as Administrator. Run 'Get-DeliveryOptimizationStatus'. **On machine #1:** -* Run ‘Test Instructions’ +* Run 'Test Instructions' **Output: Windows 10 (21H2)** @@ -149,14 +149,14 @@ The following set of instructions will be used for each machine: **Observations** * The first download in the group of devices shows all bytes coming from HTTP, 'BytesFromHttp'. -* Download is in the ‘Foreground’ because the Store app is doing the download and in the foreground on the device because it is initiated by the user in the Store app. +* Download is in the 'Foreground' because the Store app is doing the download and in the foreground on the device because it is initiated by the user in the Store app. * No peers are found. *Wait 5 minutes*. **On machine #2:** -* Run ‘Test Instructions’ +* Run 'Test Instructions' **Output** Windows 10 (21H2) @@ -171,7 +171,7 @@ The following set of instructions will be used for each machine: **On machine #3:** -* Run ‘Test Instructions’ +* Run 'Test Instructions' **Output:** Windows 10 (21H2) @@ -185,8 +185,8 @@ The following set of instructions will be used for each machine: ## Peer sourcing observations for all machines in the test group -The distributed nature of the Delivery Optimization technology is obvious when you rerun the ‘Get-DeliveryOptimizationStatus’ cmdlet on each of the test machines. For each, there's a new value populated for the ‘BytesToLanPeers’ field. This demonstrates that as more peers become available, the requests to download bytes are distributed across the peering group and act as the source for the peering content. Each peer plays a role in servicing the other. - +The distributed nature of the Delivery Optimization technology is obvious when you rerun the 'Get-DeliveryOptimizationStatus' cmdlet on each of the test machines. For each, there's a new value populated for the 'BytesToLanPeers' field. This demonstrates that as more peers become available, the requests to download bytes are distributed across the peering group and act as the source for the peering content. Each peer plays a role in servicing the other. + **Output:** Machine 1 'BytesToPeers' sourced from Machine 1 are '5704426044'. This represents the total number of bytes downloaded by the two peers in the group. diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index 20bea68778..6cbb71fef0 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -10,9 +10,9 @@ manager: aaroncz ms.reviewer: mstewart ms.collection: tier3 ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 -- ✅ Windows 10 +- ✅ Windows 10 - ✅ Delivery Optimization ms.date: 07/31/2023 --- @@ -144,7 +144,7 @@ MDM Setting: **DOGroupID** By default, peer sharing on clients using the Group download mode (option 2) is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but don't fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a subgroup representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. >[!NOTE] ->To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/) +>To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://devblogs.microsoft.com/scripting/powertip-create-a-new-guid-by-using-powershell/) > >This configuration is optional and not required for most implementations of Delivery Optimization. @@ -161,9 +161,9 @@ Starting in Windows 10, version 1803, set this policy to restrict peer selection - 4 = DNS Suffix - 5 = Starting with Windows 10, version 1903, you can use the Microsoft Entra tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. -When set, the Group ID will be assigned automatically from the selected source. This policy is ignored if the GroupID policy is also set. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored. +When set, the Group ID will be assigned automatically from the selected source. This policy is ignored if the GroupID policy is also set. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Microsoft Entra tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored. -### Minimum RAM (inclusive) allowed to use Peer Caching +### Minimum RAM (inclusive) allowed to use Peer Caching MDM Setting: **DOMinRAMAllowedToPeer** @@ -313,7 +313,7 @@ This setting determines whether a device will be allowed to participate in Peer MDM Setting: **DOVpnKeywords** -This policy allows you to set one or more comma-separated keywords used to recognize VPN connections. **By default, this policy is not set so if a VPN is detected, the device will not use peering.** Delivery Optimization automatically detects a VPN connection by looking at the network adapter's 'Description' and 'FriendlyName' strings using the default keyword list including: “VPN”, “Secure”, and “Virtual Private Network” (ex: “MSFTVPN” matches the “VPN” keyword). As the number of VPNs grow it’s difficult to support an ever-changing list of VPN names. To address this, we’ve introduced this new setting to set unique VPN names to meet the needs of individual environments. +This policy allows you to set one or more comma-separated keywords used to recognize VPN connections. **By default, this policy is not set so if a VPN is detected, the device will not use peering.** Delivery Optimization automatically detects a VPN connection by looking at the network adapter's 'Description' and 'FriendlyName' strings using the default keyword list including: "VPN", "Secure", and "Virtual Private Network" (ex: "MSFTVPN" matches the "VPN" keyword). As the number of VPNs grow it's difficult to support an ever-changing list of VPN names. To address this, we've introduced this new setting to set unique VPN names to meet the needs of individual environments. ### Disallow cache server downloads on VPN diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index 9291818694..3435fc58f4 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -8,11 +8,11 @@ author: cmknox ms.author: carmenf ms.reviewer: mstewart manager: aaroncz -ms.collection: +ms.collection: - tier3 - essentials-get-started ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 - ✅ Windows 10 - ✅ Delivery Optimization @@ -119,9 +119,9 @@ This section summarizes common problems and some solutions to try. If you don't see any bytes coming from peers the cause might be one of the following issues: -- Clients aren’t able to reach the Delivery Optimization cloud services. -- The cloud service doesn’t see other peers on the network. -- Clients aren’t able to connect to peers that are offered back from the cloud service. +- Clients aren't able to reach the Delivery Optimization cloud services. +- The cloud service doesn't see other peers on the network. +- Clients aren't able to connect to peers that are offered back from the cloud service. - None of the computers on the network are getting updates from peers. ### Clients aren't able to reach the Delivery Optimization cloud services @@ -136,10 +136,10 @@ Try these steps: Try these steps: -1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. +1. Download the same app on two different devices on the same network, waiting 10 - 15 minutes between downloads. 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be nonzero. -4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**. +4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for "what is my IP"). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer. diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md index e9bc0caf59..f105bf7efb 100644 --- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md +++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md @@ -73,7 +73,7 @@ The following table lists the known compatibility fixes for all Windows operatin |EnableRestarts|The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes.

The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.

**Note:** For more detailed information about this application fix, see [Using the EnableRestarts Fix](/previous-versions/windows/it-pro/windows-7/ff720128(v=ws.10)).
| |ExtraAddRefDesktopFolder|The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed.

The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.| |FailObsoleteShellAPIs|The problem occurs when an application fails because it generated deprecated API calls.

The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail.

**Note:** You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail.
| -|FailRemoveDirectory|The problem occurs when an application uninstallation process does not remove all of the application files and folders.

This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported.

The fixcan resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.| +|FailRemoveDirectory|The problem occurs when an application uninstallation process does not remove all of the application files and folders.

This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path - no partial paths are supported.

The fixcan resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.| |FakeLunaTheme|The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed.

The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna).

**Note:** For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](/previous-versions/windows/it-pro/windows-7/cc766315(v=ws.10)).
| |FlushFile|This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes.

The fixenables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.| |FontMigration|The fix replaces an application-requested font with a better font selection, to avoid text truncation.| diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml index 3dee852942..83a32672ea 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml @@ -9,7 +9,7 @@ metadata: ms.localizationpriority: medium ms.sitesec: library ms.date: 10/28/2022 - ms.reviewer: + ms.reviewer: author: frankroj ms.author: frankroj manager: aaroncz @@ -26,17 +26,17 @@ sections: Where can I download Windows 10 Enterprise? answer: | If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you don't have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/Licensing/how-to-buy/how-to-buy.aspx). - + - question: | What are the system requirements? answer: | - For details, see [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752). - + For details, see [Windows 10 Enterprise system requirements](/windows/windows-10-specifications#areaheading-uid09f4). + - question: | What are the hardware requirements for Windows 10? answer: | Most computers that are compatible with Windows 8.1 will be compatible with Windows 10. You may need to install updated drivers in Windows 10 for your devices to properly function. For more information, see [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications). - + - question: | Can I evaluate Windows 10 Enterprise? answer: | @@ -55,17 +55,17 @@ sections: - [Dell driver packs for enterprise client OS deployment](https://www.dell.com/support/kbdoc/en-us/000124139/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment) - [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/solutions/ht074984) - [Panasonic Driver Pack for Enterprise](https://pc-dl.panasonic.co.jp/itn/drivers/driver_packages.html) - + - question: | Where can I find out if an application or device is compatible with Windows 10? answer: | Many existing Win32 and Win64 applications already run reliably on Windows 10 without any changes. You can also expect strong compatibility and support for Web apps and devices. - + - question: | Is there an easy way to assess if my organization's devices are ready to upgrade to Windows 10? answer: | [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without other infrastructure requirements. This service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. - + - name: Administration and deployment questions: - question: | @@ -78,36 +78,36 @@ sections: - [MDT](/mem/configmgr/mdt) is a collection of tools, processes, and guidance for automating desktop and server deployment. - The [Windows ADK](/windows-hardware/get-started/adk-install) has tools that allow you to customize Windows images for large-scale deployment, and test system quality and performance. You can download the latest version of the Windows ADK for Windows 10 from the Hardware Dev Center. - + - question: | Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image? answer: | Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md). - + - question: | Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free? answer: | If you have Windows 7 Enterprise or Windows 8.1 Enterprise and current Windows 10 Enterprise E3 or E5 subscription, you're entitled to the upgrade to Windows 10 Enterprise through the rights of Software Assurance. You can find your product keys and installation media at the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). - + For devices that are licensed under a volume license agreement for Windows that doesn't include Software Assurance, new licenses will be required to upgrade these devices to Windows 10. - + - name: Managing updates questions: - question: | What is Windows as a service? answer: | The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. For more information, see [Overview of Windows as a service](../update/waas-overview.md). - + - question: | How is servicing different with Windows as a service? answer: | Traditional Windows servicing has included several release types: major revisions (for example, Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality two to three times per year, and quality updates that provide security and reliability fixes at least once a month. - + - question: | What are the servicing channels? answer: | - To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels). - + To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how aggressively their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. With that in mind, Microsoft offers two servicing channels for Windows 10: General Availability Channel, and Long-Term Servicing Channel (LTSC). For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information). For more information on each channel, see [servicing channels](../update/waas-overview.md#servicing-channels). + - question: | What tools can I use to manage Windows as a service updates? answer: | @@ -116,25 +116,25 @@ sections: - Windows Update for Business - Windows Server Update Services - Microsoft Configuration Manager - + For more information, see [Servicing Tools](../update/waas-overview.md#servicing-tools). - + - name: User experience questions: - question: | Where can I find information about new features and changes in Windows 10 Enterprise? answer: | For an overview of the new enterprise features in Windows 10 Enterprise, see [What's new in Windows 10](/windows/whats-new/) and [What's new in Windows 10, version 1703](/windows/whats-new/whats-new-windows-10-version-1703) in the Docs library. - + Another place to track the latest information about new features of interest to IT professionals is the [Windows for IT Pros blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog). Here you'll find announcements of new features, information on updates to the Windows servicing model, and details about the latest resources to help you more easily deploy and manage Windows 10. - + To find out which version of Windows 10 is right for your organization, you can also [compare Windows editions](https://www.microsoft.com/WindowsForBusiness/Compare). - + - question: | How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1? answer: | Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. - + - question: | How does Windows 10 help people work with applications and data across various devices? answer: | @@ -143,13 +143,13 @@ sections: - Universal apps now open in windows instead of full screen. - [Multitasking is improved with adjustable Snap](https://blogs.windows.com/windows-insider/2015/06/04/arrange-your-windows-in-a-snap/), which allows you to have more than two windows side-by-side on the same screen and to customize how those windows are arranged. - Tablet Mode to simplify using Windows with a finger or pen by using touch input. - + - name: Help and support questions: - question: | Where can I ask a question about Windows 10? answer: | Use the following resources for additional information about Windows 10. - - If you're an IT professional or if you have a question about administering, managing, or deploying Windows 10 in your organization or business, visit the [Windows 10 IT Professional forums](https://social.technet.microsoft.com/forums/home?category=windows10itpro) on TechNet. - - If you're an end user or if you have a question about using Windows 10, visit the [Windows 10 forums on Microsoft Community](https://answers.microsoft.com/windows/forum). - - If you're a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev). + - [Microsoft Q&A](/answers/) + - [Microsoft Support Community](https://answers.microsoft.com/) + diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 4a74fbe288..4898553b21 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -10,7 +10,7 @@ ms.topic: conceptual ms.subservice: itpro-updates ms.collection: - tier1 -appliesto: +appliesto: - ✅ Windows 11 - ✅ Windows 10 - ✅ Windows Server 2022 @@ -21,12 +21,12 @@ ms.date: 11/30/2023 # Configure Windows Update for Business -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) > [!NOTE] > Windows Server _doesn't_ get feature updates from Windows Update, so only the quality update policies apply. This behavior doesn't apply to [Azure Stack hyperconverged infrastructure (HCI)](/azure-stack/hci/). - -You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this article provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). + +You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this article provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). > [!IMPORTANT] > Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels). @@ -34,17 +34,17 @@ You can use Group Policy or your mobile device management (MDM) service to confi ## Start by grouping devices -By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups, which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization. +By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups, which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization. >[!TIP] ->In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/). +>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft's design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/). ## Configure devices for the appropriate service channel -With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels). +With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels). **Release branch policies** @@ -65,7 +65,7 @@ Starting with Windows 10, version 1703, users can configure the branch readiness ## Configure when devices receive feature updates -After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value. +After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value. For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` won't install a feature update that is first publicly available on Windows Update in September until 30 days later, in October. @@ -87,7 +87,7 @@ For example, a device on the General Availability Channel with `DeferFeatureUpda You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again. -Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. +Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date. @@ -104,7 +104,7 @@ In cases where the pause policy is first applied after the configured start date | MDM for Windows 10, version 1607 or later:
../Vendor/MSFT/Policy/Config/Update/
**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates
**1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime | | MDM for Windows 10, version 1511:
../Vendor/MSFT/Policy/Config/Update/
**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause | -You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. +You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. The local group policy editor (GPEdit.msc) won't reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values: @@ -125,7 +125,7 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha ## Configure when devices receive quality updates -Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value. +Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value. You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates. @@ -145,7 +145,7 @@ You can set your system to receive updates for other Microsoft products—known You can also pause a system from receiving quality updates for a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality updates. Following this scan, you can then pause quality updates for the device again. -Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. +Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date. @@ -210,10 +210,10 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving | MDM for Windows 10, version 1607 and later:
../Vendor/MSFT/Policy/Config/Update/
**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate | ## Enable optional updates - + In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy. -To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. +To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. :::image type="content" source="media/7991583-update-seeker-enabled.png" alt-text="Screenshot of the Get the latest updates as soon as they're available option in the Windows updates page of Settings." lightbox="media/7991583-update-seeker-enabled.png"::: @@ -230,7 +230,7 @@ The following options are available for the policy: - **Users can select which optional updates to receive**: - Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**. - - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled. + - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled. - CFRs are offered to the device, but not necessarily in the early phases of the rollout. - Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then: - The device will receive CFRs in early phases of the rollout. @@ -249,7 +249,7 @@ The following options are available for the policy: ## Enable features that are behind temporary enterprise feature control -New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. +New features and enhancements are introduced through the monthly cumulative update to provide continuous innovation for Windows 11. To give organizations time to plan and prepare, some of these new features are temporarily turned off by default. Features that are turned off by default are listed in the KB article for the monthly cumulative update. Typically, a feature is selected to be off by default because it either impacts the user experience or IT administrators significantly. The features that are behind temporary enterprise feature control will be enabled in the next annual feature update. Organizations can choose to deploy feature updates at their own pace, to delay these features until they're ready for them. For a list of features that are turned off by default, see [Windows 11 features behind temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control). @@ -274,7 +274,7 @@ The following are quick-reference tables of the supported policy values for Wind | BranchReadinessLevel | REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast
4: Systems take feature updates for the Windows Insider build - Slow
8: Systems take feature updates for the Release Windows Insider build

Other value or absent: Receive all applicable updates | | DeferFeatureUpdates | REG_DWORD | 1: Defer feature updates
Other value or absent: Don't defer feature updates | | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days | -| DeferQualityUpdates | REG_DWORD | 1: Defer quality updates
Other value or absent: Don't defer quality updates | +| DeferQualityUpdates | REG_DWORD | 1: Defer quality updates
Other value or absent: Don't defer quality updates | | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: Defer quality updates by given days | | ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: Exclude Windows Update drivers
Other value or absent: Offer Windows Update drivers | | PauseFeatureUpdatesStartTime | REG_DWORD |1: Pause feature updates
Other value or absent: Don't pause feature updates | @@ -310,4 +310,3 @@ When a device running a newer version sees an update available on Windows Update | PauseFeatureUpdates | PauseFeatureUpdatesStartTime | | PauseQualityUpdates | PauseQualityUpdatesStartTime | - \ No newline at end of file diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index fa5ee150d4..2e0aea738c 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -8,30 +8,30 @@ author: mestew ms.author: mstewart manager: aaroncz ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 -- ✅ Windows 10 +- ✅ Windows 10 ms.date: 12/31/2017 --- # Prepare a servicing strategy for Windows client updates -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) +> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) Here's an example of what this process might look like: - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they're available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate prerelease builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business. -- **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. +- **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you're looking for feedback rather than people to just "try it out" and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible. -- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain needs to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for "ADMX download for Windows build xxxx". For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) +- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain needs to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/troubleshoot/windows-server/group-policy/manage-group-policy-adm-file) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for "ADMX download for Windows build xxxx". For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) - **Choose a servicing tool.** Decide which product you'll use to manage the Windows updates in your environment. If you're currently using Windows Server Update Services (WSUS) or Microsoft Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you'll use, consider how you'll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools). -- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). +- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful: 1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier "Configure test devices" step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. -2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it's still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity represents most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the "Recruit volunteers" step of the previous section. Be sure to communicate clearly that you're looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it. -3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don't prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. +2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it's still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity represents most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the "Recruit volunteers" step of the previous section. Be sure to communicate clearly that you're looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it. +3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don't prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 52e3d80761..389249762f 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -46,7 +46,7 @@ This article discusses general and security-related best practices when using Us - **Chkdsk.exe.** - Microsoft recommends running **Chkdsk.exe** before running the **ScanState** and **LoadState** tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)). + Microsoft recommends running **Chkdsk.exe** before running the **ScanState** and **LoadState** tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/windows-server/administration/windows-commands/chkdsk). - **Migrate in groups.** @@ -112,7 +112,7 @@ As the authorized administrator, it's the responsibility to protect the privacy The migration performance can be affected when the **\** element is used with the **\** element. For example, when encapsulating logical units of file- or path-based **\** and **\** rules. In the **User** context, a rule is processed one time for each user on the system. - + In the **System** context, a rule is processed one time for the system. In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index e48768162a..68eaa5f6d0 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -34,7 +34,7 @@ You can monitor the success of the activation process for a computer running Win - Using the Volume Licensing Service Center website to track use of MAK keys. -- Using the `Slmgr /dlv` command on a client computer or on the KMS host. For a full list of options, see [Slmgr.vbs options](/previous-versions//ff793433(v=technet.10)). +- Using the `Slmgr /dlv` command on a client computer or on the KMS host. For a full list of options, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options). - Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it's available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index dee94991fe..ee148819de 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -62,7 +62,8 @@ Volume licensing offers customized programs that are tailored to the size and pu - Purchase a fully packaged retail product The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. -Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. + +Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and Visual Studio Online. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. > [!NOTE] > Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index a483753c32..21815eaad8 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -37,7 +37,7 @@ ms.subservice: itpro-fundamentals This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. -*Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as [Open](https://www.microsoft.com/Licensing/licensing-programs/open-license) and [Select](https://www.microsoft.com/Licensing/licensing-programs/select)) and to participants in programs such as the [Microsoft Partner Program](https://partner.microsoft.com/) and [MSDN Subscriptions](https://visualstudio.microsoft.com/msdn-platforms/). +*Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as [Open](https://www.microsoft.com/Licensing/licensing-programs/open-license) and [Select](https://www.microsoft.com/Licensing/licensing-programs/select)) and to participants in programs such as the [Microsoft Partner Program](https://partner.microsoft.com/) and [Visual Studio Online](https://visualstudio.microsoft.com/msdn-platforms/). Volume activation is a configurable solution that helps automate and manage the product activation process on computers running Windows operating systems that have been licensed under a volume licensing program. Volume activation is also used with other software from Microsoft (most notably the Office suites) that are sold under volume licensing agreements and that support volume activation. @@ -47,7 +47,7 @@ Because most organizations won't immediately switch all computers to Windows 10, Volume activation -and the need for activation itself- isn't new, and this guide doesn't review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). -If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). +If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, see the [Volume Activation Planning Guide](/previous-versions/tn-archive/dd878528(v=technet.10)). To successfully plan and implement a volume activation strategy, you must: diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 0ea49d8ff8..c481efb0a5 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -157,7 +157,7 @@ The procedures in this guide are summarized in the following table. An estimate You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**. - If the WMI service isn't started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information. + If the WMI service isn't started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [winmgmt](/windows/win32/wmisdk/winmgmt) for troubleshooting information. 5. To extend the Active Directory schema, enter the following command at an elevated Windows PowerShell prompt: @@ -230,15 +230,9 @@ The procedures in this guide are summarized in the following table. An estimate ## Download MDOP and install DaRT > [!IMPORTANT] -> This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). - - -1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. +1. Download the Microsoft Desktop Optimization Pack 2015 to the Hyper-V host from Visual Studio Online or from the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331) site. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. 2. Enter the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1: @@ -780,7 +774,7 @@ If you've already completed steps in [Deploy Windows 10 in a test lab using Micr [Settings] Priority=Default Properties=OSDMigrateConfigFiles,OSDMigrateMode - + [Default] DoCapture=NO ComputerBackupLocation=NONE @@ -1092,7 +1086,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example). - Select **Next** twice and then select **Close** in both windows. -3. Select **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Don't proceed until this name is displayed. +3. Select **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Don't proceed until this name is displayed. ### Create a new deployment diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 86751f5eee..91aadc47e7 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -118,8 +118,6 @@ The two Windows Server VMs can be combined into a single VM to conserve RAM and ### Verify support and install Hyper-V -Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. - 1. To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: ```cmd diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md index 53d37167e5..d67d35f75a 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md @@ -19,7 +19,7 @@ ms.collection: Windows Autopatch must [register your existing devices](windows-autopatch-register-devices.md) into its service to manage update deployments on your behalf. -The Windows Autopatch device registration process is transparent for end-users because it doesn’t require devices to be reset. +The Windows Autopatch device registration process is transparent for end-users because it doesn't require devices to be reset. The overall device registration process is as follows: @@ -48,11 +48,11 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. | | **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Microsoft Entra ID assigned or dynamic groups into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group when using adding existing device-based Microsoft Entra groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group | | **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Microsoft Entra ID assigned group or from Microsoft Entra groups used with Autopatch groups in **step #2**. The Microsoft Entra device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Microsoft Entra ID when registering devices into its service.

  1. Once devices are discovered from the Microsoft Entra group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Microsoft Entra ID in this step:
    1. **AzureADDeviceID**
    2. **OperatingSystem**
    3. **DisplayName (Device name)**
    4. **AccountEnabled**
    5. **RegistrationDateTime**
    6. **ApproximateLastSignInDateTime**
  2. In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.
| -| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:
  1. **Serial number, model, and manufacturer.**
    1. Checks if the serial number already exists in the Windows Autopatch’s managed device database.
  2. **If the device is Intune-managed or not.**
    1. Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.
      1. If **yes**, it means this device is enrolled into Intune.
      2. If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.
    2. **If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.
      1. Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.
      2. A common reason is when the Microsoft Entra device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).
    3. **If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.
  3. **If the device is a Windows device or not.**
    1. Windows Autopatch looks to see if the device is a Windows and corporate-owned device.
      1. **If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.
      2. **If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.
  4. **Windows Autopatch checks the Windows SKU family**. The SKU must be either:
    1. **Enterprise**
    2. **Pro**
    3. **Pro Workstation**
  5. **If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:
    1. **Only managed by Intune.**
      1. If the device is only managed by Intune, the device is marked as Passed all prerequisites.
    2. **Co-managed by both Configuration Manager and Intune.**
      1. If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:
        1. **Windows Updates Policies**
        2. **Device Configuration**
        3. **Office Click to Run**
      2. If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.
| -| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:
  1. If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.
  2. If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.
| -| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:
  1. **Modern Workplace Devices-Windows Autopatch-First**
    1. The Windows Autopatch device registration process doesn’t automatically assign devices to the Test ring represented by the Microsoft Entra group (**Modern Workplace Devices-Windows Autopatch-Test**). It’s important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.
  2. **Modern Workplace Devices-Windows Autopatch-Fast**
  3. **Modern Workplace Devices-Windows Autopatch-Broad**
    4. Then the second deployment ring set, the software updates-based deployment ring set represented by the following Microsoft Entra groups:
| +| **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:
  1. **Serial number, model, and manufacturer.**
    1. Checks if the serial number already exists in the Windows Autopatch's managed device database.
  2. **If the device is Intune-managed or not.**
    1. Windows Autopatch looks to see **if the Microsoft Entra device ID has an Intune device ID associated with it**.
      1. If **yes**, it means this device is enrolled into Intune.
      2. If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.
    2. **If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Microsoft Entra device attributes gathered and saved to its memory in **step 3a**.
      1. Once it has the device attributes gathered from Microsoft Entra ID in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn't enrolled into Intune.
      2. A common reason is when the Microsoft Entra device ID is stale, it doesn't have an Intune device ID associated with it anymore. To remediate, [clean up any stale Microsoft Entra device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).
    3. **If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.
  3. **If the device is a Windows device or not.**
    1. Windows Autopatch looks to see if the device is a Windows and corporate-owned device.
      1. **If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.
      2. **If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.
  4. **Windows Autopatch checks the Windows SKU family**. The SKU must be either:
    1. **Enterprise**
    2. **Pro**
    3. **Pro Workstation**
  5. **If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:
    1. **Only managed by Intune.**
      1. If the device is only managed by Intune, the device is marked as Passed all prerequisites.
    2. **Co-managed by both Configuration Manager and Intune.**
      1. If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:
        1. **Windows Updates Policies**
        2. **Device Configuration**
        3. **Office Click to Run**
      2. If Windows Autopatch determines that one of these workloads isn't enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.
| +| **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:
  1. If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.
  2. If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.
| +| **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to two deployment ring sets, the first one being the service-based deployment ring set represented by the following Microsoft Entra groups:
  1. **Modern Workplace Devices-Windows Autopatch-First**
    1. The Windows Autopatch device registration process doesn't automatically assign devices to the Test ring represented by the Microsoft Entra group (**Modern Workplace Devices-Windows Autopatch-Test**). It's important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.
  2. **Modern Workplace Devices-Windows Autopatch-Fast**
  3. **Modern Workplace Devices-Windows Autopatch-Broad**
    4. Then the second deployment ring set, the software updates-based deployment ring set represented by the following Microsoft Entra groups:
| | **Step 7: Assign devices to a Microsoft Entra group** | Windows Autopatch also assigns devices to the following Microsoft Entra groups when certain conditions apply:
  1. **Modern Workplace Devices - All**
    1. This group has all devices managed by Windows Autopatch.
  2. **Modern Workplace Devices - Virtual Machine**
    1. This group has all **virtual devices** managed by Windows Autopatch.
    | -| **Step 8: Post-device registration** | In post-device registration, three actions occur:
    1. Windows Autopatch adds devices to its managed database.
    2. Flags devices as **Active** in the **Registered** tab.
    3. The Microsoft Entra device ID of the device successfully registered is added into the Microsoft Cloud Managed Desktop Extension’s allowlist. Windows Autopatch installs the Microsoft Cloud Managed Desktop Extension agent once devices are registered, so the agent can communicate back to the Microsoft Cloud Managed Desktop Extension service.
      1. The agent is the **Modern Workplace - Autopatch Client setup** PowerShell script that was created during the Windows Autopatch tenant enrollment process. The script is executed once devices are successfully registered into the Windows Autopatch service.
      | +| **Step 8: Post-device registration** | In post-device registration, three actions occur:
      1. Windows Autopatch adds devices to its managed database.
      2. Flags devices as **Active** in the **Registered** tab.
      3. The Microsoft Entra device ID of the device successfully registered is added into the Microsoft Cloud Managed Desktop Extension's allowlist. Windows Autopatch installs the Microsoft Cloud Managed Desktop Extension agent once devices are registered, so the agent can communicate back to the Microsoft Cloud Managed Desktop Extension service.
        1. The agent is the **Modern Workplace - Autopatch Client setup** PowerShell script that was created during the Windows Autopatch tenant enrollment process. The script is executed once devices are successfully registered into the Windows Autopatch service.
        | | **Step 9: Review device registration status** | IT admins review the device registration status in both the **Registered** and **Not registered** tabs.
        1. If the device was **successfully registered**, the device shows up in the **Registered** tab.
        2. If **not**, the device shows up in the **Not registered** tab.
        | | **Step 10: End of registration workflow** | This is the end of the Windows Autopatch device registration workflow. | @@ -86,7 +86,7 @@ The five Microsoft Entra ID assigned groups that are used to organize devices fo | Windows Autopatch - Ring1 | First production deployment ring for early adopters. | | Windows Autopatch - Ring2 | Fast deployment ring for quick rollout and adoption. | | Windows Autopatch - Ring3 | Final deployment ring for broad rollout into the organization. | -| Windows Autopatch - Last | Optional deployment ring for specialized devices or VIP/executives that must receive software update deployments after it’s well tested with early and general populations in an organization. | +| Windows Autopatch - Last | Optional deployment ring for specialized devices or VIP/executives that must receive software update deployments after it's well tested with early and general populations in an organization. | In the software-based deployment ring set, each deployment ring has a different set of update deployment policies to control the updates rollout. @@ -94,7 +94,7 @@ In the software-based deployment ring set, each deployment ring has a different > Adding or importing devices directly into any of these groups isn't supported. Doing so might affect the Windows Autopatch service. To move devices between these groups, see [Moving devices in between deployment rings](#moving-devices-in-between-deployment-rings). > [!IMPORTANT] -> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or software updates-based (**Windows Autopatch – Test and Windows Autopatch – Last**) in the Default Autopatch group. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments. +> Windows Autopatch device registration doesn't assign devices to the Test deployment rings of either the service-based (**Modern Workplace Devices-Windows Autopatch-Test**), or software updates-based (**Windows Autopatch - Test and Windows Autopatch - Last**) in the Default Autopatch group. This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments. During the device registration process, Windows Autopatch assigns each device to a [service-based and software-update based deployment ring](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings) so that the service has the proper representation of device diversity across your organization. @@ -107,15 +107,15 @@ The deployment ring distribution is designed to release software update deployme The Windows Autopatch deployment ring calculation occurs during the device registration process and it applies to both the [service-based and the software update-based deployment ring sets](../deploy/windows-autopatch-groups-overview.md#service-based-versus-software-update-based-deployment-rings): -- If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**. -- If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**. +- If the Windows Autopatch tenant's existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**. +- If the Windows Autopatch tenant's existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**. > [!NOTE] > You can customize the deployment ring calculation logic by editing the Default Autopatch group. | Service-based deployment ring | Default Autopatch group deployment ring | Default device balancing percentage | Description | | ----- | ----- | ----- | ----- | -| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:
        • **0–500** devices: minimum **one** device.
        • **500–5000** devices: minimum **five** devices.
        • **5000+** devices: minimum **50** devices.
        Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. | +| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:
        • **0-500** devices: minimum **one** device.
        • **500-5000** devices: minimum **five** devices.
        • **5000+** devices: minimum **50** devices.
        Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. | | First | Ring 1 | **1%** | The First ring is the first group of production users to receive a change.

        This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.

        Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.| | Fast | Ring 2 | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.

        The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.

        | | Broad | Ring 3 | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.| @@ -123,17 +123,17 @@ The Windows Autopatch deployment ring calculation occurs during the device reg ## Software update-based to service-based deployment ring mapping -There’s a one-to-one mapping in between the service-based and software updates-based deployment rings introduced with Autopatch groups. This mapping is intended to help move devices in between deployment rings for other software update workloads that don’t yet support Autopatch groups such as Microsoft 365 Apps and Microsoft Edge. +There's a one-to-one mapping in between the service-based and software updates-based deployment rings introduced with Autopatch groups. This mapping is intended to help move devices in between deployment rings for other software update workloads that don't yet support Autopatch groups such as Microsoft 365 Apps and Microsoft Edge. | If moving a device to | The device also moves to | | ----- | ----- | -| Windows Autopatch – Test | Modern Workplace Devices-Windows Autopatch-Test | -| Windows Autopatch – Ring1 | Modern Workplace Devices-Windows Autopatch-First | -| Windows Autopatch – Ring2 | Modern Workplace Devices-Windows Autopatch-Fast | -| Windows Autopatch – Ring3 | Modern Workplace Devices-Windows Autopatch-Broad | -| Windows Autopatch – Last | Modern Workplace Devices-Windows Autopatch-Broad | +| Windows Autopatch - Test | Modern Workplace Devices-Windows Autopatch-Test | +| Windows Autopatch - Ring1 | Modern Workplace Devices-Windows Autopatch-First | +| Windows Autopatch - Ring2 | Modern Workplace Devices-Windows Autopatch-Fast | +| Windows Autopatch - Ring3 | Modern Workplace Devices-Windows Autopatch-Broad | +| Windows Autopatch - Last | Modern Workplace Devices-Windows Autopatch-Broad | -If your Autopatch groups have more than five deployment rings, and you must move devices to deployment rings after Ring3. For example, ``. The devices will be moved to **Modern Workplace Devices-Windows Autopatch-Broad**. +If your Autopatch groups have more than five deployment rings, and you must move devices to deployment rings after Ring3. For example, ``. The devices will be moved to **Modern Workplace Devices-Windows Autopatch-Broad**. ## Moving devices in between deployment rings @@ -162,7 +162,7 @@ If you don't see the Ring assigned by column change to **Pending** in St ## Automated deployment ring remediation functions -Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch – Test** and **Windows Autopatch – Last** rings, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either: +Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either: - Changes performed by the IT admin on objects created by the Windows Autopatch tenant enrollment process, or - An issue occurred which prevented devices from getting a deployment ring assigned during the device registration process. @@ -171,8 +171,8 @@ There are two automated deployment ring remediation functions: | Function | Description | | ----- | ----- | -| Check device deployment ring membership | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch – Test and Windows Autopatch – Last** rings). | -| Multi-deployment ring device remediator | Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch – Test** and **Windows Autopatch – Last** rings). If a device is part of multiple deployment rings, Windows Autopatch randomly removes the device until the device is only part of one deployment ring. | +| Check device deployment ring membership | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test and Windows Autopatch - Last** rings). | +| Multi-deployment ring device remediator | Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test**, **Windows Autopatch - Test** and **Windows Autopatch - Last** rings). If a device is part of multiple deployment rings, Windows Autopatch randomly removes the device until the device is only part of one deployment ring. | > [!IMPORTANT] -> Windows Autopatch automated deployment ring functions don’t assign or remove devices to or from the following deployment rings:
      4. **Modern Workplace Devices-Windows Autopatch-Test**
      5. **Windows Autopatch – Test**
      6. **Windows Autopatch – Last**
        7. +> Windows Autopatch automated deployment ring functions don't assign or remove devices to or from the following deployment rings:
      7. **Modern Workplace Devices-Windows Autopatch-Test**
      8. **Windows Autopatch - Test**
      9. **Windows Autopatch - Last**
        10. diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md index c7521c70a0..e541bf8d2e 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md @@ -23,7 +23,7 @@ Autopatch groups is a logical container or unit that groups several [Microsoft E ## Autopatch groups prerequisites -Before you start managing Autopatch groups, ensure you’ve met the following prerequisites: +Before you start managing Autopatch groups, ensure you've met the following prerequisites: - Review [Windows Autopatch groups overview documentation](../deploy/windows-autopatch-groups-overview.md) to understand [key benefits](../deploy/windows-autopatch-groups-overview.md#key-benefits), [concepts](../deploy/windows-autopatch-groups-overview.md#key-concepts) and [common ways to use Autopatch groups](../deploy/windows-autopatch-groups-overview.md#common-ways-to-use-autopatch-groups) within your organization. - Ensure the following [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) are created in your tenant: @@ -32,23 +32,23 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr - Modern Workplace Update Policy [Fast]-[Windows Autopatch] - Modern Workplace Update Policy [Broad]-[Windows Autopatch] - Ensure the following [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) are created in your tenant: - - Windows Autopatch – DSS Policy [Test] - - Windows Autopatch – DSS Policy [First] - - Windows Autopatch – DSS Policy [Fast] - - Windows Autopatch – DSS Policy [Broad] -- Ensure the following Microsoft Entra ID assigned groups are in your tenant before using Autopatch groups. **Don’t** modify the Microsoft Entra group membership types (Assigned or Dynamic). Otherwise, the Windows Autopatch service won’t be able to read the device group membership from these groups and causes the Autopatch groups feature and other service-related operations to not work properly. + - Windows Autopatch - DSS Policy [Test] + - Windows Autopatch - DSS Policy [First] + - Windows Autopatch - DSS Policy [Fast] + - Windows Autopatch - DSS Policy [Broad] +- Ensure the following Microsoft Entra ID assigned groups are in your tenant before using Autopatch groups. **Don't** modify the Microsoft Entra group membership types (Assigned or Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups and causes the Autopatch groups feature and other service-related operations to not work properly. - Modern Workplace Devices-Windows Autopatch-Test - Modern Workplace Devices-Windows Autopatch-First - Modern Workplace Devices-Windows Autopatch-Fast - Modern Workplace Devices-Windows Autopatch-Broad - - Windows Autopatch – Test - - Windows Autopatch – Ring1 - - Windows Autopatch – Ring2 - - Windows Autopatch – Ring3 - - Windows Autopatch – Last + - Windows Autopatch - Test + - Windows Autopatch - Ring1 + - Windows Autopatch - Ring2 + - Windows Autopatch - Ring3 + - Windows Autopatch - Last - Additionally, **don't** modify the Microsoft Entra group ownership of any of the groups above otherwise, Autopatch groups device registration process won't be able to add devices into these groups. If the ownership is modified, you must add the **Modern Workplace Management** enterprise application as the owner of these groups. - For more information, see [assign an owner or member of a group in Microsoft Entra ID](/azure/active-directory/privileged-identity-management/groups-assign-member-owner#assign-an-owner-or-member-of-a-group) for steps on how to add owners to Azure Microsoft Entra groups. -- Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality won’t work properly. Autopatch uses app-only auth to: +- Make sure you have [app-only auth turned on in your Windows Autopatch tenant](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions). Otherwise, the Autopatch groups functionality won't work properly. Autopatch uses app-only auth to: - Read device attributes to successfully register devices. - Manage all configurations related to the operation of the service. - Make sure that all device-based Microsoft Entra groups you intend to use with Autopatch groups are created prior to using the feature. @@ -86,7 +86,7 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr 1. Once the review is done, select **Create** to save your custom Autopatch group. > [!CAUTION] -> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that’s been already used, you'll receive an error that prevents you from finish creating or editing the Autopatch group (Default or Custom). +> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from finish creating or editing the Autopatch group (Default or Custom). > [!IMPORTANT] > Windows Autopatch creates the device-based Microsoft Entra ID assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience. @@ -94,13 +94,13 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr ## Edit the Default or a Custom Autopatch group > [!TIP] -> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there’s one or more on-going Windows feature update release targeted to this Autopatch group.**" +> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there's one or more on-going Windows feature update release targeted to this Autopatch group.**" > See [Manage Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md) for more information on release and phase statuses. **To edit either the Default or a Custom Autopatch group:** 1. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit. -1. You can only modify the **description** of the Default or a Custom Autopatch group. You **can’t** modify the name. Once the description is modified, select **Next: Deployment rings**. +1. You can only modify the **description** of the Default or a Custom Autopatch group. You **can't** modify the name. Once the description is modified, select **Next: Deployment rings**. 1. Make the necessary changes in the **Deployment rings** page, then select **Next: Windows Update settings**. 1. Make the necessary changes in the **Windows Update settings** page, then select **Next: Review + save**. 1. Select **Review + create** to review all changes made. @@ -111,7 +111,7 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr ## Rename a Custom Autopatch group -You **can’t** rename the Default Autopatch group. However, you can rename a Custom Autopatch group. +You **can't** rename the Default Autopatch group. However, you can rename a Custom Autopatch group. **To rename a Custom Autopatch group:** @@ -123,7 +123,7 @@ You **can’t** rename the Default Autopatch group. However, you can rename a Cu ## Delete a Custom Autopatch group -You **can’t** delete the Default Autopatch group. However, you can delete a Custom Autopatch group. +You **can't** delete the Default Autopatch group. However, you can delete a Custom Autopatch group. **To delete a Custom Autopatch group:** @@ -131,7 +131,7 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu 1. Select **Yes** to confirm you want to delete the Custom Autopatch group. > [!CAUTION] -> You can’t delete a Custom Autopatch group when it’s being used as part of one or more active or paused feature update releases. However, you can delete a Custom Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses. +> You can't delete a Custom Autopatch group when it's being used as part of one or more active or paused feature update releases. However, you can delete a Custom Autopatch group when the release for either Windows quality or feature updates have either the **Scheduled** or **Paused** statuses. ## Manage device conflict scenarios when using Autopatch groups @@ -140,7 +140,7 @@ Overlap in device membership is a common scenario when working with device-based Since Autopatch groups allow you to use your existing Microsoft Entra groups to create your own deployment ring composition, the service takes on the responsibility of monitoring and automatically solving some of the device conflict scenarios that may occur. > [!CAUTION] -> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that’s been already used, you'll receive an error that prevents you from creating or editing the Autopatch group (Default or Custom). +> A device-based Microsoft Entra group can only be used with one deployment ring in an Autopatch group at a time. This applies to deployment rings within the same Autopatch group and across different deployment rings across different Autopatch groups. If you try to create or edit an Autopatch group to use a device-based Microsoft Entra group that's been already used, you'll receive an error that prevents you from creating or editing the Autopatch group (Default or Custom). ### Device conflict in deployment rings within an Autopatch group @@ -162,21 +162,21 @@ Device conflict across different deployment rings in different Autopatch groups | Conflict scenario | Conflict resolution | | ----- | ----- | -| You, the IT admin at Contoso Ltd., starts using only the Default Autopatch group, but later decides to create an Autopatch group called “Marketing”.

        However, you notice that the same devices that belong to the deployment rings in the Default Autopatch group are now also part of the new deployment rings in the Marketing Autopatch group.

        | Autopatch groups automatically resolve this conflict on your behalf.

        In this example, devices that belong to the deployment rings as part of the “Marketing” Autopatch group take precedence over devices that belong to the deployment ring in the Default Autopatch group, because you, the IT admin, demonstrated clear intent on managing deployment rings using a Custom Autopatch group outside the Default Autopatch group.

        | +| You, the IT admin at Contoso Ltd., starts using only the Default Autopatch group, but later decides to create an Autopatch group called "Marketing".

        However, you notice that the same devices that belong to the deployment rings in the Default Autopatch group are now also part of the new deployment rings in the Marketing Autopatch group.

        | Autopatch groups automatically resolve this conflict on your behalf.

        In this example, devices that belong to the deployment rings as part of the "Marketing" Autopatch group take precedence over devices that belong to the deployment ring in the Default Autopatch group, because you, the IT admin, demonstrated clear intent on managing deployment rings using a Custom Autopatch group outside the Default Autopatch group.

        | #### Custom to Custom Autopatch group device conflict | Conflict scenario | Conflict resolution | | ----- | ----- | -| You, the IT admin at Contoso Ltd., are using several Custom Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade (**Not ready** tab), you notice that the same device is part of different deployment rings across several different Custom Autopatch groups. | You must resolve this conflict.

        Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You’re required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to.

        | +| You, the IT admin at Contoso Ltd., are using several Custom Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade (**Not ready** tab), you notice that the same device is part of different deployment rings across several different Custom Autopatch groups. | You must resolve this conflict.

        Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You're required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to.

        | #### Device conflict prior to device registration -When you create or edit the Custom or Default Autopatch group, Windows Autopatch checks if the devices that are part of the Microsoft Entra groups, used in Autopatch groups’ deployment rings, are registered with the service. +When you create or edit the Custom or Default Autopatch group, Windows Autopatch checks if the devices that are part of the Microsoft Entra groups, used in Autopatch groups' deployment rings, are registered with the service. | Conflict scenario | Conflict resolution | | ----- | ----- | -| Devices are in the Custom-to-Custom Autopatch group device conflict scenario | You must resolve this conflict.

        Devices will fail to register with the service and will be sent to the **Not registered** tab. You’re required to make sure the Microsoft Entra groups that are used with the Custom Autopatch groups don’t have device membership overlaps.

        | +| Devices are in the Custom-to-Custom Autopatch group device conflict scenario | You must resolve this conflict.

        Devices will fail to register with the service and will be sent to the **Not registered** tab. You're required to make sure the Microsoft Entra groups that are used with the Custom Autopatch groups don't have device membership overlaps.

        | #### Device conflict post device registration diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md index 54267b0f17..2e2ab90f1a 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md @@ -17,7 +17,7 @@ ms.collection: # Windows Autopatch groups overview -As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they’re challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions. +As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they're challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions. ## What are Windows Autopatch groups? @@ -56,7 +56,7 @@ There are a few key concepts to be familiar with before using Autopatch groups. > [!NOTE] > The Default Autopatch group is recommended for organizations that can meet their business needs using the pre-configured five deployment ring composition. -The Default Autopatch group uses Windows Autopatch’s default update management process recommendation. The Default Autopatch group contains: +The Default Autopatch group uses Windows Autopatch's default update management process recommendation. The Default Autopatch group contains: - A set of **[five deployment rings](#default-deployment-ring-composition)** - A default update deployment cadence for both [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md) and [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md). @@ -64,21 +64,21 @@ The Default Autopatch group uses Windows Autopatch’s default update management The Default Autopatch group is intended to serve organizations that are looking to: - Enroll into the service -- Align to Windows Autopatch’s default update management process without requiring more customizations. +- Align to Windows Autopatch's default update management process without requiring more customizations. -The Default Autopatch group **can’t** be deleted or renamed. However, you can customize its deployment ring composition to add and/or remove deployment rings, and you can also customize the update deployment cadences for each deployment ring within it. +The Default Autopatch group **can't** be deleted or renamed. However, you can customize its deployment ring composition to add and/or remove deployment rings, and you can also customize the update deployment cadences for each deployment ring within it. #### Default deployment ring composition By default, the following [software update-based deployment rings](#software-based-deployment-rings), represented by Microsoft Entra ID assigned groups, are used: -- Windows Autopatch – Test -- Windows Autopatch – Ring1 -- Windows Autopatch – Ring2 -- Windows Autopatch – Ring3 -- Windows Autopatch – Last +- Windows Autopatch - Test +- Windows Autopatch - Ring1 +- Windows Autopatch - Ring2 +- Windows Autopatch - Ring3 +- Windows Autopatch - Last -**Windows Autopatch – Test** and **Last** can be only used as **Assigned** device distributions. **Windows Autopatch – Ring1**, **Ring2** and **Ring3** can be used with either **Assigned** or **Dynamic** device distributions, or have a combination of both device distribution types. +**Windows Autopatch - Test** and **Last** can be only used as **Assigned** device distributions. **Windows Autopatch - Ring1**, **Ring2** and **Ring3** can be used with either **Assigned** or **Dynamic** device distributions, or have a combination of both device distribution types. > [!TIP] > For more information about the differences between **Assigned** and **Dynamic** deployment ring distribution types, see [about deployment rings](#about-deployment-rings). Only deployment rings that are placed in between the **Test** and the **Last** deployment rings can be used with the **Dynamic** deployment ring distributions. @@ -86,7 +86,7 @@ By default, the following [software update-based deployment rings](#software-bas > [!CAUTION] > These and other Microsoft Entra ID assigned groups created by Autopatch groups **can't** be missing in your tenant, otherwise, Autopatch groups might not function properly. -The **Last** deployment ring, the fifth deployment ring in the Default Autopatch group, is intended to provide coverage for scenarios where a group of specialized devices and/or VIP/Executive users. They must receive software update deployments after the organization’s general population to mitigate disruptions to your organization’s critical businesses. +The **Last** deployment ring, the fifth deployment ring in the Default Autopatch group, is intended to provide coverage for scenarios where a group of specialized devices and/or VIP/Executive users. They must receive software update deployments after the organization's general population to mitigate disruptions to your organization's critical businesses. #### Default update deployment cadences @@ -144,7 +144,7 @@ Both the **Test** and **Last** deployment rings are default deployment rings tha If you only keep Test and Last deployment rings in your Default Autopatch group, or you don't add more deployment rings when creating a Custom Autopatch group, the Test deployment ring can be used as the pilot deployment ring and Last can be used as the production deployment ring. > [!IMPORTANT] -> Both the **Test** and **Last** deployment rings **can't** be removed or renamed from the Default or Custom Autopatch groups. Autopatch groups don't support the use of one single deployment ring as part of its deployment ring composition because you need at least two deployment rings for their gradual rollout. If you must implement a specific scenario with a single deployment ring, and gradual rollout isn’t required, consider managing these devices outside Windows Autopatch. +> Both the **Test** and **Last** deployment rings **can't** be removed or renamed from the Default or Custom Autopatch groups. Autopatch groups don't support the use of one single deployment ring as part of its deployment ring composition because you need at least two deployment rings for their gradual rollout. If you must implement a specific scenario with a single deployment ring, and gradual rollout isn't required, consider managing these devices outside Windows Autopatch. > [!TIP] > Both the **Test** and **Last** deployment rings only support one single Microsoft Entra group assignment at a time. If you need to assign more than one Microsoft Entra group, you can nest the other Microsoft Entra groups under the ones you plan to use with the **Test** and **Last** deployment rings. Only one level of Microsoft Entra group nesting is supported. @@ -168,7 +168,7 @@ The following are the Microsoft Entra ID assigned groups that represent the serv - Modern Workplace Devices-Windows Autopatch-Broad > [!CAUTION] -> **Don’t** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won’t be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.

        Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.

        +> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.

        Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.

        ##### Software-based deployment rings @@ -177,16 +177,16 @@ The software-based deployment ring set is exclusively used with software update The following are the Microsoft Entra ID assigned groups that represent the software updates-based deployment rings. These groups can't be deleted or renamed: - Windows Autopatch - Test -- Windows Autopatch – Ring1 -- Windows Autopatch – Ring2 -- Windows Autopatch – Ring3 -- Windows Autopatch – Last +- Windows Autopatch - Ring1 +- Windows Autopatch - Ring2 +- Windows Autopatch - Ring3 +- Windows Autopatch - Last > [!IMPORTANT] > Additional Microsoft Entra ID assigned groups are created and added to list when you add more deployment rings to the Default Autopatch group. > [!CAUTION] -> **Don’t** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won’t be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.

        Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.

        +> **Don't** modify the Microsoft Entra group membership types (Assigned and Dynamic). Otherwise, the Windows Autopatch service won't be able to read the device group membership from these groups, and causes the Autopatch groups feature and other service-related operations to not work properly.

        Additionally, it's **not** supported to have Configuration Manager collections directly synced to any Microsoft Entra group created by Autopatch groups.

        ### About device registration @@ -203,7 +203,7 @@ The following are three common uses for using Autopatch groups. | Scenario | Solution | | ----- | ----- | -| You’re working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You don’t have extra time to spend setting up and managing several Autopatch groups.

        Your organization currently operates its update management by using five deployment rings, but there’s an opportunity to have flexible deployment cadences if it’s precommunicated to your end-users.

        | If you don’t have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.

        The Default Autopatch group is preconfigured and doesn’t require extra configurations when registering devices with the Windows Autopatch service.

        The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service.

        | +| You're working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You don't have extra time to spend setting up and managing several Autopatch groups.

        Your organization currently operates its update management by using five deployment rings, but there's an opportunity to have flexible deployment cadences if it's precommunicated to your end-users.

        | If you don't have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.

        The Default Autopatch group is preconfigured and doesn't require extra configurations when registering devices with the Windows Autopatch service.

        The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service.

        | :::image type="content" source="../media/autopatch-groups-default-autopatch-group.png" alt-text="Default Autopatch group" lightbox="../media/autopatch-groups-default-autopatch-group.png"::: @@ -211,7 +211,7 @@ The following are three common uses for using Autopatch groups. | Scenario | Solution | | ----- | ----- | -| You’re working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units. For example, you can create a Custom Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.

        The following is a visual representation of a gradual rollout for Contoso’s Finance department.

        | +| You're working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units. For example, you can create a Custom Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.

        The following is a visual representation of a gradual rollout for Contoso's Finance department.

        | :::image type="content" source="../media/autopatch-groups-finance-department-example.png" alt-text="Finance department example" lightbox="../media/autopatch-groups-finance-department-example.png"::: @@ -222,7 +222,7 @@ The following are three common uses for using Autopatch groups. | Scenario | Solution | | ----- | ----- | -| You’re working as the IT admin at Contoso Ltd. Your branch location in Chicago needs to plan a gradual rollout of software updates within specific departments to make sure the Chicago office doesn’t experience disruptions in its operations. | You can create a Custom Autopatch group for the branch location in Chicago and breakdown the deployment ring composition per the departments within the branch location.

        The following is a visual representation of a gradual rollout for the Contoso Chicago branch location.

        | +| You're working as the IT admin at Contoso Ltd. Your branch location in Chicago needs to plan a gradual rollout of software updates within specific departments to make sure the Chicago office doesn't experience disruptions in its operations. | You can create a Custom Autopatch group for the branch location in Chicago and breakdown the deployment ring composition per the departments within the branch location.

        The following is a visual representation of a gradual rollout for the Contoso Chicago branch location.

        | :::image type="content" source="../media/autopatch-groups-contoso-chicago-example.png" alt-text="Contoso Chicago example" lightbox="../media/autopatch-groups-contoso-chicago-example.png"::: diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index df6c726ade..e48ce95422 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -18,7 +18,7 @@ ms.collection: # Post-device registration readiness checks (public preview) > [!IMPORTANT] -> This feature is in "public preview". It is being actively developed, and may not be complete. They're made available on a “Preview” basis. You can test and use these features in production environments and scenarios, and provide feedback. +> This feature is in "public preview". It is being actively developed, and may not be complete. They're made available on a "Preview" basis. You can test and use these features in production environments and scenarios, and provide feedback. One of the most expensive aspects of the software update management process is to make sure devices are always healthy to receive and report software updates for each software update release cycle. @@ -41,7 +41,7 @@ Device readiness in Windows Autopatch is divided into two different scenarios: | ----- | ----- | |
        • Windows OS (build, architecture and edition)
        • Managed by either Intune or ConfigMgr co-management
        • ConfigMgr co-management workloads
        • Last communication with Intune
        • Personal or non-Windows devices
        |
        • Windows OS (build, architecture and edition)
        • Windows updates & Office Group Policy Object (GPO) versus Intune mobile device management (MDM) policy conflict
        • Bind network endpoints (Microsoft Defender, Microsoft Teams, Microsoft Edge, Microsoft Office)
        • Internet connectivity
        | -The status of each post-device registration readiness check is shown in the Windows Autopatch’s Devices blade under the **Not ready** tab. You can take appropriate action(s) on devices that aren't ready to be fully managed by the Windows Autopatch service. +The status of each post-device registration readiness check is shown in the Windows Autopatch's Devices blade under the **Not ready** tab. You can take appropriate action(s) on devices that aren't ready to be fully managed by the Windows Autopatch service. ## About the three tabs in the Devices blade @@ -57,8 +57,8 @@ Windows Autopatch has three tabs within its Devices blade. Each tab is designed | Tab | Description | | ----- | ----- | | Ready | This tab only lists devices with the **Active** status. Devices with the **Active** status successfully:
        • Passed the prerequisite checks.
        • Registered with Windows Autopatch.
        This tab also lists devices that have passed all postdevice registration readiness checks. | -| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.
        • **Readiness failed status**: Devices that didn’t pass one or more post-device registration readiness checks.
        • **Inactive**: Devices that haven't communicated with the Microsoft Intune service in the last 28 days.
        | -| Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn’t pass one or more prerequisite checks during the device registration process. | +| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.
        • **Readiness failed status**: Devices that didn't pass one or more post-device registration readiness checks.
        • **Inactive**: Devices that haven't communicated with the Microsoft Intune service in the last 28 days.
        | +| Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn't pass one or more prerequisite checks during the device registration process. | ## Details about the post-device registration readiness checks @@ -76,12 +76,12 @@ The following list of post-device registration readiness checks is performed in | ----- | ----- | | **Windows OS build, architecture, and edition** | Checks to see if devices support Windows 1809+ build (10.0.17763), 64-bit architecture and either Pro or Enterprise SKUs. | | **Windows update policies managed via Microsoft Intune** | Checks to see if devices have Windows Updates policies managed via Microsoft Intune (MDM). | -| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn’t support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Intune. | -| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn’t support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). | +| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn't support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Intune. | +| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn't support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). | | **Windows Autopatch network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service. | | **Microsoft Teams network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Teams must be able to reach for software updates management. | | **Microsoft Edge network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Edge must be able to reach for software updates management. | -| **Internet connectivity** | Checks to see if a device has internet connectivity to communicate with Microsoft cloud services. Windows Autopatch uses the PingReply class. Windows Autopatch tries to ping at least three different Microsoft’s public URLs two times each, to confirm that ping results aren't coming from the device’s cache. | +| **Internet connectivity** | Checks to see if a device has internet connectivity to communicate with Microsoft cloud services. Windows Autopatch uses the PingReply class. Windows Autopatch tries to ping at least three different Microsoft's public URLs two times each, to confirm that ping results aren't coming from the device's cache. | ## Post-device registration readiness checks workflow @@ -93,8 +93,8 @@ See the following diagram for the post-device registration readiness checks work | ----- | ----- | | **Steps 1-7** | For more information, see the [Device registration overview diagram](windows-autopatch-device-registration-overview.md).| | **Step 8: Perform readiness checks** |
        1. Once devices are successfully registered with Windows Autopatch, the devices are added to the **Ready** tab.
        2. The Microsoft Cloud Managed Desktop Extension agent performs readiness checks against devices in the **Ready** tab every 24 hours.
        | -| **Step 9: Check readiness status** |
        1. The Microsoft Cloud Managed Desktop Extension service evaluates the readiness results gathered by its agent.
        2. The readiness results are sent from the Microsoft Cloud Managed Desktop Extension service component to the Device Readiness component within the Windows Autopatch’s service.
        | -| **Step 10: Add devices to the Not ready** | When devices don’t pass one or more readiness checks, even if they’re registered with Windows Autopatch, they’re added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. | +| **Step 9: Check readiness status** |
        1. The Microsoft Cloud Managed Desktop Extension service evaluates the readiness results gathered by its agent.
        2. The readiness results are sent from the Microsoft Cloud Managed Desktop Extension service component to the Device Readiness component within the Windows Autopatch's service.
        | +| **Step 10: Add devices to the Not ready** | When devices don't pass one or more readiness checks, even if they're registered with Windows Autopatch, they're added to the **Not ready** tab so IT admins can remediate devices based on Windows Autopatch recommendations. | | **Step 11: IT admin understands what the issue is and remediates** | The IT admin checks and remediates issues in the Devices blade (**Not ready** tab). It can take up to 24 hours for devices to show back up into the **Ready** tab. | ## FAQ @@ -102,7 +102,7 @@ See the following diagram for the post-device registration readiness checks work | Question | Answer | | ----- | ----- | | **How frequent are the post-device registration readiness checks performed?** |
        • The **Microsoft Cloud Managed Desktop Extension** agent collects device readiness statuses when it runs (once a day).
        • Once the agent collects results for the post-device registration readiness checks, it generates readiness results in the device in the `%programdata%\Microsoft\CMDExtension\Plugins\DeviceReadinessPlugin\Logs\DRCResults.json.log`.
        • The readiness results are sent over to the **Microsoft Cloud Managed Desktop Extension service**.
        • The **Microsoft Cloud Managed Desktop Extension** service component sends the readiness results to the Device Readiness component. The results appear in the Windows Autopatch Devices blade (**Not ready** tab).
        | -| **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don’t meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch will provide information about the failure and how to potentially remediate devices.

        Once devices are remediated, it can take up to **24 hours** to show up in the **Ready** tab.

        | +| **What to expect when one or more checks fail?** | Devices are automatically sent to the **Ready** tab once they're successfully registered with Windows Autopatch. When devices don't meet one or more post-device registration readiness checks, the devices are moved to the **Not ready** tab. IT admins can learn about these devices and take appropriate actions to remediate them. Windows Autopatch will provide information about the failure and how to potentially remediate devices.

        Once devices are remediated, it can take up to **24 hours** to show up in the **Ready** tab.

        | ## Additional resources diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md index 4c94d150e3..43bc24d8c2 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md @@ -33,7 +33,7 @@ Windows Autopatch can take over software update management control of devices th When you either create/edit a [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or edit the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to add or remove deployment rings, the device-based Microsoft Entra groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service. -If devices aren’t registered, Autopatch groups starts the device registration process by using your existing device-based Microsoft Entra groups instead of the Windows Autopatch Device Registration group. +If devices aren't registered, Autopatch groups starts the device registration process by using your existing device-based Microsoft Entra groups instead of the Windows Autopatch Device Registration group. For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method. @@ -178,7 +178,7 @@ The service supports: - Personal persistent virtual machines -The following Azure Virtual Desktop features aren’t supported: +The following Azure Virtual Desktop features aren't supported: - Multi-session hosts - Pooled non persistent virtual machines diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md index dbc576651d..b8373cff62 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md @@ -47,7 +47,7 @@ Windows Autopatch assigns alerts to either Microsoft Action or Customer Action. ## Alert resolutions -Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md). +Alert resolutions are provided through the Windows Update service and provide the reason why an update didn't perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md). | Alert message | Description | Windows Autopatch recommendation(s) | | ----- | ----- | ----- | @@ -85,11 +85,11 @@ Alert resolutions are provided through the Windows Update service and provide th | `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).

        If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

        | | `PolicyConflictPause` | Updates are paused on the device, preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).

        If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

        | | `PostRestartIssue` | Windows Update couldn't determine the results of installing the update. The error is usually false, and the update probably succeeded. | The Windows Update Service has reported the update you're trying to install isn't available.

        No action is required.

        If the update is still available, retry the installation.

        | -| `RollbackInitiated` | A rollback was started on this device, indicating a catastrophic issue occurred during the Windows Setup install process. | The Windows Update service has reported a failure with the update. Run the Setup Diagnostics Tool on the Device or review the HEX error in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md). **Don’t** retry the installation until the impact is understood.

        For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).

        | +| `RollbackInitiated` | A rollback was started on this device, indicating a catastrophic issue occurred during the Windows Setup install process. | The Windows Update service has reported a failure with the update. Run the Setup Diagnostics Tool on the Device or review the HEX error in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md). **Don't** retry the installation until the impact is understood.

        For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).

        | | `SafeguardHold` | Update can't install because of a known Safeguard Hold. | The Windows Update Service has reported a [Safeguard Hold](/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds) which applies to this device.

        For more information about safeguards, see [Windows 10/11 release information for the affected version(s)](/windows/release-health/release-information).

        | | `UnexpectedShutdown` | The installation was stopped because a Windows shutdown or restart was in progress. | The Windows Update service has reported Windows was unexpectedly restarted during the update process.

        No action is necessary the update should retry when windows is available.

        If the alert persists, ensure the device remains on during Windows installation.

        | | `VersionMismatch` | Device is on a version of Windows that wasn't intended by Windows Update. | The Windows Update service has reported that the version of Windows wasn't intended.

        Confirm whether the device is on the intended version.

        | -| `WindowsRepairRequired` | The current version of Windows needs to be repaired before it can be updated. | The Windows Update service has indicated that the service is in need of repair. Run the Startup Repair Tool on this device.

        For more information, see [Windows boot issues – troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool).

        | +| `WindowsRepairRequired` | The current version of Windows needs to be repaired before it can be updated. | The Windows Update service has indicated that the service is in need of repair. Run the Startup Repair Tool on this device.

        For more information, see [Windows boot issues - troubleshooting](/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting#method-1-startup-repair-tool).

        | | `WUBusy` | Windows Update can't do this task because it's busy. | The Windows Update service has reported that Windows Update is busy. No action is needed. Restart Windows should and retry the installation. | | `WUComponentMissing` | Windows Update might be missing a component, or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.

        Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges, to repair these components. Then retry the update.

        For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.

        | | `WUDamaged` | Windows Update or the update file might be damaged. | The Windows Update service has reported key components for windows update are missing.

        Run "`dism /online /cleanup-image /restorehealth`" on the device with administrator privileges to repair these components. Then retry the update.

        For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) if the command fails. A reinstall of Windows may be required.

        | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md index d9c2ce3ef0..159e11b310 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md @@ -23,7 +23,7 @@ You can create custom releases for Windows feature update deployments in Windows Before you start managing custom Windows feature update releases, consider the following: -- If you’re planning on using either the [Default or Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#key-concepts) ensure: +- If you're planning on using either the [Default or Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#key-concepts) ensure: - The Default Autopatch group has all deployment rings and deployment cadences you need. - You have created all your Custom Autopatch groups prior to creating custom releases. - Review [Windows feature update prerequisites](/mem/intune/protect/windows-10-feature-updates#prerequisites). @@ -42,7 +42,7 @@ The following table explains the auto-populating assignment of your deployments | Phase 3 | Ring2 | Ring2 | | Phase 4 | Last | Ring3 | -If the Autopatch groups are edited after a release is created (Active status), the changes to the Autopatch group won’t be reflected unless you create a new custom release. +If the Autopatch groups are edited after a release is created (Active status), the changes to the Autopatch group won't be reflected unless you create a new custom release. If you wish to change the auto-populating assignment of your deployment rings to release phases, you can do so by adding, removing, or editing the auto-populated phases. @@ -50,7 +50,7 @@ If you wish to change the auto-populating assignment of your deployment rings to The goal completion date of a phase is calculated using the following formula: -` + ( – 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days).` +` + ( - 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days).` This formula is only applicable for **Deadline-driven** not for Scheduled-driven deployment cadences. For more information, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md). @@ -102,7 +102,7 @@ A phase is made of one or more Autopatch group deployment rings. Each phase repo | Phase status | Definition | | ----- | ----- | -| Scheduled | The phase is scheduled but hasn’t reached its first deployment date yet. The Windows feature update policy hasn’t been created for the respective phase yet. | +| Scheduled | The phase is scheduled but hasn't reached its first deployment date yet. The Windows feature update policy hasn't been created for the respective phase yet. | | Active | The first deployment date has been reached. The Windows feature update policy has been created for the respective phase. | | Inactive | All Autopatch groups within the phase were re-assigned to a new release. All Windows feature update policies were unassigned from the Autopatch groups. | | Paused | Phase is paused. You must resume the phase. | @@ -112,7 +112,7 @@ A phase is made of one or more Autopatch group deployment rings. Each phase repo Windows Autopatch creates one Windows feature update policy per phase using the following naming convention: -`Windows Autopatch – DSS policy – – Phase ` +`Windows Autopatch - DSS policy - - Phase ` These policies can be viewed in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). @@ -120,11 +120,11 @@ The following table is an example of the Windows feature update policies that we | Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch - DSS Policy - My feature update release – Phase 1 | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release – Phase 2 | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release – Phase 4 | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release – Phase 5 | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 1 | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 2 | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 4 | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 5 | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 | ## Create a custom release @@ -142,11 +142,11 @@ The following table is an example of the Windows feature update policies that we 4. Select **Next**. 1. In the **Autopatch groups** page, choose one or more existing Autopatch groups you want to include in the custom release, then select Next. 1. You can't choose Autopatch groups that are already part of an existing custom release. Select **Autopatch groups assigned to other releases** to review existing assignments. -1. In the Release phases page, review the number of auto-populated phases. You can Edit, Delete and Add phase based on your needs. Once you’re ready, select **Next**. **Before you proceed to the next step**, all deployment rings must be assigned to a phase, and all phases must have deployment rings assigned. -1. In the **Release schedule** page, choose **First deployment date**, and the number of **Gradual rollout groups**, then select **Next**. **You can only select the next day**, not the current day, as the first deployment date. The service creates feature update policy for Windows 10 and later twice a day at 4:00AM and 4:00PM (UTC) and can’t guarantee that the release will start at the current day given the UTC variance across the globe. +1. In the Release phases page, review the number of auto-populated phases. You can Edit, Delete and Add phase based on your needs. Once you're ready, select **Next**. **Before you proceed to the next step**, all deployment rings must be assigned to a phase, and all phases must have deployment rings assigned. +1. In the **Release schedule** page, choose **First deployment date**, and the number of **Gradual rollout groups**, then select **Next**. **You can only select the next day**, not the current day, as the first deployment date. The service creates feature update policy for Windows 10 and later twice a day at 4:00AM and 4:00PM (UTC) and can't guarantee that the release will start at the current day given the UTC variance across the globe. 1. The **Goal completion date** only applies to the [Deadline-driven deployment cadence type](../operate/windows-autopatch-groups-windows-update.md#deadline-driven). The Deadline-drive deployment cadence type can be specified when you configure the Windows Updates settings during the Autopatch group creation/editing flow. - 2. Additionally, the formula for the goal completion date is ` + ( – 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`. -1. In the **Review + create** page, review all settings. Once you’re ready, select **Create**. + 2. Additionally, the formula for the goal completion date is ` + ( - 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`. +1. In the **Review + create** page, review all settings. Once you're ready, select **Create**. > [!NOTE] > Custom releases can't be deleted from the Windows feature updates release management blade. The custom release record serves as a historical record for auditing purposes when needed. @@ -209,10 +209,10 @@ The following table is an example of the Windows feature update policies that we ## Roll back a release > [!CAUTION] -> Do **not** use Microsoft Intune’s end-user flows to rollback Windows feature update deployments for Windows Autopatch managed devices. If you need assistance with rolling back deployments, [submit a support request](../operate/windows-autopatch-support-request.md). +> Do **not** use Microsoft Intune's end-user flows to rollback Windows feature update deployments for Windows Autopatch managed devices. If you need assistance with rolling back deployments, [submit a support request](../operate/windows-autopatch-support-request.md). -Windows Autopatch **doesn’t** support the rollback of Windows feature updates through its end-user experience flows. +Windows Autopatch **doesn't** support the rollback of Windows feature updates through its end-user experience flows. ## Contact support -If you’re experiencing issues related to Windows feature update deployments, [submit a support request](../operate/windows-autopatch-support-request.md). +If you're experiencing issues related to Windows feature update deployments, [submit a support request](../operate/windows-autopatch-support-request.md). diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md index 16d8fd88e2..b6e42c0987 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md @@ -47,7 +47,7 @@ To release updates to devices in a gradual manner, Windows Autopatch deploys a s ## Windows feature updates -You’re in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version. +You're in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version. The Window feature update release management experience makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md index 5349c59fc1..f0300bdd0c 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md @@ -17,7 +17,7 @@ ms.collection: # Windows feature updates overview -Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization’s IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation. +Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization's IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation. Windows feature updates consist of: @@ -28,11 +28,11 @@ Windows Autopatch makes it easier and less expensive for you to keep your Window ## Service level objective -Windows Autopatch’s service level objective for Windows feature updates aims to keep **95%** of eligible devices on the targeted Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) for its default and global releases maintained by the service, and custom releases created and managed by you. +Windows Autopatch's service level objective for Windows feature updates aims to keep **95%** of eligible devices on the targeted Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) for its default and global releases maintained by the service, and custom releases created and managed by you. ## Device eligibility criteria -Windows Autopatch’s device eligibility criteria for Windows feature updates aligns with [Windows Update for Business and Microsoft Intune’s device eligibility criteria](/mem/intune/protect/windows-10-feature-updates#prerequisites). +Windows Autopatch's device eligibility criteria for Windows feature updates aligns with [Windows Update for Business and Microsoft Intune's device eligibility criteria](/mem/intune/protect/windows-10-feature-updates#prerequisites). > [!IMPORTANT] > Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC. @@ -40,7 +40,7 @@ Windows Autopatch’s device eligibility criteria for Windows feature updates al ## Key benefits - Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf. -- You’re in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version. +- You're in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version. - Combined with custom releases, Autopatch Groups gives your organization great control and flexibility to help you plan your gradual rollout in a way that works for your organization. - Simplified end-user experience with rich controls for gradual rollouts, deployment cadence and speed. - No need to manually modify the default Windows feature update policies (default release) to be on the Windows OS version your organization is currently ready for. @@ -59,7 +59,7 @@ Windows Autopatch’s device eligibility criteria for Windows feature updates al ### Default release -Windows Autopatch’s default Windows feature update release is a service-driven release that enforces the minimum Windows OS version currently serviced by the Windows servicing channels for the deployment rings in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group). +Windows Autopatch's default Windows feature update release is a service-driven release that enforces the minimum Windows OS version currently serviced by the Windows servicing channels for the deployment rings in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group). > [!TIP] > Windows Autopatch allows you to [create custom Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md#create-a-custom-release). @@ -82,17 +82,17 @@ If your tenant is enrolled with Windows Autopatch, you can see the following def | Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch – DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch – DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch – DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch – DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 11, 2024 | +| Windows Autopatch - DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 11, 2024 | +| Windows Autopatch - DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 11, 2024 | +| Windows Autopatch - DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 11, 2024 | +| Windows Autopatch - DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 11, 2024 | > [!NOTE] > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually). ### Global release -Windows Autopatch’s global Windows feature update release is a service-driven release. Like the [default release](#default-release), the Global release enforces the [minimum Windows OS version currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). +Windows Autopatch's global Windows feature update release is a service-driven release. Like the [default release](#default-release), the Global release enforces the [minimum Windows OS version currently serviced by the Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). There are two scenarios that the Global release is used: @@ -110,7 +110,7 @@ See the following table on how Windows Autopatch configures the values for its g | Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024 | +| Windows Autopatch - Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024 | > [!NOTE] > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually). @@ -118,7 +118,7 @@ See the following table on how Windows Autopatch configures the values for its g ### Differences between the default and global Windows feature update policies > [!IMPORTANT] -> Once you create a custom Windows feature update release, both the global and the default Windows feature update policies are unassigned from Autopatch group’s deployment rings behind the scenes. +> Once you create a custom Windows feature update release, both the global and the default Windows feature update policies are unassigned from Autopatch group's deployment rings behind the scenes. The differences in between the global and the default Windows feature update policy values are: @@ -138,7 +138,7 @@ For more information on how to create a custom release, see [Manage Windows feat ### About Windows Update rings policies -Feature update policies work with Windows Update rings policies. Windows Update rings policies are created for each deployment ring for the [Default or a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#key-concepts) based on the deployment settings you define. The policy name convention is `Windows Autopatch Update Policy – `. +Feature update policies work with Windows Update rings policies. Windows Update rings policies are created for each deployment ring for the [Default or a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#key-concepts) based on the deployment settings you define. The policy name convention is `Windows Autopatch Update Policy - - `. The following table details the default Windows Update rings policy values that affect either the default or custom Windows feature updates releases: @@ -151,7 +151,7 @@ The following table details the default Windows Update rings policy values that | Windows Autopatch Update Policy - default - Last | Windows Autopatch - Last | 11 | 0 | 30 | 3 | 5 | 2 | Yes | > [!IMPORTANT] -> When you create a custom Windows feature update release, new Windows feature update policies are:
        • Created corresponding to the settings you defined while creating the release.
        • Assigned to the Autopatch group’s deployment rings you select to be included in the release.
        +> When you create a custom Windows feature update release, new Windows feature update policies are:
        • Created corresponding to the settings you defined while creating the release.
        • Assigned to the Autopatch group's deployment rings you select to be included in the release.
        ## Common ways to manage releases @@ -159,7 +159,7 @@ The following table details the default Windows Update rings policy values that | Scenario | Solution | | ----- | ----- | -| You’re working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11’s latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.
        Phases:
        • Set your organization’s deployment cadence.
        • Work like deployment rings on top of Autopatch group’s deployment rings. Phases group one or more deployment rings across one or more Autopatch groups.

        See the following visual for a representation of Phases with custom releases. | +| You're working as the IT admin at Contoso Ltd., and you need to gradually rollout of Windows 11's latest version to several business units across your organization. | Custom Windows feature update releases deliver OS upgrades horizontally, through phases, to one or more Autopatch groups.
        Phases:
        • Set your organization's deployment cadence.
        • Work like deployment rings on top of Autopatch group's deployment rings. Phases group one or more deployment rings across one or more Autopatch groups.

        See the following visual for a representation of Phases with custom releases. | :::image type="content" source="../media/autopatch-groups-manage-feature-release-case-1.png" alt-text="Manage Windows feature update release use case one" lightbox="../media/autopatch-groups-manage-feature-release-case-1.png"::: @@ -167,6 +167,6 @@ The following table details the default Windows Update rings policy values that | Scenario | Solution | | ----- | ----- | -| You’re working as the IT admin at Contoso Ltd. and your organization isn’t ready to upgrade its devices to either Windows 11 or the newest Windows 10 OS versions due to conflicting project priorities within your organization.

        However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem.

        | Default Windows feature update releases deliver the minimum Windows OS upgrade vertically to each Windows Autopatch group (either [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [Custom](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)). The Default Windows Autopatch group is pre-configured with the [default Windows feature update release](#default-release) and no additional configuration is required from IT admins as Autopatch manages the default release on your behalf.

        If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).

        See the following visual for a representation of default releases.

        | +| You're working as the IT admin at Contoso Ltd. and your organization isn't ready to upgrade its devices to either Windows 11 or the newest Windows 10 OS versions due to conflicting project priorities within your organization.

        However, you want to keep Windows Autopatch managed devices supported and receiving monthly updates that are critical to security and the health of the Windows ecosystem.

        | Default Windows feature update releases deliver the minimum Windows OS upgrade vertically to each Windows Autopatch group (either [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [Custom](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)). The Default Windows Autopatch group is pre-configured with the [default Windows feature update release](#default-release) and no additional configuration is required from IT admins as Autopatch manages the default release on your behalf.

        If you decide to edit the default Windows Autopatch group to add additional deployment rings, these rings receive a [global Windows feature update policy](#global-release) set to offer the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2) to devices. Every custom Autopatch group you create gets a [global Windows feature update policy](#global-release) that enforces the minimum Windows OS version [currently serviced](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2).

        See the following visual for a representation of default releases.

        | :::image type="content" source="../media/autopatch-groups-manage-feature-release-case-2.png" alt-text="Manage Windows feature update release use case two" lightbox="../media/autopatch-groups-manage-feature-release-case-2.png"::: diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md index cabe4dfaea..eb73ee5af6 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md @@ -39,7 +39,7 @@ The following information is available in the Summary dashboard: | Up to date | Total device count reporting a status of Up to date. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | | Not up to Date | Total device count reporting a status of Not Up to date. For more information, see [Not Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). | | In progress | Total device counts reporting the In progress status. For more information, see [In progress](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-sub-statuses). | -| Paused | Total device count reporting the status of the pause whether it’s Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | +| Paused | Total device count reporting the status of the pause whether it's Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | | Not ready | Total device count reporting the Not ready status. For more information, see [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). | ## Report options diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md index 27917abdec..fdacc1576c 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md @@ -38,7 +38,7 @@ The Windows quality report types are organized into the following focus areas: The Windows feature update reports monitor the health and activity of your deployments and help you understand if your devices are maintaining update compliance targets. -If update deployments aren’t successful, Windows Autopatch provides information on update deployment failures and who needs to remediate. Certain update deployment failures might require either Windows Autopatch to act on your behalf or you to fix the issue. +If update deployments aren't successful, Windows Autopatch provides information on update deployment failures and who needs to remediate. Certain update deployment failures might require either Windows Autopatch to act on your behalf or you to fix the issue. The Windows feature update report types are organized into the following focus areas: @@ -82,7 +82,7 @@ Up to date devices are devices that meet all of the following prerequisites: - Have applied the current monthly cumulative updates > [!NOTE] -> [Up to Date devices](#up-to-date-devices) will remain with the **In Progress** status for the 21-day service level objective period until the device either applies the current monthly cumulative update or receives an [alert](../operate/windows-autopatch-device-alerts.md). If the device receives an alert, the device’s status will change to [Not up to Date](#not-up-to-date-devices). +> [Up to Date devices](#up-to-date-devices) will remain with the **In Progress** status for the 21-day service level objective period until the device either applies the current monthly cumulative update or receives an [alert](../operate/windows-autopatch-device-alerts.md). If the device receives an alert, the device's status will change to [Not up to Date](#not-up-to-date-devices). #### Up to Date sub statuses @@ -93,7 +93,7 @@ Up to date devices are devices that meet all of the following prerequisites: ### Not up to Date devices -Not Up to Date means a device isn’t up to date when the: +Not Up to Date means a device isn't up to date when the: - Quality or feature update is out of date, or the device is on the previous update. - Device is more than 21 days overdue from the last release. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md index 2403081fce..46c4c92def 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md @@ -27,14 +27,14 @@ To release updates to devices in a gradual manner, Windows Autopatch deploys a s | [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Before the deadline, users can schedule restarts or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. | | [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. | -For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups, you can also customize the [Default Deployment Group’s deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md). +For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups, you can also customize the [Default Deployment Group's deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md). > [!IMPORTANT] > Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed. These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective). ## Service level objective -Windows Autopatch aims to keep at least 95% of [Up to Date devices](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column “% with the latest quality update” displayed in release management and reporting. +Windows Autopatch aims to keep at least 95% of [Up to Date devices](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) on the latest quality update. Autopatch uses the previously defined release schedule on a per ring basis with a five-day reporting period to calculate and evaluate the service level objective (SLO). The result of the service level objective is the column "% with the latest quality update" displayed in release management and reporting. ### Service level objective calculation @@ -68,7 +68,7 @@ The service level objective for each of these states is calculated as: > [!IMPORTANT] > This feature is in **public preview**. It's being actively developed, and might not be complete. -You can import your organization’s existing Intune Update rings for Windows 10 and later into Windows Autopatch. Importing your organization’s Update rings provides the benefits of the Windows Autopatch's reporting and device readiness without the need to redeploy, or change your organization’s existing update rings.  +You can import your organization's existing Intune Update rings for Windows 10 and later into Windows Autopatch. Importing your organization's Update rings provides the benefits of the Windows Autopatch's reporting and device readiness without the need to redeploy, or change your organization's existing update rings.  Imported rings automatically register all targeted devices into Windows Autopatch. For more information about device registration, see the [device registration workflow diagram](../deploy/windows-autopatch-device-registration-overview.md#detailed-device-registration-workflow-diagram). @@ -76,7 +76,7 @@ Imported rings automatically register all targeted devices into Windows Autopatc > Devices which are registered as part of an imported ring, might take up to 72 hours after the devices have received the latest version of the policy, to be reflected in Windows Autopatch devices blade and reporting. For more information about reporting, see [Windows quality and feature update reports overview](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md). > [!NOTE] -> Device registration failures don't affect your existing update schedule or targeting. However, devices that fail to register might affect Windows Autopatch’s ability to provide reporting and insights. Any conflicts should be resolved as needed. For additional assistance, [submit a support request](../operate/windows-autopatch-support-request.md). +> Device registration failures don't affect your existing update schedule or targeting. However, devices that fail to register might affect Windows Autopatch's ability to provide reporting and insights. Any conflicts should be resolved as needed. For additional assistance, [submit a support request](../operate/windows-autopatch-support-request.md). ### Import Update rings for Windows 10 and later diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md index fc6a2b0933..9f3cb93c97 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md @@ -38,7 +38,7 @@ The following information is available in the Summary dashboard: | Up to date | Total device count reporting a status of Up to date. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | | Not up to Date | Total device count reporting a status of Not Up to date. For more information, see [Not Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). | | In progress | Total device counts reporting the In progress status. For more information, see [In progress](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-sub-statuses). | -| Paused | Total device count reporting the status of the pause whether it’s Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | +| Paused | Total device count reporting the status of the pause whether it's Service or Customer initiated. For more information, see [Up to Date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices). | | Not ready | Total device count reporting the Not ready status. For more information, see [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices). | ## Report options diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md index dbabf6b2b8..8afa348a89 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md @@ -56,7 +56,7 @@ However, if an update has already started for a particular deployment ring, Wind #### Scheduled install > [!NOTE] ->If you select the Schedule install cadence type, the devices in that ring won’t be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective). +>If you select the Schedule install cadence type, the devices in that ring won't be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-groups-windows-quality-update-overview.md#service-level-objective). While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will minimize disruptions by preventing forced restarts and interruptions to critical business activities for end users. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. Devices will only update and restart according to the time specified. @@ -118,5 +118,5 @@ For more information, see [Windows Update settings you can manage with Intune up 1. Turn off all notifications included restart warnings 1. Select **Save** once you select the preferred setting. 7. Repeat the same process to customize each of the rings. Once done, select **Next**. -8. In **Review + apply**, you’ll be able to review the selected settings for each of the rings. +8. In **Review + apply**, you'll be able to review the selected settings for each of the rings. 9. Select **Apply** to apply the changes to the ring policy. Once the settings are applied, the saved changes can be verified in the **Release schedule** tab. The Windows quality update schedule on the **Release schedule** tab will be updated as per the customized settings. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md index 8c743e5ba1..0b6c9d7421 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -58,7 +58,7 @@ The type of banner that appears depends on the severity of the action. Currently | Action type | Severity | Description | | ----- | ----- | ----- | | Maintain tenant access | Critical | Required licenses have expired. The licenses include:
        • Microsoft Intune
        • Microsoft Entra ID P1 or P2
        • Windows 10/11 Enterprise E3 or higher
          • For more information about specific services plans, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md)

          To take action on missing licenses, you can visit the Microsoft 365 admin center or contact your Microsoft account manager. Until you have renewed the required licenses to run the service, Windows Autopatch marks your tenant as **inactive**. For more information, see [Microsoft 365 - What happens after my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires)

          | -| Maintain tenant access | Critical | Address tenant access issues. Windows Autopatch currently can’t manage your tenant. Until you take action, your tenant is marked as **inactive**, and you have only limited access to the Windows Autopatch portal.

          Reasons for tenant access issues:

          • You haven't yet migrated to the new [Windows Autopatch enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). Windows Autopatch uses this enterprise application to run the service.
          • You have blocked or removed the permissions required for the Windows Autopatch enterprise application.

          Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you.

          For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access).

          | +| Maintain tenant access | Critical | Address tenant access issues. Windows Autopatch currently can't manage your tenant. Until you take action, your tenant is marked as **inactive**, and you have only limited access to the Windows Autopatch portal.

          Reasons for tenant access issues:

          • You haven't yet migrated to the new [Windows Autopatch enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). Windows Autopatch uses this enterprise application to run the service.
          • You have blocked or removed the permissions required for the Windows Autopatch enterprise application.

          Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you.

          For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access).

          | ### Inactive status @@ -76,5 +76,5 @@ To be taken out of the **inactive** status, you must [resolve any critical actio | Impact area | Description | | ----- | ----- | -| Management | Windows Autopatch isn’t able to manage your tenant and perform non-interactive actions we use to run the service. Non-interactive actions include:
          • Managing the Windows Autopatch service
          • Publishing the baseline configuration updates to your tenant’s devices
          • Maintaining overall service health

          For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications).

          | +| Management | Windows Autopatch isn't able to manage your tenant and perform non-interactive actions we use to run the service. Non-interactive actions include:
          • Managing the Windows Autopatch service
          • Publishing the baseline configuration updates to your tenant's devices
          • Maintaining overall service health

          For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications).

          | | Device updates | Changes to Windows Autopatch policies aren't pushed to your devices. The existing configurations on these devices remain unchanged, and they continue receiving updates. | diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md index 2e4074f881..9c38e97260 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md @@ -20,7 +20,7 @@ ms.collection: You can manage and control your driver and firmware updates with Windows Autopatch. You can choose to receive driver and firmware updates automatically, or self-manage the deployment. > [!TIP] -> Windows Autopatch's driver and firmware update management is based on [Intune’s driver and firmware update management](/mem/intune/protect/windows-driver-updates-overview). You can use **both** Intune and Windows Autopatch to manage your driver and firmware updates. +> Windows Autopatch's driver and firmware update management is based on [Intune's driver and firmware update management](/mem/intune/protect/windows-driver-updates-overview). You can use **both** Intune and Windows Autopatch to manage your driver and firmware updates. ## Automatic and Self-managed modes @@ -29,7 +29,7 @@ Switching the toggle between Automatic and Self-managed modes creates driver pro | Modes | Description | | ----- | -----| | Automatic | We recommend using **Automatic** mode.

          Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout.

          | -| Self-managed | When you use **Self-managed** mode, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.

          Self-managed mode turns off Windows Autopatch’s automatic driver deployment. Instead, the Administrator controls the driver deployment.

          The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.

          The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.

          | +| Self-managed | When you use **Self-managed** mode, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.

          Self-managed mode turns off Windows Autopatch's automatic driver deployment. Instead, the Administrator controls the driver deployment.

          The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.

          The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.

          | ## Set driver and firmware updates to Automatic or Self-managed mode @@ -46,16 +46,16 @@ Switching the toggle between Automatic and Self-managed modes creates driver pro 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 1. Navigate to **Devices** > **Driver updates for Windows 10 and later**. -1. Windows Autopatch creates four policies. The policy names begin with **Windows Autopatch – Driver Update Policy** and end with the name of the deployment ring to which they're targeted in brackets. For example, **Windows Autopatch – Driver Update Policy [Test]**. +1. Windows Autopatch creates four policies. The policy names begin with **Windows Autopatch - Driver Update Policy** and end with the name of the deployment ring to which they're targeted in brackets. For example, **Windows Autopatch - Driver Update Policy [Test]**. The `CreateDriverUpdatePolicy` is created for the Test, First, Fast, and Broad deployment rings. The policy settings are defined in the following table: | Policy name | DisplayName | Description | Approval Type | DeploymentDeferralInDays | | ----- | ----- | ----- | ----- | ----- | -| `CreateDriverUpdatePolicy` | Windows Autopatch – Driver Update Policy [**Test**] | Driver Update Policy for device **Test** group | Automatic | `0` | -| `CreateDriverUpdatePolicy`| Windows Autopatch – Driver Update Policy [**First**] | Driver Update Policy for device **First** group | Automatic | `1` | -| `CreateDriverUpdatePolicy` |Windows Autopatch – Driver Update Policy [**Fast**] | Driver Update Policy for device **Fast** group | Automatic | `6` | -| `CreateDriverUpdatePolicy` | Windows Autopatch – Driver Update Policy [**Broad**] | Driver Update Policy for device **Broad** group | Automatic | `9` | +| `CreateDriverUpdatePolicy` | Windows Autopatch - Driver Update Policy [**Test**] | Driver Update Policy for device **Test** group | Automatic | `0` | +| `CreateDriverUpdatePolicy`| Windows Autopatch - Driver Update Policy [**First**] | Driver Update Policy for device **First** group | Automatic | `1` | +| `CreateDriverUpdatePolicy` |Windows Autopatch - Driver Update Policy [**Fast**] | Driver Update Policy for device **Fast** group | Automatic | `6` | +| `CreateDriverUpdatePolicy` | Windows Autopatch - Driver Update Policy [**Broad**] | Driver Update Policy for device **Broad** group | Automatic | `9` | ## Feedback and support diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md index 0808604bb9..f0c70e6586 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md @@ -97,10 +97,10 @@ For organizations seeking greater control, you can allow or block Microsoft 365 2. Navigate to the **Devices** > **Release Management** > **Release settings**. 3. Go to the **Microsoft 365 apps updates** section. By default, the **Allow/Block** toggle is set to **Allow**. 4. Turn off the **Allow** toggle to opt out of Microsoft 365 App update policies. You'll see the notification: *Update in process. This setting will be unavailable until the update is complete.* -5. Once the update is complete, you’ll receive the notification: *This setting is updated.* +5. Once the update is complete, you'll receive the notification: *This setting is updated.* > [!NOTE] -> If the notification: *This setting couldn’t be updated. Please try again or submit a support request.* appears, use the following steps:
          1. Refresh your page.
          2. Please repeat the same steps in To block Windows Autopatch Microsoft 365 apps updates.
          3. If the issue persists, [submit a support request](../operate/windows-autopatch-support-request.md).
            4. +> If the notification: *This setting couldn't be updated. Please try again or submit a support request.* appears, use the following steps:
            1. Refresh your page.
            2. Please repeat the same steps in To block Windows Autopatch Microsoft 365 apps updates.
            3. If the issue persists, [submit a support request](../operate/windows-autopatch-support-request.md).
              4. **To verify if the Microsoft 365 App update setting is set to Allow:** @@ -117,7 +117,7 @@ For organizations seeking greater control, you can allow or block Microsoft 365 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Navigate to **Devices** > **Configuration profiles** > **Profiles**. -3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords “Office Configuration”. The result should return *0 profiles filtered*. +3. The following **five** profiles should be removed from your list of profiles and no longer visible/active. Use the Search with the keywords "Office Configuration". The result should return *0 profiles filtered*. 1. Windows Autopatch - Office Configuration 2. Windows Autopatch - Office Update Configuration [Test] 3. Windows Autopatch - Office Update Configuration [First] diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md index 686ad48014..208f3ef552 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md @@ -36,7 +36,7 @@ With this feature, IT admins can: - Initiate action for the Autopatch service to restore the deployment rings without having to raise an incident. > [!NOTE] -> You can rename your policies to meet your organization’s requirements. Do **not** rename the underlying Autopatch deployment groups. +> You can rename your policies to meet your organization's requirements. Do **not** rename the underlying Autopatch deployment groups. ## Check policy health diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index fa421ba564..a628585c63 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -35,15 +35,15 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | -| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). | +| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won't make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). | | Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record is deleted. We won't delete Microsoft Intune and/or Microsoft Entra device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). | ## Your responsibilities after unenrolling your tenant | Responsibility | Description | | ----- | ----- | -| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. | -| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). | +| Updates | After the Windows Autopatch service is unenrolled, we'll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. | +| Optional Windows Autopatch configuration | Windows Autopatch won't remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don't wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). | | Microsoft Intune roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. | ## Unenroll from Windows Autopatch @@ -56,4 +56,4 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro 2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. 1. The Windows Autopatch Service Engineering Team proceeds with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment). 1. The Windows Autopatch Service Engineering Team informs you when unenrollment is complete. -1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant). +1. You're responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant). diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md index 356655746a..5db0cf29b6 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md @@ -259,7 +259,7 @@ For example, Configuration Manager Software Update Policy settings exclude Autop | Enable management of the Office 365 Client Agent | No | > [!NOTE] -> There is no requirement to create a Configuration Manager Software Update Policy if the policies aren’t in use. +> There is no requirement to create a Configuration Manager Software Update Policy if the policies aren't in use. #### Existing Mobile Device Management (MDM) policies diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md index 40ab383a98..4ef883d665 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md @@ -84,7 +84,7 @@ Windows Autopatch creates and uses guest accounts using just-in-time access func | Account name | Usage | Mitigating controls | | ----- | ----- | -----| | MsAdmin@tenantDomain.onmicrosoft.com |
              • This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Windows Autopatch devices.
              • This account doesn't have interactive sign-in permissions. The account performs operations only through the service.
              | Audited sign-ins | -| MsAdminInt@tenantDomain.onmicrosoft.com |
              • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
              • This account is used for interactive login to the customer’s tenant.
              • The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.
              |
              • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
              • Audited sign-ins
              | +| MsAdminInt@tenantDomain.onmicrosoft.com |
              • This account is an Intune and User administrator account used to define and configure the tenant for Windows Autopatch devices.
              • This account is used for interactive login to the customer's tenant.
              • The use of this account is limited as most operations are exclusively through MsAdmin (non-interactive) account.
              |
              • Restricted to be accessed only from defined secure access workstations (SAWs) through a conditional access policy
              • Audited sign-ins
              | | MsTest@tenantDomain.onmicrosoft.com | This account is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins | ## Microsoft Windows Update for Business diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 4da408b889..f2217c4b0c 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -99,4 +99,4 @@ For more information and assistance with preparing for your Windows Autopatch de | Review and respond to Windows Autopatch management alerts
              • [Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
              • [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
              | :heavy_check_mark: | :x: | | [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: | | [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: | -| Review the [What’s new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: | +| Review the [What's new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: | diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md index 0d5ea5808e..677faf730d 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md @@ -22,7 +22,7 @@ ms.collection: During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state. -Windows Autopatch monitors conflicting configurations. You’re notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it’s possible that other services write back the registry keys. It’s recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates. +Windows Autopatch monitors conflicting configurations. You're notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it's possible that other services write back the registry keys. It's recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates. The most common sources of conflicting configurations include: @@ -47,11 +47,11 @@ Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients. > [!IMPORTANT] -> **It’s recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren’t managed by Windows Autopatch, be sure to target accordingly. +> **It's recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren't managed by Windows Autopatch, be sure to target accordingly. ### Intune Remediation -Navigate to Intune Remediations and create a remediation using the following examples. It’s recommended to create a single remediation per value to understand if the value persists after removal. +Navigate to Intune Remediations and create a remediation using the following examples. It's recommended to create a single remediation per value to understand if the value persists after removal. If you use either [**Detect**](#detect) and/or [**Remediate**](#remediate) actions, ensure to update the appropriate **Path** and **Value** called out in the Alert. For more information, see [Remediations](/mem/intune/fundamentals/remediations). @@ -97,7 +97,7 @@ Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpda ### Batch file -Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting; Management Services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN). +Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. ```cmd @echo off @@ -128,15 +128,15 @@ Windows Registry Editor Version 5.00 ## Common sources of conflicting configurations -The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn’t an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly. +The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn't an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly. ### Group Policy management -Group Policy management is the most popular client configuration tool in most organizations. For this reason, it’s most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy. +Group Policy management is the most popular client configuration tool in most organizations. For this reason, it's most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy. 1. Launch an Elevated Command Prompt and enter `RSOP`. 1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update** -1. If a Policy **doesn’t exist** in Windows Update, then it appears to not be Group Policy. +1. If a Policy **doesn't exist** in Windows Update, then it appears to not be Group Policy. 1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert. 1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager. @@ -146,7 +146,7 @@ Configuration Manager is a common enterprise management tool that, among many th 1. Go the **Microsoft Endpoint Configuration Manager Console**. 1. Navigate to **Administration** > **Overview** > **Client Settings**. -1. Ensure **Software Updates** isn’t configured. If configured, it’s recommended to remove these settings to prevent conflicts with Windows Autopatch. +1. Ensure **Software Updates** isn't configured. If configured, it's recommended to remove these settings to prevent conflicts with Windows Autopatch. ## Third-party solutions diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md index 187028d683..5cbc58d63a 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md @@ -20,7 +20,7 @@ ms.collection: The following policies contain settings that apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention: -**Modern Workplace Update Policy [ring name] – [Windows Autopatch]** +**Modern Workplace Update Policy [ring name] - [Windows Autopatch]** ### Windows 10 and later update settings @@ -52,7 +52,7 @@ The following policies contain settings that apply to both Windows quality and f | Setting name | Test | First | Fast | Broad | | ----- | ----- | ----- | ----- | ----- | -| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad | +| Included groups | Modern Workplace Devices-Windows Autopatch-Test | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad | | Excluded groups | None | None | None | None | ## Windows feature update policies @@ -76,8 +76,8 @@ These policies control the minimum target version of Windows that a device is me | Setting name | Test | First | Fast | Broad | | ----- | ----- | ----- | ----- | ----- | -| Included groups | Modern Workplace Devices–Windows Autopatch-Test | Modern Workplace Devices–Windows Autopatch-First | Modern Workplace Devices–Windows Autopatch-Fast | Modern Workplace Devices–Windows Autopatch-Broad | -| Excluded groups | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | Modern Workplace – Windows 11 Pre-Release Test Devices | +| Included groups | Modern Workplace Devices-Windows Autopatch-Test | Modern Workplace Devices-Windows Autopatch-First | Modern Workplace Devices-Windows Autopatch-Fast | Modern Workplace Devices-Windows Autopatch-Broad | +| Excluded groups | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | Modern Workplace - Windows 11 Pre-Release Test Devices | #### Windows 11 testing @@ -94,7 +94,7 @@ To allow customers to test Windows 11 in their environment, there's a separate D | Setting name | Test | | ----- | ----- | -| Included groups | Modern Workplace – Windows 11 Pre-Release Test Devices | +| Included groups | Modern Workplace - Windows 11 Pre-Release Test Devices | | Excluded groups | None | ## Conflicting and unsupported policies diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 7342084085..6c2340a5cb 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -34,7 +34,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Message center post number | Description | | ----- | ----- | | [MC697414](https://admin.microsoft.com/adminportal/home#/MessageCenter) | New Feature: Alerts for Windows Autopatch policy conflicts Public Preview announcement | -| [MC695483](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Windows Autopatch configuration update – December 2023 | +| [MC695483](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Windows Autopatch configuration update - December 2023 | ## November service release From 71643695787c005ec7171a818d8da99bd2c583f0 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 14 Feb 2024 12:23:08 -0500 Subject: [PATCH 3/7] Updating Technet/MSDN links and getting rid of gremlins 2 --- .../do/delivery-optimization-test.md | 30 ++-- ...r-windows-8-windows-7-and-windows-vista.md | 167 +++++++++--------- 2 files changed, 100 insertions(+), 97 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-test.md b/windows/deployment/do/delivery-optimization-test.md index 8f6386d9bf..313d8afd21 100644 --- a/windows/deployment/do/delivery-optimization-test.md +++ b/windows/deployment/do/delivery-optimization-test.md @@ -21,17 +21,23 @@ ms.date: 11/08/2022 ## Overview -Delivery Optimization is a powerful and useful tool to help enterprises manage bandwidth usage for downloading Microsoft content. It's a solution designed to be used in large-scale environments with large numbers of devices, various content sizes, etc. Delivery Optimization is native to Win10+ and provides default configuration to get the most out of the typical customer environment. It's used to deliver many different types of content, so Microsoft customers enjoy the best possible download experience for their environment. There are three components to Delivery Optimization, 1) HTTP downloader, 2) Peer-to-peer (P2P) cloud technology, and 3) Microsoft Connected Cache. One of the most powerful advantages of using Delivery Optimization is the ability to fine-tune settings that empower users to dial in Microsoft content delivery to meet the needs of specific environments. +Delivery Optimization is a powerful and useful tool to help enterprises manage bandwidth usage for downloading Microsoft content. It's a solution designed to be used in large-scale environments with large numbers of devices, various content sizes, etc. Delivery Optimization is native to currently supported versions of Windows and provides default configuration to get the most out of the typical customer environment. Delivery Optimization is used to deliver many different types of content, so Microsoft customers enjoy the best possible download experience for their environment. There are three components to Delivery Optimization: + +1. HTTP downloader. +1. Peer-to-peer (P2P) cloud technology. +1. Microsoft Connected Cache. + +One of the most powerful advantages of using Delivery Optimization is the ability to fine-tune settings that empower users to dial in Microsoft content delivery to meet the needs of specific environments. ## Monitoring The Results -Since Delivery Optimization is on by default, you'll be able to monitor the value either through the Windows Settings for 'Delivery Optimization', using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report.](../update/wufb-reports-workbook.md) experience in Azure. +Since Delivery Optimization is on by default, you're able to monitor the value either through the Windows Settings for 'Delivery Optimization' using Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md), and/or via the [Windows Update for Business Report](../update/wufb-reports-workbook.md) experience in Azure. In the case where Delivery Optimization isn't working in your environment, it's important to investigate to get to the root of the problem. We recommend a test environment be created to easily evaluate typical devices to ensure Delivery Optimization is working properly. For starters, 'Scenario 1: Basic Setup' should be created to test the use of Delivery Optimization between two machines. This scenario is designed to eliminate any noise in the environment to ensure there's nothing preventing Delivery Optimization from working on the devices. Once you have a baseline, you can expand the test environment for more sophisticated tests. ## Expectations and Goals -The focus of the testing scenarios in this article is primarily centered on demonstrating the Delivery Optimization policies centered around the successful downloading of bytes using P2P. More specifically, the goal will be to show peer to peer is working as expected, using the following criteria: +The focus of the testing scenarios in this article is primarily centered on demonstrating the Delivery Optimization policies centered around the successful downloading of bytes using P2P. More specifically, the goal is to show peer to peer is working as expected, using the following criteria: * Peers can find each other (for example on the same LAN / subnet / Group - matching your 'Download Mode' policy). * Files are downloading in the expected 'Download Mode' policy setting (validates connectivity to DO cloud, HTTP, and local configs). @@ -39,7 +45,7 @@ The focus of the testing scenarios in this article is primarily centered on demo Several elements that influence overall peering, using Delivery Optimization. The most common, impactful environment factors should be considered. -* **The number of files in the cache and** **the** **number of devices have a big effect on overall peering.** There's a set number of files available for peering at a time, from each client, so the peering device may not be serving a particular file. +* **The number of files in the cache and** **the** **number of devices have a big effect on overall peering.** There's a set number of files available for peering at a time, from each client, so the peering device might not be serving a particular file. * **File size** **and** **internet connection** **reliability matter.** There's a Delivery Optimization setting to determine the minimum file size to use P2P. In addition, an internet connection must be open and reliable enough to let the Delivery Optimization client make cloud service API calls and download metadata files before starting a file download. * **Delivery Optimization Policies can play a role.** In general, it's important to familiarize yourself with the Delivery Optimization settings and defaults [Delivery Optimization reference - Windows Deployment | Microsoft Docs.](waas-delivery-optimization-reference.md). @@ -47,16 +53,16 @@ Several elements that influence overall peering, using Delivery Optimization. Th * Delivery Optimization's hybrid approach to downloading from multiple sources (HTTP and peer) in parallel is especially critical for large-scale environments, constantly assessing the optimal source from which to deliver the content. In conjunction, the distribution of content cache, across participating devices, contributes to Delivery Optimization's ability to find bandwidth savings as more peers become available. -* At the point a download is initiated, the DO client starts downloading from the HTTP source and discovering peers simultaneously. With a smaller file, most of the bytes could be downloaded from an HTTP source before connecting to a peer, even though peers are available. With a larger file and quality LAN peers, it might reduce the HTTP request rate to near zero, but only after making those initial requests from HTTP. +* At the point a download is initiated, the Delivery Optimization client starts downloading from the HTTP source and discovering peers simultaneously. With a smaller file, most of the bytes could be downloaded from an HTTP source before connecting to a peer, even though peers are available. With a larger file and quality LAN peers, it might reduce the HTTP request rate to near zero, but only after making those initial requests from HTTP. -* In the next section, you'll see how the two testing scenarios produce differing results in the number of bytes coming from HTTP vs. peers, which shows Delivery Optimization continuously evaluating the optimal location from which to download the content. +* In the next section, you'll see how the two testing scenarios produce differing results in the number of bytes coming from HTTP vs. peers. These scenarios show Delivery Optimization continuously evaluating the optimal location from which to download the content. ## Test Scenarios ### Scenario 1: Basic Setup **Goal:** -Demonstrate how Delivery Optimization peer-to-peer technology works using two machines in a controlled test environment +Demonstrate how Delivery Optimization peer-to-peer technology works using two machines in a controlled test environment. **Expected Results:** Machine 1 will download zero bytes from peers and Machine 2 will download 50-99% from peers. @@ -72,7 +78,7 @@ Machine 1 will download zero bytes from peers and Machine 2 will download 50-99% |Disk size | 127 GB | |Network | Connected to same network, one that is representative of the corporate network. | |Pause Windows Updates | This controls the test environment so no other content is made available during the test, and potentially altering the outcome of the test. If there are problems and no peering happens, use 'Get-DeliveryOptimizationStatus' on the first machine to return a real-time list of the connected peers. | -|Ensure all Store apps are up to date | This will help prevent any new, unexpected updates to download during testing. | +|Ensure all Store apps are up to date | This helps prevent any new, unexpected updates to download during testing. | |Delivery Optimization 'Download Mode' Policy | 2 (Group)(set on each machine) | |Delivery Optimization 'GroupID' Policy | Set the *same* 'GUID' on each test machine. A GUID is a required value, which can be generated using PowerShell, '[[guid]::NewGuid().](https://devblogs.microsoft.com/scripting/powertip-create-a-new-guid-by-using-powershell/)'. | |**Required on Windows 11 devices only** set Delivery Optimization 'Restrict Peer Selection' policy | 0-NAT (set on each machine). The default behavior in Windows 11 is set to '2-Local Peer Discovery'. For testing purposes, this needs to be scoped to the NAT. | @@ -149,7 +155,7 @@ The following set of instructions will be used for each machine: **Observations** * The first download in the group of devices shows all bytes coming from HTTP, 'BytesFromHttp'. -* Download is in the 'Foreground' because the Store app is doing the download and in the foreground on the device because it is initiated by the user in the Store app. +* Download is in the 'Foreground' because the Store app is doing the download and in the foreground on the device because it's initiated by the user in the Store app. * No peers are found. *Wait 5 minutes*. @@ -185,7 +191,7 @@ The following set of instructions will be used for each machine: ## Peer sourcing observations for all machines in the test group -The distributed nature of the Delivery Optimization technology is obvious when you rerun the 'Get-DeliveryOptimizationStatus' cmdlet on each of the test machines. For each, there's a new value populated for the 'BytesToLanPeers' field. This demonstrates that as more peers become available, the requests to download bytes are distributed across the peering group and act as the source for the peering content. Each peer plays a role in servicing the other. +The distributed nature of the Delivery Optimization technology is obvious when you rerun the 'Get-DeliveryOptimizationStatus' cmdlet on each of the test machines. For each, there's a new value populated for the 'BytesToLanPeers' field. This test demonstrates that as more peers become available, the requests to download bytes are distributed across the peering group and act as the source for the peering content. Each peer plays a role in servicing the other. **Output:** Machine 1 @@ -207,8 +213,8 @@ The distributed nature of the Delivery Optimization technology is obvious when y ## Conclusion -Using Delivery Optimization can help make a big impact in customer environments to optimize bandwidth. The peer-to-peer technology offers many configurations designed to be flexible for any organization. Delivery Optimization uses a distributed cache across different sources to ensure the most optimal download experience, while limiting the resources used on each device. +Using Delivery Optimization can help make a significant impact in customer environments to optimize bandwidth. The peer-to-peer technology offers many configurations designed to be flexible for any organization. Delivery Optimization uses a distributed cache across different sources to ensure the most optimal download experience, while limiting the resources used on each device. The testing scenarios found in this document help to show a controlled test environment, helping to prevent updates from interrupting the peering results. The other, a more real-world case, demonstrates how content available across peers will be used as the source of the content. -If there are issues found while testing, the Delivery Optimization PowerShell [cmdlets.](waas-delivery-optimization-setup.md) can be a helpful tool to help explain what is happening in the environment. +If there are issues found while testing, the Delivery Optimization PowerShell [cmdlets](waas-delivery-optimization-setup.md) can be a helpful tool to help explain what is happening in the environment. diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md index f105bf7efb..e37a77e25a 100644 --- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md +++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md @@ -1,6 +1,6 @@ --- title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista -description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. +description: Find released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10. manager: aaroncz ms.author: frankroj ms.service: windows-client @@ -14,12 +14,12 @@ ms.subservice: itpro-deploy **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. @@ -28,131 +28,128 @@ You can fix some compatibility issues that are due to the changes made between W If you start the Compatibility Administrator as an Administrator (with elevated privileges), all repaired applications can run successfully; however, virtualization and redirection might not occur as expected. To verify that a compatibility fix addresses an issue, you must test the repaired application by running it under the destination user account. - - ## Compatibility Fixes - -The following table lists the known compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10. The fixes are listed in alphabetical order. +The following table lists the known released compatibility fixes for all Windows operating systems from Windows Vista through Windows 10. The fixes are listed in alphabetical order. |Fix|Fix Description| |--- |--- | -|8And16BitAggregateBlts|Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance.| -|8And16BitDXMaxWinMode|Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.| +|8And16BitAggregateBlts|8/16-bit mitigation can cause performance issues in applications. This layer aggregates all the blt operations and improves performance.| +|8And16BitDXMaxWinMode|The 8/16-bit mitigation runs applications that use DX8/9 in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode.| |8And16BitGDIRedraw|This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette.| |AccelGdipFlush|This fix increases the speed of GdipFlush, which has perf issues in DWM.| |AoaMp4Converter|This fix resolves a display issue for the AoA Mp4 Converter.| -|BIOSRead|This problem is indicated when an application cannot access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.

              The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information..| +|BIOSRead|This problem is indicated when an application can't access the **Device\PhysicalMemory** object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems.

              The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the **\Device\Physical** memory information.| |BlockRunasInteractiveUser|This problem occurs when **InstallShield** creates installers and uninstallers that fail to complete and that generate error messages or warnings.

              The fix blocks **InstallShield** from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights.

              **Note:** For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](/previous-versions/windows/it-pro/windows-7/dd638336(v=ws.10)).
              | -|ChangeFolderPathToXPStyle|This fix is required when an application cannot return shell folder paths when it uses the **SHGetFolder** API.

              The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.| +|ChangeFolderPathToXPStyle|This fix is required when an application can't return shell folder paths when it uses the **SHGetFolder** API.

              The fix intercepts the **SHGetFolder**path request to the common **appdata** file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path.| |ClearLastErrorStatusonIntializeCriticalSection|This fix is indicated when an application fails to start.

              The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS.| |CopyHKCUSettingsFromOtherUsers|This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users.

              The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area.

              You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: Software\MyCompany\Key1^Software\MyCompany\Key2.

              **Note:** For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](/previous-versions/windows/it-pro/windows-7/dd638375(v=ws.10)).
              | -|CorrectCreateBrushIndirectHatch|The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image.

              The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.| -|CorrectFilePaths|The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message.

              The fixmodifies the file path names to point to a new location on the hard disk.

              **Note:** For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](/previous-versions/windows/it-pro/windows-7/cc766201(v=ws.10)). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.
              | -|CorrectFilePathsUninstall|This problem occurs when an uninstalled application leaves behind files, directories, and links.

              The fix corrects the file paths that are used by the uninstallation process of an application.

              **Note:** For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](/previous-versions/windows/it-pro/windows-7/dd638414(v=ws.10)). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.
              | -|CorrectShellExecuteHWND|This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function.

              The fixintercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.

              **Note:** For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](/previous-versions/windows/it-pro/windows-7/cc722028(v=ws.10)).
              | -|CustomNCRender|This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look.| +|CorrectCreateBrushIndirectHatch|This problem occurs when an access violation error message displays and the application fails when you select or crop an image.

              The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted.| +|CorrectFilePaths|This problem occurs when:

              • An application tries to write files to the hard disk and is denied access.
              • An application receives a file not found or path not found error message.

              The fix modifies the file path names to point to a new location on the hard disk.

              **Note:** For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](/previous-versions/windows/it-pro/windows-7/cc766201(v=ws.10)). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you're applying it to a setup installation file.
              | +|CorrectFilePathsUninstall|This problem occurs when an uninstalled application leaves behind files, directories, and links.

              The fix corrects the file paths that are used by the uninstallation process of an application.

              **Note:** For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](/previous-versions/windows/it-pro/windows-7/dd638414(v=ws.10)). We recommend that you use this fix together with the CorrectFilePaths fix if you're applying it to a setup installation file.
              | +|CorrectShellExecuteHWND|This problem occurs when you start an executable (.exe) and:
              • A taskbar item blinks instead of an elevation prompt being opened, or when the application doesn't provide a valid HWND value when it calls the ShellExecute(Ex) function.

                The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.

                **Note:** For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](/previous-versions/windows/it-pro/windows-7/cc722028(v=ws.10)).
                | +|CustomNCRender|This fix instructs DWM to not render the non-client area forcing the application to do its own NC rendering. This issue often gives windows an XP look.| |DelayApplyFlag|This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded.

                You can control this fix further by typing the following command at the command prompt:

                `DLL_Name;Flag_Type;Hexidecimal_Value`
                Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64 bits long.

                **Note:** The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash ().
                | -|DeprecatedServiceShim|The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays.

                The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter.

                You can control this fix further by typing the following command at the command prompt:

                `Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2`
                Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI.

                **Note:** If you do not provide an App_Service name, the deprecated service will be removed from all newly created services.
                **Note:** You can separate multiple entries with a forward slash (/).
                | -|DirectXVersionLie|This problem occurs when an application fails because it does not find the correct version number for DirectX®.

                The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version.

                You can control this fix further by typing the following command at the command prompt:
                `MAJORVERSION.MINORVERSION.LETTER`

                For example, 9.0.c.| -|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 .| -|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and do not mix direct draw.| +|DeprecatedServiceShim|The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays.

                The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter.

                You can control this fix further by typing the following command at the command prompt:

                `Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2` where:

                • Deprecated_Service is the name of the deprecated service
                • App_Service is the name of the specific application service that is to be modified
                For example, NtLmSsp\WMI.
                **Note:** If you don't provide an App_Service name, the deprecated service is removed from all newly created services.
                **Note:** You can separate multiple entries with a forward slash (/).
                | +|DirectXVersionLie|This problem occurs when an application fails because it doesn't find the correct version number for DirectX®.

                The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version.

                You can control this fix further by typing the following command at the command prompt:
                `MAJORVERSION.MINORVERSION.LETTER`

                For example, 9.0.c.| +|DetectorDWM8And16Bit|This fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8 .| +|Disable8And16BitD3D|This fix improves performance of 8/16-bit color applications that render using D3D and don't mix direct draw.| |Disable8And16BitModes|This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes.| -|DisableDWM|The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application.

                The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.

                **Note:** For more detailed information about this application fix, see [Using the DisableDWM Fix](/previous-versions/windows/it-pro/windows-7/cc722418(v=ws.10)).
                | -|DisableFadeAnimations|The problem is indicated when an application fades animation, buttons, or other controls do not function properly.

                The fix disables the fade animations functionality for unsupported applications.| -|DisableThemeMenus|The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings.

                The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.| -|DisableWindowsDefender|The fix disables Windows Defender for security applications that do not work with Windows Defender.| -|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8.| +|DisableDWM|The problem occurs when some objects aren't drawn or object artifacts remain on the screen in an application.

                The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.

                **Note:** For more detailed information about this application fix, see [Using the DisableDWM Fix](/previous-versions/windows/it-pro/windows-7/cc722418(v=ws.10)).
                | +|DisableFadeAnimations|The problem is indicated when an application fades animation, buttons, or other controls don't function properly.

                The fix disables the fade animations functionality for unsupported applications.| +|DisableThemeMenus|The problem occurs when an application behaves unpredictably when it tries to detect and use the correct Windows settings.

                The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.| +|DisableWindowsDefender|The fix disables Windows Defender for security applications that don't work with Windows Defender.| +|DWM8And16BitMitigation|The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes aren't supported in Windows 8.| |DXGICompat|The fix allows application-specific compatibility instructions to be passed to the DirectX engine.| |DXMaximizedWindowedMode|Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D.| -|ElevateCreateProcess|The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.

                The fixhandles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged.

                **Note:** For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](/previous-versions/windows/it-pro/windows-7/cc722422(v=ws.10)).
                | +|ElevateCreateProcess|The problem is indicated when:
                • installations
                • de-installations
                • updates
                fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.

                The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code is returned unchanged.

                **Note:** For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](/previous-versions/windows/it-pro/windows-7/cc722422(v=ws.10)).
                | |EmulateOldPathIsUNC|The problem occurs when an application fails because of an incorrect UNC path.

                The fix exchanges the PathIsUNC function to return a value of True for UNC paths in Windows.| -|EmulateGetDiskFreeSpace|The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements.

                The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount.

                **Note:** For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](/previous-versions/windows/it-pro/windows-7/ff720129(v=ws.10)).
                | +|EmulateGetDiskFreeSpace|The problem is indicated when an application fails to install or to run. An error message is generated that there isn't enough free disk space to install or use the application. The error message occurs even though there's enough free disk space to meet the application requirements.

                The fix determines the amount of free space. If the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB. However, if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual-free space amount.

                **Note:** For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](/previous-versions/windows/it-pro/windows-7/ff720129(v=ws.10)).
                | |EmulateSorting|The problem occurs when an application experiences search functionality issues.

                The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table.

                **Note:** For more detailed information about this e application fix, see [Using the EmulateSorting Fix](/previous-versions/windows/it-pro/windows-7/cc749209(v=ws.10)).
                | |EmulateSortingWindows61|The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs.| -|EnableRestarts|The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes.

                The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.

                **Note:** For more detailed information about this application fix, see [Using the EnableRestarts Fix](/previous-versions/windows/it-pro/windows-7/ff720128(v=ws.10)).
                | -|ExtraAddRefDesktopFolder|The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed.

                The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function.| +|EnableRestarts|The problem is indicated when an application and computer appear to hang because processes can't end to allow the computer to complete its restart processes.

                The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.

                **Note:** For more detailed information about this application fix, see [Using the EnableRestarts Fix](/previous-versions/windows/it-pro/windows-7/ff720128(v=ws.10)).
                | +|ExtraAddRefDesktopFolder|The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed.

                The fix invokes the AddRef() method on the Desktop folder, which the SHGetDesktopFolder function returns, to counteract the problem.| |FailObsoleteShellAPIs|The problem occurs when an application fails because it generated deprecated API calls.

                The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail.

                **Note:** You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail.
                | -|FailRemoveDirectory|The problem occurs when an application uninstallation process does not remove all of the application files and folders.

                This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path - no partial paths are supported.

                The fixcan resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.| -|FakeLunaTheme|The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed.

                The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna).

                **Note:** For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](/previous-versions/windows/it-pro/windows-7/cc766315(v=ws.10)).
                | -|FlushFile|This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes.

                The fixenables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.| +|FailRemoveDirectory|The problem occurs when an application uninstall process doesn't remove all of the application files and folders.

                This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command line. Only a single path is supported. The path can contain environment variables, but must be an exact path - no partial paths are supported.

                The fix resolves an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it.| +|FakeLunaTheme|The problem occurs when a theme application doesn't properly display: the colors are washed out or the user interface isn't detailed.

                The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme (Luna).

                **Note:** For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](/previous-versions/windows/it-pro/windows-7/cc766315(v=ws.10)).
                | +|FlushFile|This problem is indicated when a file is updated and changes don't immediately appear on the hard disk. Applications can't see the file changes.

                The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk.| |FontMigration|The fix replaces an application-requested font with a better font selection, to avoid text truncation.| |ForceAdminAccess|The problem occurs when an application fails to function during an explicit administrator check.

                The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check.

                **Note:** For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](/previous-versions/windows/it-pro/windows-7/cc766024(v=ws.10)).
                | |ForceInvalidateOnClose|The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages.| -|ForceLoadMirrorDrvMitigation|The fix loads the Windows 8-mirror driver mitigation for applications where the mitigation is not automatically applied.| +|ForceLoadMirrorDrvMitigation|The fix loads the Windows 8-mirror driver mitigation for applications where the mitigation isn't automatically applied.| |FreestyleBMX|The fix resolves an application race condition that is related to window message order.| -|GetDriveTypeWHook|The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location.

                The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.| -|GlobalMemoryStatusLie|The problem is indicated by a Computer memory full error message that displays when you start an application.

                The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.| -|HandleBadPtr|The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter.

                The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.| -|HandleMarkedContentNotIndexed|The problem is indicated by an application that fails when it changes an attribute on a file or directory.

                The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.| +|GetDriveTypeWHook|The application presents unusual behavior during installation; for example, the setup program states that it can't install to a user-specified location.

                The fix exchanges GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly formed file path when it tries to retrieve the drive type on which the file path exists.| +|GlobalMemoryStatusLie|The problem occurs when a Computer memory full error message that displays when you start an application.

                The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size.| +|HandleBadPtr|The problem occurs when an access violation error message that displays because an API is performing pointer validation before it uses a parameter.

                The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the more parameter validation.| +|HandleMarkedContentNotIndexed|The problem occurs when an application that fails when it changes an attribute on a file or directory.

                The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory. The fix then resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state.| |HeapClearAllocation|The problem is indicated when the allocation process shuts down unexpectedly.

                The fix uses zeros to clear out the heap allocation for an application.| |IgnoreAltTab|The problem occurs when an application fails to function when special key combinations are used.

                The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks.

                **Note:** For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](/previous-versions/windows/it-pro/windows-7/cc722093(v=ws.10)).
                | -|IgnoreChromeSandbox|The fix allows Google Chrome to run on systems that have ntdll loaded above 4 GB.| -|IgnoreDirectoryJunction|The problem is indicated by a read or access violation error message that displays when an application tries to find or open files.

                The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions.

                **Note:** Symbolic links appear to start in Windows Vista.
                | -|IgnoreException|The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen.

                The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception.

                You can control this fix further by typing the following command at the command prompt:

                `Exception1;Exception2`
                Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.

                **Important:** You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception.

                **Note:** For more detailed information about this application fix, see [Using the IgnoreException Fix](/previous-versions/windows/it-pro/windows-7/cc766154(v=ws.10)).
                | -|IgnoreFloatingPointRoundingControl|This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application.

                Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.| +|IgnoreChromeSandbox|The fix allows Google Chrome to run on systems where ntdll is loaded above 4 GB.| +|IgnoreDirectoryJunction|The problem occurs when a read or access violation error message that displays when an application tries to find or open files.

                The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW, and FindFirstFileA APIs to prevent them from returning directory junctions.

                **Note:** Symbolic links appear to start in Windows Vista.
                | +|IgnoreException|The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen.

                The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception.

                You can control this fix further by typing the following command at the command prompt:

                `Exception1;Exception2`
                Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1.

                **Important:** You should use this compatibility fix only if you're certain that it's acceptable to ignore the exception. You might experience more compatibility issues if you choose to incorrectly ignore an exception.

                **Note:** For more detailed information about this application fix, see [Using the IgnoreException Fix](/previous-versions/windows/it-pro/windows-7/cc766154(v=ws.10)).
                | +|IgnoreFloatingPointRoundingControl|This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application.

                Before the C runtime library supported floating point SSE2, it ignored the rounding control request and used the round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior.| |IgnoreFontQuality|The problem occurs when application text appears to be distorted.

                The fix enables color-keyed fonts to properly work with anti-aliasing.| -|IgnoreMessageBox|The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system.

                The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.

                **Note:** For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](/previous-versions/windows/it-pro/windows-7/cc749044(v=ws.10)).
                | -|IgnoreMSOXMLMF|The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file.

                The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID.| +|IgnoreMessageBox|The problem occurs when a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system.

                The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.

                **Note:** For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](/previous-versions/windows/it-pro/windows-7/cc749044(v=ws.10)).
                | +|IgnoreMSOXMLMF|The problem occurs when an error message that states that the operating system can't locate the MSVCR80D.DLL file.

                The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system anytime that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix ignores the registered MSOXMLMF and fails the CoGetClassObject for its CLSID.| |IgnoreSetROP2|The fix ignores read-modify-write operations on the desktop to avoid performance issues.| -|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET is not included with Windows 8.| +|InstallComponent|The fix prompts the user to install.Net 3.5 or .NET 2.0 because .NET isn't included with Windows 8.| |LoadLibraryRedirect|The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application.| |LocalMappedObject|The problem occurs when an application unsuccessfully tries to create an object in the Global namespace.

                The fix intercepts the function call to create the object and replaces the word Global with Local.

                **Note:** For more detailed information about this application fix, see [Using the LocalMappedObject Fix](/previous-versions/windows/it-pro/windows-7/cc749287(v=ws.10)).
                | -|MakeShortcutRunas|The problem is indicated when an application fails to uninstall because of access-related errors.

                The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later.

                **Note:** For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix](/previous-versions/windows/it-pro/windows-7/dd638338(v=ws.10))
                | +|MakeShortcutRunas|The problem is indicated when an application fails to uninstall because of access-related errors.

                The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installationenabling the uninstallation to occur later.

                **Note:** For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix](/previous-versions/windows/it-pro/windows-7/dd638338(v=ws.10))
                | |ManageLinks|The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs.| |MirrorDriverWithComposition|The fix allows mirror drivers to work properly with acceptable performance with desktop composition.| |MoveToCopyFileShim|The problem occurs when an application experiences security access issues during setup.

                The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue.| -|OpenDirectoryAcl|The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application.

                The fix reduces the security privilege levels on a specified set of files and folders.

                **Note:** For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](/previous-versions/windows/it-pro/windows-7/dd638417(v=ws.10)).
                | +|OpenDirectoryAcl|The problem occurs when an error message that states that you don't have the appropriate permissions to access the application.

                The fix reduces the security privilege levels on a specified set of files and folders.

                **Note:** For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](/previous-versions/windows/it-pro/windows-7/dd638417(v=ws.10)).
                | |PopCapGamesForceResPerf|The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution.| |PreInstallDriver|The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process.| |PreInstallSmarteSECURE|The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process.| -|ProcessPerfData|The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running.

                The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running.

                **Note:** This issue seems to occur most frequently with .NET applications.| +|ProcessPerfData|The problem occurs because the application tried to read the process performance data registry value to determine if another instance of the application is running. This problem results in an Unhandled Exception error message.

                The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it's the only instance running.

                **Note:** This issue seems to occur most frequently with .NET applications.| |PromoteDAM|The fix registers an application for power state change notifications.
                | |PropagateProcessHistory|The problem occurs when an application incorrectly fails to apply an application fix.

                The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes.| -|ProtectedAdminCheck|The problem occurs when an application fails to run because of incorrect Protected Administrator permissions.

                The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only.| -|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory.| -|RedirectHKCUKeys|The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions.

                The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.| -|RedirectMP3Codec|This problem occurs when you cannot play MP3 files.

                The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.| -|RedirectShortcut|The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process.

                The fix redirects all of the shortcuts created during the application setup to appear according to a specified path.

                Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users.
                Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.

                This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts.

                You cannot apply this fix to an .exe file that includes a manifest and provides a run level.| -|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application.

                The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.

                **Note:** For more detailed information about this application fix, see [Using the RelaunchElevated Fix](/previous-versions/windows/it-pro/windows-7/dd638373(v=ws.10)).
                | -|RetryOpenSCManagerWithReadAccess|The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message.

                The fix retries the call and requests a more restricted set of rights that include the following:

              • SC_MANAGER_CONNECT
              • SC_MANAGER_ENUMERATE_SERVICE
              • SC_MANAGER_QUERY_LOCK_STATUS
              • STANDARD_READ_RIGHTS
                **Note:** For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc721915(v=ws.10)).
                | -|RetryOpenServiceWithReadAccess|The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays.

                The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work

                **Note:** For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc766423(v=ws.10)).
                | +|ProtectedAdminCheck|The problem occurs when an application fails to run because of incorrect Protected Administrator permissions.

                The fix addresses the issues that occur when applications use non-standard Administrator checks. This issue can result in false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but the SID is set as deny-only.| +|RedirectCRTTempFile|The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume. The fix instead redirects the calls to a temporary file in the user's temporary directory.| +|RedirectHKCUKeys|The problem occurs when an application can't be accessed because of User Account Control (UAC) restrictions.

                The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime.| +|RedirectMP3Codec|This problem occurs when you can't play MP3 files.

                The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version.| +|RedirectShortcut|The problem occurs when an application's shortcut can't be accessed, or the application uninstallation process doesn't remove application shortcuts.

                The fix redirects all of the shortcuts created during the application setup to appear according to a specified path.

                Start Menu shortcuts: Appear in the \ProgramData\Microsoft\Windows\Start Menu directory for all users.
                Desktop or Quick Launch shortcuts: You must manually place the shortcuts on the individual user's desktop or Quick Launch bar.

                This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user can't access the shortcuts.

                You can't apply this fix to an .exe file that includes a manifest and provides a run level.| +|RelaunchElevated|The problem occurs when installers, uninstallers, or updaters fail when they're started from a host application.

                The fix enables a child .exe file to run with elevated privileges when it's difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.

                **Note:** For more detailed information about this application fix, see [Using the RelaunchElevated Fix](/previous-versions/windows/it-pro/windows-7/dd638373(v=ws.10)).
                | +|RetryOpenSCManagerWithReadAccess|The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message.

                The fix retries the call and requests a more restricted set of rights that include the following items:

              • SC_MANAGER_CONNECT
              • SC_MANAGER_ENUMERATE_SERVICE
              • SC_MANAGER_QUERY_LOCK_STATUS
              • STANDARD_READ_RIGHTS
                **Note:** For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc721915(v=ws.10)).
                | +|RetryOpenServiceWithReadAccess|The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays.

                The fix retries the OpenService() API call and verifies that the user has Administrator rights, isn't a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this fix to work

                **Note:** For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](/previous-versions/windows/it-pro/windows-7/cc766423(v=ws.10)).
                | |RunAsAdmin|The problem occurs when an application fails to function by using the Standard User or Protected Administrator account.

                The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest.

                **Note:** For more detailed information about this application fix, see [Using the RunAsAdmin Fix](/previous-versions/windows/it-pro/windows-7/dd638315(v=ws.10)).
                | -|RunAsHighest|The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users.

                The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest.

                **Note:** For more detailed information about this application fix, see [Using the RunAsHighest Fix](/previous-versions/windows/it-pro/windows-7/dd638322(v=ws.10)).
                | -|RunAsInvoker|The problem occurs when an application is not detected as requiring elevation.

                The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest.

                **Note:** For more detailed information about this application fix, see [Using the RunAsInvoker Fix](/previous-versions/windows/it-pro/windows-7/dd638389(v=ws.10)).
                | +|RunAsHighest|The problem occurs when administrators can't view the read/write version of an application that presents a read-only view to standard users.

                The fix enables the application to run by using the highest available permissions. This fix is the equivalent of specifying highestAvailable in an application manifest.

                **Note:** For more detailed information about this application fix, see [Using the RunAsHighest Fix](/previous-versions/windows/it-pro/windows-7/dd638322(v=ws.10)).
                | +|RunAsInvoker|The problem occurs when an application isn't detected as requiring elevation.

                The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This fix is the equivalent of specifying asInvoker in an application manifest.

                **Note:** For more detailed information about this application fix, see [Using the RunAsInvoker Fix](/previous-versions/windows/it-pro/windows-7/dd638389(v=ws.10)).
                | |SecuROM7|The fix repairs applications by using SecuROM7 for copy protection.| -|SessionShim|The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter.

                At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified.

                **Important:** Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail.

                **Note:** For more detailed information about this application fix, see [Using the SessionShim Fix](/previous-versions/windows/it-pro/windows-7/cc722085(v=ws.10)).
                | +|SessionShim|The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter.

                At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified.

                **Important:** Users can't sign in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail.

                **Note:** For more detailed information about this application fix, see [Using the SessionShim Fix](/previous-versions/windows/it-pro/windows-7/cc722085(v=ws.10)).
                | |SetProtocolHandler|The fix registers an application as a protocol handler.

                You can control this fix further by typing the following command at the command prompt:`Client;Protocol;App`
                Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application.

                **Note:** Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash ().
                | -|SetupCommitFileQueueIgnoreWow|The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers.

                The fixdisables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.| +|SetupCommitFileQueueIgnoreWow|The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers.

                The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup.| |SharePointDesigner2007|The fix resolves an application bug that severely slows the application when it runs in DWM.| -|ShimViaEAT|The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue.

                The fixapplies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.

                **Note:** For more information about this application fix, see [Using the ShimViaEAT Fix](/previous-versions/windows/it-pro/windows-7/cc766286(v=ws.10)).
                | -|ShowWindowIE|The problem occurs when a web application experiences navigation and display issues because of the tabbing feature.

                The fixintercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.| -|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck.| +|ShimViaEAT|The problem occurs when an application fails, even after applying a compatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue.

                The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.

                **Note:** For more information about this application fix, see [Using the ShimViaEAT Fix](/previous-versions/windows/it-pro/windows-7/cc766286(v=ws.10)).
                | +|ShowWindowIE|The problem occurs when a web application experiences navigation and display issues because of the tabbing feature.

                The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window.| +|SierraWirelessHideCDROM|The fix repairs the Sierra Wireless Driver installation preventing bugcheck.| |Sonique2|The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value.| -|SpecificInstaller|The problem occurs when an application installation file fails to be picked up by the GenericInstaller function.

                The fixflags the application as being an installer file (for example, setup.exe), and then prompts for elevation.

                **Note:** For more detailed information about this application fix, see [Using the SpecificInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638397(v=ws.10)).
                | -|SpecificNonInstaller|The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function.

                The fixflags the application to exclude it from detection by the GenericInstaller function.

                **Note:** For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638326(v=ws.10)).
                | +|SpecificInstaller|The problem occurs when the GenericInstaller function fails to pick up an application installation file.

                The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation.

                **Note:** For more detailed information about this application fix, see [Using the SpecificInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638397(v=ws.10)).
                | +|SpecificNonInstaller|The problem occurs when an application that isn't an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function.

                The fix flags the application to exclude it from detection by the GenericInstaller function.

                **Note:** For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](/previous-versions/windows/it-pro/windows-7/dd638326(v=ws.10)).
                | |SystemMetricsLie|The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions.| |TextArt|The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue.| -|TrimDisplayDeviceNames|The fix trims the names of the display devices that are returned by the EnumDisplayDevices API.| +|TrimDisplayDeviceNames|The fix trims the names returned by the EnumDisplayDevices API of the display devices.| |UIPICompatLogging|The fix enables the logging of Windows messages from Internet Explorer and other processes.| -|UIPIEnableCustomMsgs|The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered.

                The fixenables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code.

                You can control this fix further by typing the following command at the command prompt:

                `MessageString1 MessageString2`
                Where MessageString1 and MessageString2 reflect the message strings that can pass.

                **Note:** Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](/previous-versions/windows/it-pro/windows-7/dd638320(v=ws.10)).
                | -|UIPIEnableStandardMsgs|The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered.

                The fixenables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code.

                You can control this fix further by typing the following command at the command prompt:

                `1055 1056 1069`

                Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.

                **Note:** Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](/previous-versions/windows/it-pro/windows-7/dd638361(v=ws.10)).
                | +|UIPIEnableCustomMsgs|The problem occurs when an application doesn't properly communicate with other processes because customized Windows messages aren't delivered.

                The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code.

                You can control this fix further by typing the following command at the command prompt:

                `MessageString1 MessageString2`
                Where MessageString1 and MessageString2 reflect the message strings that can pass.

                **Note:** You must separate multiple message strings by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](/previous-versions/windows/it-pro/windows-7/dd638320(v=ws.10)).
                | +|UIPIEnableStandardMsgs|The problem occurs when an application doesn't communicate properly with other processes because standard Windows messages aren't delivered.

                The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code.

                You can control this fix further by typing the following command at the command prompt:

                `1055 1056 1069`

                Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.

                **Note:** You can separate multiple messages with spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](/previous-versions/windows/it-pro/windows-7/dd638361(v=ws.10)).
                | |VirtualizeDeleteFileLayer|The fix virtualizes DeleteFile operations for applications that try to delete protected files.| -|VirtualizeDesktopPainting|This fix improves the performance of a number of operations on the Desktop DC while using DWM.| -|VirtualRegistry|The problem is indicated when a Component failed to be located error message displays when an application is started.

                The fixenables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.

                For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).| -|VirtualizeDeleteFile|The problem occurs when several error messages display and the application cannot delete files.

                The fixmakes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.

                **Note:** For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](/previous-versions/windows/it-pro/windows-7/dd638360(v=ws.10)).
                | -|VirtualizeHKCRLite|The problem occurs when an application fails to register COM components at runtime.

                The fixredirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.

                HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated.

                You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix.
                For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).| -|VirtualizeRegisterTypeLib|The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.

                **Note:** For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](/previous-versions/windows/it-pro/windows-7/dd638385(v=ws.10)).
                | -|WaveOutIgnoreBadFormat|This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes.

                The fixenables the application to ignore the format error and continue to function properly.| -|WerDisableReportException|The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.| +|VirtualizeDesktopPainting|This fix improves the performance of several operations on the Desktop DC while using DWM.| +|VirtualRegistry|The problem is indicated when a Component failed to be located error message displays when an application is started.

                The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.

                For more detailed information about this application fix, see [Using the VirtualRegistry Fix](/previous-versions/windows/it-pro/windows-7/cc749368(v=ws.10)).| +|VirtualizeDeleteFile|The problem occurs when several error messages display and the application can't delete files.

                The fix makes the application's DeleteFile function call a virtual call to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.

                **Note:** For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](/previous-versions/windows/it-pro/windows-7/dd638360(v=ws.10)).
                | +|VirtualizeHKCRLite|The problem occurs when an application fails to register COM components at runtime.

                The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This fix operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.

                HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application isn't elevated and is ignored if the application is elevated.

                You typically use this compatibility fix with the VirtualizeRegisterTypeLib fix.
                For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](/previous-versions/windows/it-pro/windows-7/dd638327(v=ws.10)).| +|VirtualizeRegisterTypeLib|The fix when used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This fix functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.

                **Note:** For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](/previous-versions/windows/it-pro/windows-7/dd638385(v=ws.10)).
                | +|WaveOutIgnoreBadFormat|When this problem occurs when an Unable to initialize sound device from your audio driver error occurs; the application then closes.

                The fix enables the application to ignore the format error and continue to function properly.| +|WerDisableReportException|The fix turns off the silent reporting of exceptions, including those exceptions reported by Object Linking and Embedding-Database (OLE DB), to the Windows Error Reporting tool. The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message.| |Win7RTM/Win8RTM|The layer provides the application with Windows 7/Windows 8 compatibility mode.| -|WinxxRTMVersionLie|The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system.

                All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.| -|Wing32SystoSys32|The problem is indicated by an error message that states that the WinG library was not properly installed.

                The fixdetects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory.

                **Important:** The application must have Administrator privileges for this fix to work.| +|WinxxRTMVersionLie|The problem occurs when an application fails because it doesn't find the correct version number for the required Windows operating system.

                All version lie compatibility fixes address the issue whereby an application fails to function because it's checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer.| +|Wing32SystoSys32|The problem occurs when an error message that states that the WinG library wasn't properly installed.

                The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory.

                **Important:** The application must have Administrator privileges for this fix to work.| |WinSrv08R2RTM|| -|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL.

                The fixforces the application to follow these steps:

              • Open the Compatibility Administrator, and then select None for Operating System Mode.
              • On the Compatibility Fixes page, click WinXPSP2VersionLie, and then click Parameters.
              • The Options for <fix_name> dialog box appears.
              • Type vbrun60.dll into the Module Name box, click Include, and then click Add.
              • Save the custom database.
                **Note:** For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](/previous-versions/windows/it-pro/windows-7/cc749518(v=ws.10)).
                | -|WRPDllRegister|The application fails when it tries to register a COM component that is released together with Windows Vista and later.

                The fixskips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions.

                You can control this fix further by typing the following command at the command prompt:

                `Component1.dll;Component2.dll`
                Where Component1.dll and Component2.dll reflect the components to be skipped.

                **Note:** For more detailed information about this application fix, see [Using the WRPDllRegister Fix](/previous-versions/windows/it-pro/windows-7/dd638345(v=ws.10)).
                | -|WRPMitigation|The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access.

                The fixemulates the successful authentication and modification of file and registry APIs, so that the application can continue.

                **Note:** For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](/previous-versions/windows/it-pro/windows-7/dd638325(v=ws.10)).
                | -|WRPRegDeleteKey|The problem is indicated by an access denied error message that displays when the application tries to delete a registry key.

                The fixverifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.| +|WinXPSP2VersionLie|The problem occurs when an application experiences issues because of a VB runtime DLL.

                The fix forces the application to follow these steps:

              • Open the Compatibility Administrator, and then select None for Operating System Mode.
              • On the Compatibility Fixes page, select WinXPSP2VersionLie, and then select Parameters.
              • The Options for /; dialog box appears.
              • Type vbrun60.dll into the Module Name box, select Include, and then select Add.
              • Save the custom database.
                **Note:** For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](/previous-versions/windows/it-pro/windows-7/cc749518(v=ws.10)).
                | +|WRPDllRegister|The application fails when it tries to register a COM component that is released together with Windows Vista and later.

                The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions.

                You can control this fix further by typing the following command at the command prompt:

                `Component1.dll;Component2.dll`
                Where Component1.dll and Component2.dll reflect the components to be skipped.

                **Note:** For more detailed information about this application fix, see [Using the WRPDllRegister Fix](/previous-versions/windows/it-pro/windows-7/dd638345(v=ws.10)).
                | +|WRPMitigation|The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access.

                The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue.

                **Note:** For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](/previous-versions/windows/it-pro/windows-7/dd638325(v=ws.10)).
                | +|WRPRegDeleteKey|The problem occurs when an access denied error message that displays when the application tries to delete a registry key.

                The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process.| |XPAfxIsValidAddress|The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress.| ## Compatibility Modes @@ -161,5 +158,5 @@ The following table lists the known compatibility modes. |Compatibility Mode Name|Description|Included Compatibility Fixes| |--- |--- |--- | -|WinSrv03|Emulates the Windows Server 2003 operating system.|

              • Win2k3RTMVersionLie
              • VirtualRegistry
              • ElevateCreateProcess
              • EmulateSorting
              • FailObsoleteShellAPIs
              • LoadLibraryCWD
              • HandleBadPtr
              • GlobalMemoryStatus2GB
              • RedirectMP3Codec
              • EnableLegacyExceptionHandlinginOLE
              • NoGhost
              • HardwareAudioMixer| +|WinSrv03|Emulates the Windows Server 2003 operating system.|
              • Win2k3RTMVersionLie
              • VirtualRegistry
              • ElevateCreateProcess
              • EmulateSorting
              • FailObsoleteShellAPIs
              • LoadLibraryCWD
              • HandleBadPtr
              • GlobalMemoryStatus2 GB
              • RedirectMP3Codec
              • EnableLegacyExceptionHandlinginOLE
              • NoGhost
              • HardwareAudioMixer| |WinSrv03Sp1|Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system.|
              • Win2K3SP1VersionLie
              • VirtualRegistry
              • ElevateCreateProcess
              • EmulateSorting
              • FailObsoleteShellAPIs
              • LoadLibraryCWD
              • HandleBadPtr
              • EnableLegacyExceptionHandlinginOLE
              • RedirectMP3Codec
              • HardwareAudioMixer| From 028d504bbff583e3bc0eeeabfe9b4ff39fadefd3 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 14 Feb 2024 12:29:28 -0500 Subject: [PATCH 4/7] Updating Technet/MSDN links and getting rid of gremlins 3 --- windows/deployment/planning/windows-10-enterprise-faq-itpro.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml index 83a32672ea..6728d4c2ee 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml @@ -30,7 +30,7 @@ sections: - question: | What are the system requirements? answer: | - For details, see [Windows 10 Enterprise system requirements](/windows/windows-10-specifications#areaheading-uid09f4). + For details, see [Windows 10 Enterprise system requirements](https://www.microsoft.com/windows/Windows-10-specifications#areaheading-uid09f4). - question: | What are the hardware requirements for Windows 10? From 4b0bb14c6db75078160a78eda3657271462ad9d1 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 14 Feb 2024 11:35:25 -0700 Subject: [PATCH 5/7] Update waas-delivery-optimization-reference.md Small punctuation correction. --- windows/deployment/do/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index 725569a8e2..2a134da31d 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -335,7 +335,7 @@ The device can download from peers while on battery regardless of this policy. MDM Setting: **DOCacheHost** -Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed. Fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground}(#delay-foreground-download-cache-server-fallback-in-secs) policies are set. When these delay policies are set, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires. +Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground}(#delay-foreground-download-cache-server-fallback-in-secs) policies are set. When these delay policies are set, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires. >[!IMPORTANT] > Any value will signify that the policy is set. For example, an empty string ("") isn't considered empty. From 2d80c6095f9a90b18fedd9db6f5031df5563b1ca Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 14 Feb 2024 12:57:43 -0700 Subject: [PATCH 6/7] Update waas-delivery-optimization-reference.md Missing ']'. --- windows/deployment/do/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index 2a134da31d..852149c43d 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -335,7 +335,7 @@ The device can download from peers while on battery regardless of this policy. MDM Setting: **DOCacheHost** -Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground}(#delay-foreground-download-cache-server-fallback-in-secs) policies are set. When these delay policies are set, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires. +Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, fallback to the CDN occurs immediately after the first failure in downloading from a cache server, unless the [DelayCacheServerFallbackBackground](#delay-background-download-cache-server-fallback-in-secs) or [DelayCacheServerFallbackForeground](#delay-foreground-download-cache-server-fallback-in-secs) policies are set. When these delay policies are set, the fallback occurs only after the configured delay time and the client continues to attempt connecting to the cache servers in round robin order before the delay time expires. >[!IMPORTANT] > Any value will signify that the policy is set. For example, an empty string ("") isn't considered empty. From 60d657bf7618478de4c2db0ca9636ec9f801a0b0 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 14 Feb 2024 13:26:21 -0800 Subject: [PATCH 7/7] add default ms.topic --- .../app-v/appv-evaluating-appv.md | 3 +- ...ed-security-identifiers-with-powershell.md | 13 ++--- ...-a-stand-alone-computer-with-powershell.md | 3 +- .../app-v/appv-managing-connection-groups.md | 9 ++-- ...grating-to-appv-from-a-previous-version.md | 9 ++-- ...an-existing-virtual-application-package.md | 3 +- ...fy-client-configuration-with-powershell.md | 7 +-- ...ove-the-appv-server-to-another-computer.md | 3 +- .../app-v/appv-performance-guidance.md | 51 ++++++++++--------- ...hing-server-with-the-management-console.md | 3 +- ...release-notes-for-appv-for-windows-1703.md | 3 +- ...appv-release-notes-for-appv-for-windows.md | 15 +++--- ...plications-inside-a-virtual-environment.md | 11 ++-- ...appv-sequence-a-package-with-powershell.md | 9 ++-- .../app-v/appv-technical-reference.md | 3 +- ...f-a-package-with-the-management-console.md | 3 +- .../app-v/appv-troubleshooting.md | 3 +- ...indows-10-from-an-existing-installation.md | 29 ++++++----- ...ppv-using-the-client-management-console.md | 5 +- ...-extensions-with-the-management-console.md | 3 +- ...viewing-appv-server-publishing-metadata.md | 3 +- 21 files changed, 106 insertions(+), 85 deletions(-) diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md index 78f237a692..dc3deee0f3 100644 --- a/windows/application-management/app-v/appv-evaluating-appv.md +++ b/windows/application-management/app-v/appv-evaluating-appv.md @@ -4,11 +4,12 @@ description: Learn how to evaluate App-V for Windows 10/11 in a lab environment author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Evaluating App-V diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md index 4f706ec7eb..911023aae0 100644 --- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md +++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md @@ -4,11 +4,12 @@ description: How to Install the App-V Databases and Convert the Associated Secur author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- @@ -79,14 +80,14 @@ Before attempting this procedure, you should read and understand the information                "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +                "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +                "  And can be written out to a file using standard Windows PowerShell redirection{0}" + -                "  Please specify user accounts in the format 'DOMAIN\username'{0}" + +                "  Please specify user accounts in the format 'DOMAIN\username'{0}" +                "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" + -                "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + +                "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" +                "{0}====== Arguments ======{0}" + -                "{0}  /?    Show this help message", [Environment]::NewLine) +                "{0}  /?    Show this help message", [Environment]::NewLine) { else - {  + {      #If an array was passed in, try to split it     if($myArgs.Length -eq 1)     { @@ -95,7 +96,7 @@ Before attempting this procedure, you should read and understand the information     #Parse the arguments for account names     foreach($accountName in $myArgs) -     {    +     {            [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject         if($splitString.Length -ne 2)         { diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md index 1a6a1de125..181e13b751 100644 --- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -4,11 +4,12 @@ description: How to Manage Connection Groups on a Stand-alone Computer by Using author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md index e985d4a918..7f676c5b81 100644 --- a/windows/application-management/app-v/appv-managing-connection-groups.md +++ b/windows/application-management/app-v/appv-managing-connection-groups.md @@ -4,11 +4,12 @@ description: Connection groups can allow administrators to manage packages indep author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Managing Connection Groups @@ -40,9 +41,9 @@ In some previous versions of App-V, connection groups were referred to as Dynami - [Operations for App-V](appv-operations.md) - - - + + + diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md index c42f3ed0f6..cb9d2085c0 100644 --- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md +++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md @@ -4,18 +4,19 @@ description: Learn how to migrate to Microsoft Application Virtualization (App-V author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Migrating to App-V from previous versions [!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)] -To migrate from App-V 4.x to App-V for Windows 10/11, you must upgrade to App-V 5.x first. +To migrate from App-V 4.x to App-V for Windows 10/11, you must upgrade to App-V 5.x first. ## Improvements to the App-V Package Converter @@ -51,7 +52,7 @@ To understand the new process, review the following example `ConvertFrom-AppvLeg **And you run this command:** ``` syntax -ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\ +ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\ -DestinationPath \\NewPkgStore\ContosoApp\ -OSDsToIncludeInPackage X.osd,Y.osd ``` @@ -88,7 +89,7 @@ Use the package converter utility to upgrade virtual application packages create **Important**   After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful. - + **What to know before you convert existing packages** diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md index b9d7da75f0..d9b051f74f 100644 --- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md +++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md @@ -4,11 +4,12 @@ description: Learn how to modify an existing virtual application package and add author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Modify an Existing Virtual Application Package diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md index 24187f7a7d..84f2710b45 100644 --- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md +++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md @@ -4,11 +4,12 @@ description: Learn how to modify the Application Virtualization (App-V) client c author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Modify Client Configuration by Using Windows PowerShell @@ -28,8 +29,8 @@ Use the following procedure to configure the App-V client configuration. `Set-AppVClientConfiguration –Name1 MyConfig –Name2 "xyz"` - - + +
                For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). ## Related articles diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md index 9aa55c680d..2b4ee820e3 100644 --- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md +++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md @@ -4,11 +4,12 @@ description: Learn how to create a new management server console in your environ author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to move the App-V server to another computer diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index d05eec841b..aca5169513 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -4,11 +4,12 @@ description: Learn how to configure App-V for optimal performance, optimize virt author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Performance Guidance for Application Virtualization @@ -16,7 +17,7 @@ ms.subservice: itpro-apps **Applies to**: - Windows 7 SP1 -- Windows 10 +- Windows 10 - Windows 11 - Server 2012 R2 - Server 2016 @@ -103,7 +104,7 @@ The following information displays the required steps to prepare the base image #### Prepare the Base Image -- **Performance**: +- **Performance**: - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md). - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps. @@ -120,7 +121,7 @@ The following information displays the required steps to prepare the base image - `AppData\Local\Microsoft\AppV\Client\VFS` - `AppData\Roaming\Microsoft\AppV\Client\VFS` -- **Storage**: +- **Storage**: - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md). - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps. @@ -144,7 +145,7 @@ For critical App-V Client configurations and for a little more context and how-t - **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting isn't configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*. For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh. - + If you don't plan to pre-configure every available user package in the base image, use this setting. - Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Integration`. @@ -181,7 +182,7 @@ UE-V will only support removing the .lnk file type from the exclusion list in th - If a user has an application installed on one device but not another with .lnk files enabled. > [!Important] -> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. +> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. Using the Microsoft Registry Editor (regedit.exe), navigate to `HKEY\_LOCAL\_MACHINE\Software\Microsoft\UEV\Agent\Configuration\ExcludedFileTypes` and remove `.lnk` from the excluded file types. @@ -200,10 +201,10 @@ To enable an optimized sign-in experience, for example the App-V approach for th - Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations. > [!Note] - > + > > App-V is supported when using UPD only when the entire profile is stored on the user profile disk. - > - > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders. + > + > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders. - Capturing changes to the locations, which constitute the user integrations, prior to session sign out. @@ -246,50 +247,50 @@ Registry – HKEY\_CURRENT\_USER This following process is a step-by-step walk-through of the App-V and UPM operations, and the users' expectations. - **Performance**: After implementing this approach in the VDI/RDSH environment, on first login, - - (Operation) A user-publishing/refresh is initiated. + - (Operation) A user-publishing/refresh is initiated. (Expectation) If it's the first time that a user has published virtual applications (for example, non-persistent), this operation will take the usual duration of a publishing/refresh. - (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-out process. This result will incur the same/similar overhead as persisting the user state. - + **On subsequent logins**: - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (that is, package entitlements change), some may go away. - - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements. - + - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements. + (Expectation) If there are no entitlement changes, publishing will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity of virtual applications - The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. - + The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. + - (Operation) UPM solution will capture user integrations again at sign off. - + (Expectation) Same as previous. - **Outcome**: + **Outcome**: - Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of sign in. - The publishing/refresh will process changes to the users-entitled virtual applications, which impacts the experience. - **Storage**: After implementing this approach in the VDI/RDSH environment, on first login - - (Operation) A user-publishing/refresh is initiated. + - (Operation) A user-publishing/refresh is initiated. (Expectation): - If this instance is the first time a user has published virtual applications (for example, non-persistent), this will take the usual duration of a publishing/refresh. - First and subsequent logins will be impacted by pre-configuring of packages (add/refresh). - + - (Operation) After the publishing/refresh, the UPM solution captures the user integrations. - (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state. - + (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state. + **On subsequent logins**: - + - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. - (Operation) Add/refresh must pre-configure all user targeted applications. @@ -300,7 +301,7 @@ This following process is a step-by-step walk-through of the App-V and UPM opera - (Operation) Publishing/refresh will process unpublish and publish operations for changes to user package entitlements. **Outcome**: Because the add/refresh must reconfigure all the virtual applications to the VM, the publishing refresh time on every login will be extended. - + ### Impact to Package Life Cycle Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (unpublished) virtual application packages, it's recommended you update the base image to reflect these changes. To understand why review the following section: @@ -380,7 +381,7 @@ Removing FB1 doesn't require the original application installer. After completin "C:\\UpgradedPackages" > [!Note] - > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. + > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. |Step|Considerations|Benefits|Tradeoffs| |--- |--- |--- |--- | @@ -398,7 +399,7 @@ When publishing a virtual application package, the App-V Client will detect if a |Step|Considerations|Benefits|Tradeoffs| |--- |--- |--- |--- | |Selectively Employ Dynamic Configuration files|The App-V client must parse and process these Dynamic Configuration files.

                Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

                Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.|Publishing times will improve if these files are used selectively or not at all.|Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.| - + ### Disabling a Dynamic Configuration by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md index 0af2304c46..21136dd2bf 100644 --- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md +++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md @@ -4,11 +4,12 @@ description: How to Register and Unregister a Publishing Server by Using the Man author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Register and Unregister a Publishing Server by Using the Management Console diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md index 68b2efeb3a..eb9bee258f 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md @@ -4,11 +4,12 @@ description: A list of known issues and workarounds for App-V running on Windows author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Release Notes for App-V for Windows 10 version 1703 and later diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md index e9f6d97139..4f33d2444c 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md @@ -4,11 +4,12 @@ description: A list of known issues and workarounds for App-V running on Windows author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Release Notes for App-V for Windows 10, version 1607 @@ -17,7 +18,7 @@ ms.subservice: itpro-apps - Windows 10, version 1607 The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607. - + ## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the prerequisite check fails and causes the MSI to fail. @@ -28,20 +29,20 @@ There are MSI packages generated by an App-V sequencer from previous versions of 2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows: - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/windows/downloads). - + - For the standalone Windows 10 SDK without other tools, see [Standalone Windows SDK](https://developer.microsoft.com/windows/downloads/windows-sdk). 3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin** 4. From an elevated Windows PowerShell prompt, navigate to the following folder: - - <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\** - By default, this path is:
                **C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** + <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\** + + By default, this path is:
                **C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 5. Run the following command: - `Update-AppvPackageMsi -MsiPackage "" -MsSdkPath ""` + `Update-AppvPackageMsi -MsiPackage "" -MsSdkPath ""` where the path is to the new directory (**C:\MyMsiTools\ for this example**). diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index f37849f3a0..4e4f47b94f 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -4,11 +4,12 @@ description: Running a Locally Installed Application Inside a Virtual Environmen author: aczechowski ms.service: windows-client ms.date: 03/08/2018 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications @@ -81,10 +82,10 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo The application in the previous example would produce a registry export file (.reg file) like the following example: ```registry - Windows Registry Editor Version 5.00 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] - @="" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] + Windows Registry Editor Version 5.00 + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] + @="" + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555 ``` diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md index 9754332e13..a41e80e750 100644 --- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md +++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md @@ -4,11 +4,12 @@ description: Learn how to sequence a new Microsoft Application Virtualization (A author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Sequence a Package by using Windows PowerShell @@ -20,7 +21,7 @@ Use the following procedure to create a new App-V package using Windows PowerShe > [!NOTE] > Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). - + **To create a new virtual application by using Windows PowerShell** 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). @@ -60,10 +61,10 @@ The following list displays additional optional parameters that can be used with - FullLoad - specifies that the package must be fully downloaded to the computer running the App-V before it can be opened. -Starting with Windows 10 version 1703, the `new-appvsequencerpackage` or the `update-appvsequencepackage` cmdlets automatically capture and store all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. +Starting with Windows 10 version 1703, the `new-appvsequencerpackage` or the `update-appvsequencepackage` cmdlets automatically capture and store all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. > [!IMPORTANT] -> If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. +> If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template. ## Related articles diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md index ec23d191b4..50ffd5963b 100644 --- a/windows/application-management/app-v/appv-technical-reference.md +++ b/windows/application-management/app-v/appv-technical-reference.md @@ -4,11 +4,12 @@ description: Learn strategy and context for many performance optimization practi author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Technical Reference for App-V diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md index 1a4d09cc2f..d2fbaa8450 100644 --- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md @@ -4,11 +4,12 @@ description: How to Transfer Access and Configurations to Another Version of a P author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md index 020e46ea24..0cde4c8496 100644 --- a/windows/application-management/app-v/appv-troubleshooting.md +++ b/windows/application-management/app-v/appv-troubleshooting.md @@ -4,11 +4,12 @@ description: Learn how to find information about troubleshooting Application Vir author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Troubleshooting App-V diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md index 48842df8a4..872fdc6b2a 100644 --- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md +++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md @@ -4,18 +4,19 @@ description: Learn about upgrading to Application Virtualization (App-V) for Win author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Upgrading to App-V for Windows client from an existing installation [!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)] -If you’re already using App-V and you’re planning to upgrade user devices to Windows 10/11, you need to make only the following few adjustments to your existing environment to start using App-V for Windows client. +If you’re already using App-V and you’re planning to upgrade user devices to Windows 10/11, you need to make only the following few adjustments to your existing environment to start using App-V for Windows client. 1. [Upgrade user devices to Windows 10/11](#upgrade-user-devices-to-windows-1011). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. @@ -31,11 +32,11 @@ These steps are explained in more detail below. ## Upgrade user devices to Windows 10/11 -Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows document set](/windows/windows-10/) for information about upgrading user devices. +Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows document set](/windows/windows-10/) for information about upgrading user devices. ## Verify that App-V applications and settings were migrated correctly -After upgrading a user device, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. +After upgrading a user device, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. To verify that the user’s App-V application packages were migrated correctly, type `Get-AppvClientPackage` in Windows PowerShell. @@ -43,13 +44,13 @@ To verify that the user’s App-V settings were migrated correctly, type `Get-Ap ## Enable the in-box App-V client -With Windows 10/11, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. +With Windows 10/11, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. **To enable the App-V client with Group Policy** 1. Open the device’s **Group Policy Editor**. -2. Navigate to **Computer Configuration > Administrative Templates > System > App-V**. +2. Navigate to **Computer Configuration > Administrative Templates > System > App-V**. 3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears. @@ -71,27 +72,27 @@ Once you’ve enabled the in-box App-V client, you need to configure it to point **To modify client settings to point to an existing App-V publishing server with Windows PowerShell** -Type the following cmdlet in a Windows PowerShell window: +Type the following cmdlet in a Windows PowerShell window: -`Add-AppvPublishingServer -Name AppVServer -URL https:// appvserver:2222` +`Add-AppvPublishingServer -Name AppVServer -URL https:// appvserver:2222` -**To modify client settings to point to an existing App-V publishing server with Group Policy** +**To modify client settings to point to an existing App-V publishing server with Group Policy** 1. Open the device’s **Local Group Policy Editor**. -2. Navigate to **Computer Configuration > Administrative Templates > System > App-V > Publishing**. +2. Navigate to **Computer Configuration > Administrative Templates > System > App-V > Publishing**. 3. Enter your existing App-V publishing server’s details in **Options** and then click or press **Apply**. ## Verify that the in-box App-V client can receive and launch .appv packages -1. Add and publish a package using the following Windows PowerShell cmdlets: +1. Add and publish a package using the following Windows PowerShell cmdlets: - `Add-AppvClientPackage \\path\to\appv\package.appv | Publish-AppvClientPackage` + `Add-AppvClientPackage \\path\to\appv\package.appv | Publish-AppvClientPackage` -2. Launch the published package. +2. Launch the published package. -3. Unpublish an existing package use the following cmdlet: +3. Unpublish an existing package use the following cmdlet: `Unpublish-AppvClientPackage "ContosoApplication"` diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index 84af8ed135..5d99029e54 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -4,11 +4,12 @@ description: Learn how to use the Application Virtualization (App-V) client mana author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Using the App-V Client Management Console @@ -25,7 +26,7 @@ The App-V client has associated settings that can be configured to determine how - [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md) -- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) +- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) ## The App-V client management console diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md index 82665691aa..97d6680ac1 100644 --- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md +++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md @@ -4,11 +4,12 @@ description: How to View and Configure Applications and Default Virtual Applicat author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md index c2d47380bf..f652726838 100644 --- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md +++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md @@ -4,11 +4,12 @@ description: Use this procedure to view App-V Server publishing metadata, which author: aczechowski ms.service: windows-client ms.date: 04/19/2017 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: aaroncz ms.collection: must-keep ms.subservice: itpro-apps +ms.topic: article --- # Viewing App-V Server Publishing Metadata