diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fa2dc0a8d0..f505c1d9de 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,5 +1,10 @@ { "redirections": [ + { + "source_path": "windows/client-management/mdm/browserfavorite-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md deleted file mode 100644 index fa29e87d8d..0000000000 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: BrowserFavorite CSP -description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device. -ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 10/25/2021 ---- - -# BrowserFavorite CSP - - -The BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device. - -> [!Note] -> BrowserFavorite CSP is only supported in Windows Phone 8.1. - - - -The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder. - -> [!Note] -> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application. - - - -The following shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider. - -```console -BrowserFavorite -favorite name -----URL -``` - -***favorite name*** -Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer. - -> [!Note] -> The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > | - - - -Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite. - -**URL** -Optional. Specifies the complete URL for the favorite. - -## OMA client provisioning examples - - -Adding a new browser favorite. - -```xml - - - - - - - - -``` - -## Microsoft Custom Elements - - -The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - -|Elements|Available| -|--- |--- | -|Parm-query|Yes| -|Noparm|Yes| -|Nocharacteristic|Yes| -|Characteristic-query|Yes

Recursive query: Yes

Top-level query: Yes| - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - - diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md index ba1e38a584..1a39403fad 100644 --- a/windows/client-management/mdm/clientcertificateinstall-csp.md +++ b/windows/client-management/mdm/clientcertificateinstall-csp.md @@ -227,11 +227,11 @@ Optional. Specifies where to keep the private key. The data type is an integer corresponding to one of the following values: -| Value | Description | -|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 1 | Private key protected by TPM. | -| 2 | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1. | -| 3 | (Default) Private key saved in software KSP. | +| Value | Description | +|---|---| +| 1 | Private key protected by TPM. | +| 2 | Private key protected by phone TPM if the device supports TPM. | +| 3 | (Default) Private key saved in software KSP. | | 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specified, otherwise enrollment will fail. | Supported operations are Add, Get, Delete, and Replace. @@ -361,7 +361,7 @@ The date type format is Null, meaning this node doesn’t contain a value. The only supported operation is Execute. **ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList** -Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail. +Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail. Data type is string. diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index ad299e4113..46bb00affa 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -556,21 +556,22 @@ Supported operations are Get, Add, Delete, Replace. 3 Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN. -SCEP enrolled cert doesn’t support TPM PIN protection. -Supported values: + +SCEP enrolled cert doesn’t support TPM PIN protection. Supported values: + 1 – private key protected by TPM, 2 – private key protected by phone TPM if the device supports TPM. -All Windows Phone 8.1 devices support TPM and will treat value 2 as 1 3 (default) – private key saved in software KSP -4 – private key protected by NGC. If this option is specified, container name should be specifed, if not enrollment will fail +4 – private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail. Format is int. Supported operations are Get, Add, Delete, Replace + diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 930d7f0b3b..8f140c8f43 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -15,7 +15,7 @@ ms.collection: highpri # Configuration service provider reference -A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. +A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot. For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download). @@ -150,18 +150,6 @@ Additional lists: - -[BrowserFavorite CSP](browserfavorite-csp.md) - - - -|Home|Pro|Business|Enterprise|Education| -|--- |--- |--- |--- |--- | -|No|No|No|No|No| - - - - [CMPolicy CSP](cmpolicy-csp.md) diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index a13b3a0c7d..67d29f0ce3 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -25,7 +25,7 @@ ms.date: 06/26/2017 # DMProcessConfigXMLFiltered function > [!Important] -> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses. +> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses. Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios. @@ -45,7 +45,7 @@ Microsoft recommends that this function isn't used to configure the following ty - Email settings > [!Note] -> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10. +> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10. @@ -54,37 +54,29 @@ Microsoft recommends that this function isn't used to configure the following ty ```C++ HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered( LPCWSTR pszXmlIn, - const WCHAR   **rgszAllowedCspNode, - const DWORD   dwNumAllowedCspNodes, - BSTR    *pbstrXmlOut + const WCHAR **rgszAllowedCspNode, + const DWORD dwNumAllowedCspNodes, + BSTR *pbstrXmlOut ); ``` ## Parameters *pszXmlIn* - -
+ +- [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML). *rgszAllowedCspNode* - -
+ +- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked. *dwNumAllowedCspNodes* - -
+ +- [in] Number of elements passed in rgszAllowedCspNode. *pbstrXmlOut* - -
+ +- [out] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use **SysFreeString** to free the memory. If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned. diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index f55e50ff03..254ba46424 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -16,9 +16,9 @@ ms.date: 07/28/2017 This section provides an example of the mobile device enrollment protocol using federated authentication policy. When the authentication policy is set to Federated, the web authentication broker is leveraged by the enrollment client to get a security token. The enrollment client calls the web authentication broker API within the response message to start the process. The server should build the web authentication broker pages to fit the device screen and should be consistent with the existing enrollment UI. The opaque security token that is returned from the broker as an end page is used by the enrollment client as the device security secret during the client certificate request call. -The <AuthenticationServiceURL> element the discovery response message specifies web authentication broker page start URL. +The `` element the discovery response message specifies web authentication broker page start URL. -For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). +For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). ## In this topic @@ -26,7 +26,7 @@ For details about the Microsoft mobile device enrollment protocol for Windows 1 [Enrollment policy web service](#enrollment-policy-web-service) [Enrollment web service](#enrollment-web-service) -For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported). +For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported). ## Discovery service @@ -35,7 +35,7 @@ The discovery web service provides the configuration information necessary for a > [!NOTE] > The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com. -The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc +The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: `http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc`. The first request is a standard HTTP GET request. @@ -146,7 +146,7 @@ A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse The following are the explicit requirements for the server. -- The <DiscoveryResponse><AuthenticationServiceUrl> element must support HTTPS. +- The ```` element must support HTTPS. - The authentication server must use a device trusted root certificate. Otherwise, the WAP call will fail. - WP doesn’t support Windows Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device. @@ -156,8 +156,8 @@ The enrollment client issues an HTTPS request as follows: AuthenticationServiceUrl?appru=&login_hint= ``` -- <appid> is of the form ms-app://string -- <User Principal Name> is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication. +- `` is of the form ms-app://string +- `` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication. After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter. @@ -191,7 +191,7 @@ Content-Length: 556 ``` -The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary" contained in the <wsse:BinarySecurityToken> EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it is just HTML encoded. This string is opaque to the enrollment client; the client does not interpret the string. +The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it is just HTML encoded. This string is opaque to the enrollment client; the client does not interpret the string. The following example shows a response received from the discovery web service which requires authentication via WAB. @@ -235,18 +235,18 @@ Policy service is optional. By default, if no policies are specified, the minimu This web service implements the X.509 Certificate Enrollment Policy Protocol (MS-XCEP) specification that allows customizing certificate enrollment to match different security needs of enterprises at different times (cryptographic agility). The service processes the GetPolicies message from the client, authenticates the client, and returns matching enrollment policies in the GetPoliciesResponse message. -For Federated authentication policy, the security token credential is provided in a request message using the <wsse:BinarySecurityToken> element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows: +For Federated authentication policy, the security token credential is provided in a request message using the `` element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows: -- wsse:Security: The enrollment client implements the <wsse:Security> element defined in \[WSS\] section 5. The <wsse:Security> element must be a child of the <s:Header> element. -- wsse:BinarySecurityToken: The enrollment client implements the <wsse:BinarySecurityToken> element defined in \[WSS\] section 6.3. The <wsse:BinarySecurityToken> element must be included as a child of the <wsse:Security> element in the SOAP header. +- wsse:Security: The enrollment client implements the `` element defined in \[WSS\] section 5. The `` element must be a child of the `` element. +- wsse:BinarySecurityToken: The enrollment client implements the `` element defined in \[WSS\] section 6.3. The `` element must be included as a child of the `` element in the SOAP header. -As was described in the discovery response section, the inclusion of the <wsse:BinarySecurityToken> element is opaque to the enrollment client, and the client does not interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the <AuthenticationServiceUrl> element of <DiscoveryResponse> and the enterprise server. +As was described in the discovery response section, the inclusion of the `` element is opaque to the enrollment client, and the client does not interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the `` element of `` and the enterprise server. -The <wsse:BinarySecurityToken> element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the <wsse:BinarySecurityToken> element. +The `` element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the `` element. -- wsse:BinarySecurityToken/attributes/ValueType: The `` ValueType attribute must be "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken". +- wsse:BinarySecurityToken/attributes/ValueType: The `` ValueType attribute must be `http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken`. -- wsse:BinarySecurityToken/attributes/EncodingType: The `` EncodingType attribute must be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary". +- wsse:BinarySecurityToken/attributes/EncodingType: The `` EncodingType attribute must be `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary`. The following is an enrollment policy request example with a received security token as client credential. @@ -478,7 +478,7 @@ After validating the request, the web service looks up the assigned certificate > [!Note] > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message. -Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc), because the token is more than an X.509 v3 certificate. +Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (`http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc`), because the token is more than an X.509 v3 certificate. The provisioning XML contains: @@ -616,7 +616,7 @@ The following code shows sample provisioning XML (presented in the preceding pac > [!NOTE] > -> - <Parm name> and <characteristic type=> elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase. +> - `` and `` elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase. > > - In w7 APPLICATION characteristic, both CLIENT and APPSRV credentials should be provided in XML. > diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 0e15800f30..a344d5d843 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -57,7 +57,7 @@ The XML below is the current version for this CSP. - Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache. + Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. @@ -282,7 +282,7 @@ The XML below is the current version for this CSP. - Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache. + Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 64a8ef9104..758e8a4502 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -537,7 +537,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En The following list shows the supported values: - An integer X where 0 <= X <= 999. -- 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." +- 0 (default) - No timeout is defined. diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 87673ea6e7..e81cb17f06 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -149,8 +149,6 @@ items: items: - name: BitLocker DDF file href: bitlocker-ddf-file.md - - name: BrowserFavorite CSP - href: browserfavorite-csp.md - name: CellularSettings CSP href: cellularsettings-csp.md - name: CertificateStore CSP diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 643381e5ac..026dcfb003 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -19,11 +19,12 @@ Use an **APPLICATION** configuration service provider that has an APPID of w4 to The default security roles are defined in the root characteristic, and map to each subnode unless specific permission is granted to the subnode. The default security roles are Manager, Operator, and Operator – TPS. -> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application. +> [!NOTE] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application. The following shows the configuration service provider in tree format as used by OMA Client Provisioning. -```console +```cmd APPLICATION ----APPID ----NAME @@ -45,11 +46,10 @@ This parameter takes a string value. The possible values to configure the NAME p - no value specified -> **Note**  MDM servers should resend APPLICATION/NAME to DMAcc after an upgrade because this value is displayed in the UI but not saved in Windows Phone 8.1 and cannot be migrated to Windows 10. +> [!NOTE] +> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. So after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc. -  - -If no value is specified, the registry location will default to <unnamed>. +If no value is specified, the registry location will default to ``. If `Name` is greater than 40 characters, it will be truncated to 40 characters. @@ -77,13 +77,3 @@ Optional. The maximum authorized size, in KB, for multimedia content. This param [Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - - diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 9d8d9e35c6..35613face4 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -1,6 +1,6 @@ --- title: New policies for Windows 10 (Windows 10) -description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components. +description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components. ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D ms.reviewer: manager: dansimp @@ -20,8 +20,8 @@ ms.topic: reference **Applies to** -- Windows 10 -- Windows 11 +- Windows 10 +- Windows 11 As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows, refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference". @@ -57,7 +57,7 @@ The following Group Policy settings were added in Windows 10, version 1903: - Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use WDDM graphics display driver for Remote Desktop Connections - Windows Components\Windows Logon Options\Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot -## New Group Policy settings in Windows 10, version 1809 +## New Group Policy settings in Windows 10, version 1809 The following Group Policy settings were added in Windows 10, version 1809: @@ -242,7 +242,7 @@ The following Group Policy settings were added in Windows 10, version 1809: - Network\Windows Connection Manager\Enable Windows to soft-disconnect a computer from a network -## New Group Policy settings in Windows 10, version 1803 +## New Group Policy settings in Windows 10, version 1803 The following Group Policy settings were added in Windows 10, version 1803: @@ -282,7 +282,7 @@ The following Group Policy settings were added in Windows 10, version 1803: - Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Ransomware data recovery area -## New Group Policy settings in Windows 10, version 1709 +## New Group Policy settings in Windows 10, version 1709 The following Group Policy settings were added in Windows 10, version 1709: @@ -351,7 +351,7 @@ The following Group Policy settings were added in Windows 10, version 1709: - Windows Components\Windows Update\Do not allow update deferral policies to cause scans against Windows Update -## New Group Policy settings in Windows 10, version 1703 +## New Group Policy settings in Windows 10, version 1703 The following Group Policy settings were added in Windows 10, version 1703: @@ -481,10 +481,9 @@ For a spreadsheet of Group Policy settings included in Windows 10 and Windows Se ## New MDM policies +Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education include previous Windows Phone settings, and new or enhanced settings for Windows 10, such as: -Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education includes settings from Windows Phone 8.1, plus new or enhanced settings for Windows 10, such as: - -- Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only) +- Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only) - Enhanced Bluetooth policies @@ -508,7 +507,7 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10, version 1703, adds a number of [ADMX-backed policies to MDM](./mdm/policy-configuration-service-provider.md). -If you use Microsoft Intune for MDM, you can [configure custom policies](https://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616317). +If you use Microsoft Intune for MDM, you can [configure custom policies](https://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616317). No new [Exchange ActiveSync policies](/exchange/mobile-device-mailbox-policies-exchange-2013-help). For more information, see the [ActiveSync configuration service provider](./mdm/activesync-csp.md) technical reference. @@ -519,7 +518,3 @@ No new [Exchange ActiveSync policies](/exchange/mobile-device-mailbox-policies-e [Manage corporate devices](manage-corporate-devices.md) [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) - - - -  \ No newline at end of file diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md index bbdaae9711..3ed542c5c9 100644 --- a/windows/configuration/manage-wifi-sense-in-enterprise.md +++ b/windows/configuration/manage-wifi-sense-in-enterprise.md @@ -19,26 +19,28 @@ ms.topic: article **Applies to** -- Windows 10 version 1709 and older +- Windows 10 version 1709 and older ->[!IMPORTANT] ->Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details. +> [!IMPORTANT] +> Beginning with Windows 10, version 1803, Wifi-Sense is no longer available. The following information only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details. -Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it. +Wi-Fi Sense learns about open Wi-Fi hotspots your Windows device by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it. -The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. +The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your device with Windows 10. -**Note**
Wi-Fi Sense isn’t available in all countries or regions. +> [!NOTE] +> >Wi-Fi Sense isn’t available in all countries or regions. ## How does Wi-Fi Sense work? Wi-Fi Sense connects your employees to open Wi-Fi networks. Typically, these are the open (no password required) Wi-Fi hotspots you see when you’re out and about. ## How to manage Wi-Fi Sense in your company -In a company environment, you will most likely deploy Windows 10 to your employees' PCs using your preferred deployment method and then manage their settings globally. With that in mind, you have a few options for managing how your employees will use Wi-Fi Sense. +In a company environment, you will most likely deploy Windows 10 to your employees devices using your preferred deployment method and then manage their settings globally. With that in mind, you have a few options for managing how your employees will use Wi-Fi Sense. -**Important**
Turning off Wi-Fi Sense stops employees from connecting automatically to open hotspots. +> [!IMPORTANT] +> Turning off Wi-Fi Sense stops employees from connecting automatically to open hotspots. -### Using Group Policy (available starting with Windows 10, version 1511) +### Using Group Policy (available starting with Windows 10, version 1511) You can manage your Wi-Fi Sense settings by using Group Policy and your Group Policy editor. **To set up Wi-Fi Sense using Group Policy** @@ -57,7 +59,8 @@ You can manage your Wi-Fi Sense settings by using registry keys and the Registry 1. Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\` 2. Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**. -

Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see How to configure Wi-Fi Sense on Windows 10 in an enterprise. + + Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](/troubleshoot/windows-client/networking/configure-wifi-sense-and-paid-wifi-service). ![Registry Editor, showing the creation of a new DWORD value.](images/wifisense-registry.png) @@ -67,7 +70,8 @@ You can manage your Wi-Fi Sense settings by changing the Windows provisioning se **To set up Wi-Fi Sense using WiFISenseAllowed** - Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**. -

Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, WiFiSenseAllowed. + + Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](./wcd/wcd-connectivityprofiles.md#wifisense). ### Using Unattended Windows Setup settings If your company still uses Unattend, you can manage your Wi-Fi Sense settings by changing the Unattended Windows Setup setting, **WiFiSenseAllowed**. @@ -75,24 +79,24 @@ If your company still uses Unattend, you can manage your Wi-Fi Sense settings by **To set up Wi-Fi Sense using WiFISenseAllowed** - Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**. -

Setting this value to 0 turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, WiFiSenseAllowed. + + Setting this value to `0` turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](/previous-versions//mt186511(v=vs.85)). ### How employees can change their own Wi-Fi Sense settings -If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**. +If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**. ![Wi-Fi Sense options shown to employees if it's not turned off.](images/wifisense-settingscreens.png) -**Important**
The service that was used to share networks with Facebook friends, Outlook.com contacts, or Skype contacts is no longer available. This means: +> [!IMPORTANT] +> The service that was used to share networks with Facebook friends, Outlook.com contacts, or Skype contacts is no longer available. This means: -The **Connect to networks shared by my contacts** setting will still appear in **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings** on your PC and in **Settings > Network & wireless > Wi‑Fi > Wi‑Fi Sense** on your phone. However, this setting will have no effect now. Regardless of what it’s set to, networks won’t be shared with your contacts. Your contacts won’t be connected to networks you’ve shared with them, and you won’t be connected to networks they’ve shared with you. +The **Connect to networks shared by my contacts** setting will still appear in **Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings** on your device. However, this setting will have no effect now. Regardless of what it’s set to, networks won’t be shared with your contacts. Your contacts won’t be connected to networks you’ve shared with them, and you won’t be connected to networks they’ve shared with you. Even if you selected **Automatically connect to networks shared by your contacts** when you first set up your Windows 10 device, you still won’t be connected to networks your contacts have shared with you. If you select the **Share network with my contacts** check box the first time you connect to a new network, the network won’t be shared. ## Related topics + - [Wi-Fi Sense and Privacy](https://go.microsoft.com/fwlink/p/?LinkId=620911) - [How to configure Wi-Fi Sense on Windows 10 in an enterprise](/troubleshoot/windows-client/networking/configure-wifi-sense-and-paid-wifi-service) - - - diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml index a8e1aa8c67..c35f6f3570 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml @@ -149,5 +149,5 @@ sections: Use the following resources for additional information about Windows 10. - If you are an IT professional or if you have a question about administering, managing, or deploying Windows 10 in your organization or business, visit the [Windows 10 IT Professional forums](https://social.technet.microsoft.com/forums/home?category=windows10itpro) on TechNet. - If you are an end user or if you have a question about using Windows 10, visit the [Windows 10 forums on Microsoft Community](https://answers.microsoft.com/windows/forum/windows_10). - - If you are a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev) or [Windows and Windows phone apps forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsapps) on MSDN. - - If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home) on TechNet. + - If you are a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev). + - If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home). diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index 43752ab87d..62ba908c10 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -5076,7 +5076,7 @@ The following fields are available: - **TargetAppId** The target app ID. - **TargetAppVer** The target app version. - + ## Windows Store events diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index aa7bdd87b0..15aca0d717 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -614,7 +614,7 @@ This policy setting is used to control the encryption method and cipher strength |**Policy path**|Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| |**Conflicts**|None| |**When enabled**|You can choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.| -|**When disabled or not configured**|Beginning with Windows 10, version 1511, or Windows 11, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. Windows Phone does not support XTS; it uses AES-CBC 128-bit by default and supports AES-CBC 256-bit by policy.| +|**When disabled or not configured**|Beginning with Windows 10, version 1511, or Windows 11, BitLocker uses the default encryption method of XTS-AES 128-bit or the encryption method that is specified by the setup script. **Reference** diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 3fb7d9b80d..1a019df8fe 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -19,7 +19,7 @@ ms.reviewer: **Applies to:** -- Windows 10, version 1607 and later +- Windows 10, version 1607 and later Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device. @@ -100,15 +100,15 @@ Select **Store apps**, type the app product name and publisher, and click **OK** ![Add Store app.](images/add-a-protected-store-app.png) -To add multiple Store apps, click the ellipsis **…**. +To add multiple Store apps, click the ellipsis `…`. If you don't know the Store app publisher or product name, you can find them by following these steps. 1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Power BI Mobile App*. -2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. +2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is `https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1`, and you'd copy the ID value, `9nblgggzlxn1`. -3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata, where `9nblgggzlxn1` is replaced with your ID value. +3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata`, where `9nblgggzlxn1` is replaced with your ID value. The API runs and opens a text editor with the app details. @@ -131,6 +131,7 @@ If you don't know the Store app publisher or product name, you can find them by > "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d", > } + + ### Add Desktop apps To add **Desktop apps**, complete the following fields, based on what results you want returned. diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 20366cd3bd..fd9c51a888 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -16,9 +16,9 @@ ms.topic: article # What's new in Windows 10 Enterprise LTSC 2019 **Applies to** -- Windows 10 Enterprise LTSC 2019 +- Windows 10 Enterprise LTSC 2019 -This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). +This article lists new and updated features and content that are of interest to IT Pros for Windows 10 Enterprise LTSC 2019, compared to Windows 10 Enterprise LTSC 2016 (LTSB). For a brief description of the LTSC servicing channel and associated support, see [Windows 10 Enterprise LTSC](index.md). >[!NOTE] >Features in Windows 10 Enterprise LTSC 2019 are equivalent to Windows 10, version 1809. @@ -200,8 +200,6 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti - You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). -- For Windows Phone devices, an administrator is able to initiate a remote PIN reset through the Intune portal. - - For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset). [Windows Hello](/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in [Kiosk configuration](#kiosk-configuration). @@ -210,13 +208,13 @@ New features in [Windows Hello for Business](/windows/security/identity-protecti - Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions. -- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their phone or device Bluetooth is off. +- Windows Hello is part of the account protection pillar in Windows Defender Security Center. Account Protection will encourage password users to set up Windows Hello Face, Fingerprint or PIN for faster sign in, and will notify Dynamic lock users if Dynamic lock has stopped working because their device Bluetooth is off. - You can set up Windows Hello from lock screen for MSA accounts. We’ve made it easier for Microsoft account users to set up Windows Hello on their devices for faster and more secure sign-in. Previously, you had to navigate deep into Settings to find Windows Hello. Now, you can set up Windows Hello Face, Fingerprint or PIN straight from your lock screen by clicking the Windows Hello tile under Sign-in options. - New [public API](/uwp/api/windows.security.authentication.web.core.webauthenticationcoremanager.findallaccountsasync#Windows_Security_Authentication_Web_Core_WebAuthenticationCoreManager_FindAllAccountsAsync_Windows_Security_Credentials_WebAccountProvider_) for secondary account SSO for a particular identity provider. -- It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: phone Bluetooth is off). +- It is easier to set up Dynamic lock, and WD SC actionable alerts have been added when Dynamic lock stops working (ex: device Bluetooth is off). For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97) @@ -348,7 +346,7 @@ If you have shared devices deployed in your work place, **Fast sign-in** enables **To enable fast sign-in:** -1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise LTSC 2019. +1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise LTSC 2019. 2. Set the Policy CSP, and the **Authentication** and **EnableFastFirstSignIn** policies to enable fast sign-in. @@ -586,11 +584,11 @@ Users attempt to connect to a Miracast receiver as they did previously. When the If you have a device that has been updated to Windows 10 Enterprise LTSC 2019, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: -- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise LTSC 2019, or a later OS. +- The device (PC or Surface Hub) needs to be running Windows 10, version 1703, Windows 10 Enterprise LTSC 2019, or a later OS. -- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. +- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows device can act as a Miracast over Infrastructure *source*. - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - - As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. + - As a Miracast source, the device must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. - The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 9afb045cb7..102af90453 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -18,7 +18,7 @@ ms.topic: article Below is a list of some of what's new in Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update). -For more general info about Windows 10 features, see [Features available only on Windows 10](https://www.microsoft.com/windows/features). For info about previous versions of Windows 10, see [What's New in Windows 10](./index.yml). Also see this blog post: [What’s new for IT pros in the Windows 10 Creators Update](https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/). +For more general info about Windows 10 features, see [Features available only on Windows 10](https://www.microsoft.com/windows/features). For info about previous versions of Windows 10, see [What's New in Windows 10](./index.yml). Also see this blog post: [What’s new for IT pros in the Windows 10 Creators Update](https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/). >[!NOTE] >Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](/windows/deployment/planning/windows-10-removed-features). @@ -99,23 +99,20 @@ For details, see [MBR2GPT.EXE](/windows/deployment/mbr-to-gpt). ### Microsoft Defender for Endpoint New features in Microsoft Defender for Endpoint for Windows 10, version 1703 include: -- **Detection**
- Enhancements to the detection capabilities include: +- **Detection**: Enhancements to the detection capabilities include: - [Use the threat intelligence API to create custom alerts](/windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization. - Improvements on OS memory and kernel sensors to enable detection of attackers who are using in-memory and kernel-level attacks - Upgraded detections of ransomware and other advanced attacks - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed -- **Investigation**
- Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Microsoft Defender for Endpoint portal. Other capabilities have been added to help you gain a holistic view on investigations. +- **Investigation**: Enterprise customers can now take advantage of the entire Windows security stack with Microsoft Defender Antivirus detections and Device Guard blocks being surfaced in the Microsoft Defender for Endpoint portal. Other capabilities have been added to help you gain a holistic view on investigations. Other investigation enhancements include: - [Investigate a user account](/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection) - Identify user accounts with the most active alerts and investigate cases of potential compromised credentials. - [Alert process tree](/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection#alert-process-tree) - Aggregates multiple detections and related events into a single view to reduce case resolution time. - [Pull alerts using REST API](/windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection) - Use REST API to pull alerts from Microsoft Defender for Endpoint. -- **Response**
- When detecting an attack, security response teams can now take immediate action to contain a breach: +- **Response**: When detecting an attack, security response teams can now take immediate action to contain a breach: - [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. @@ -168,8 +165,6 @@ A new security policy setting You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). -For Windows Phone devices, an administrator is able to initiate a remote PIN reset through the Intune portal. - For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset). @@ -295,10 +290,10 @@ Users attempt to connect to a Miracast receiver as they did previously. When the If you have a device that has been updated to Windows 10, version 1703, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: -- The device (PC, phone, or Surface Hub) needs to be running Windows 10, version 1703. -- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. +- The device (PC or Surface Hub) needs to be running Windows 10, version 1703. +- A Windows PC or Surface Hub can act as a Miracast over Infrastructure *receiver*. A Windows device can act as a Miracast over Infrastructure *source*. - As a Miracast receiver, the PC or Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - - As a Miracast source, the PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. + - As a Miracast source, the device must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. - The DNS Hostname (device name) of the device needs to be resolvable via your DNS servers. You can achieve this by either allowing your device to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the device's hostname. - Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. @@ -325,4 +320,4 @@ Update Compliance helps you to keep Windows 10 devices in your organization secu Update Compliance is a solution built using OMS Log Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. -For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor). \ No newline at end of file +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](/windows/deployment/update/update-compliance-monitor).