-System audit policy -Category/Subcategory Setting -Logon/Logoff - Network Policy Server Success and Failure -- -If it says, "No auditing," you can run this command to enable it: -```console -auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable -``` - -Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**. - -## More references - -[Troubleshooting Windows Vista 802.11 Wireless Connections](/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues. - -> [!NOTE] -> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5). - -## Summary - -There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck: - -| Phase | Boot Process | BIOS | UEFI | -|-----------|----------------------|------------------------------------|-----------------------------------| -| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware | -| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi | -| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi | -| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | | - -1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager. - -2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition. - -3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run. - -4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START. - - The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START. - - - -Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger. - -:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png"::: - -Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases. - -> [!NOTE] -> If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle: -> -> `Bcdedit /set {default} recoveryenabled no` -> -> If the F8 options don't work, run the following command: -> -> `Bcdedit /set {default} bootmenupolicy legacy` - -## BIOS phase - -To determine whether the system has passed the BIOS phase, follow these steps: - -1. If there are any external peripherals connected to the computer, disconnect them. - -2. Check whether the hard disk drive light on the physical computer is working. If it's not working, this dysfunction indicates that the startup process is stuck at the BIOS phase. - -3. Press the NumLock key to see whether the indicator light toggles on and off. If it doesn't toggle, this dysfunction indicates that the startup process is stuck at BIOS. - - If the system is stuck at the BIOS phase, there may be a hardware problem. - -## Boot loader phase - -If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase: - -- Boot Configuration Data (BCD) missing or corrupted -- Boot file or MBR corrupted -- Operating system Missing -- Boot sector missing or corrupted -- Bootmgr missing or corrupted -- Unable to boot due to system hive missing or corrupted - -To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods. - -### Method 1: Startup Repair tool - -The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically. - -To do this task of invoking the Startup Repair tool, follow these steps. - -> [!NOTE] -> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre). - -1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d). - -2. On the **Install Windows** screen, select **Next** > **Repair your computer**. - -3. On the **Choose an option** screen, select **Troubleshoot**. - -4. On the **Advanced options** screen, select **Startup Repair**. - -5. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly. - -The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location: - -`%windir%\System32\LogFiles\Srt\Srttrail.txt` - -For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad). - -### Method 2: Repair Boot Codes - -To repair boot codes, run the following command: - -```command -BOOTREC /FIXMBR -``` - -To repair the boot sector, run the following command: - -```command -BOOTREC /FIXBOOT -``` - -> [!NOTE] -> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem. - -### Method 3: Fix BCD errors - -If you receive BCD-related errors, follow these steps: - -1. Scan for all the systems that are installed. To do this step, run the following command: - - ```command - Bootrec /ScanOS - ``` - -2. Restart the computer to check whether the problem is fixed. - -3. If the problem isn't fixed, run the following commands: - - ```command - bcdedit /export c:\bcdbackup - - attrib c:\boot\bcd -r -s -h - - ren c:\boot\bcd bcd.old - - bootrec /rebuildbcd - ``` - -4. Restart the system. - -### Method 4: Replace Bootmgr - -If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this replacement, follow these steps: - -1. At a command prompt, change the directory to the System Reserved partition. - -2. Run the `attrib` command to unhide the file: - - ```command - attrib -r -s -h - ``` - -3. Navigate to the system drive and run the same command: - - ```command - attrib -r -s -h - ``` - -4. Rename the `bootmgr` file as `bootmgr.old`: - - ```command - ren c:\bootmgr bootmgr.old - ``` - -5. Navigate to the system drive. - -6. Copy the `bootmgr` file, and then paste it to the System Reserved partition. - -7. Restart the computer. - -### Method 5: Restore system hive - -If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`. - -If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. - -> [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). - -## Kernel Phase - -If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples: - -- A Stop error appears after the splash screen (Windows Logo screen). - -- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`. - - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md) - - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) - -- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon. - -- A black screen appears after the splash screen. - -To troubleshoot these problems, try the following recovery boot options one at a time. - -### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration - -On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps: - -1. Use one of the following methods to open Event Viewer: - - - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**. - - - Start the Event Viewer snap-in in Microsoft Management Console (MMC). - -2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**. - -3. In the details pane, open the event that you want to view. - -4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**. - -5. Use the up arrow or down arrow key to view the description of the previous or next event. - -### Clean boot - -To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`). -Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party. - -Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**. - -For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd). - -If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement: -[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64) - -> [!NOTE] -> If the computer is a domain controller, try Directory Services Restore mode (DSRM). -> -> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2" - -#### Examples - -> [!WARNING] -> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk. - -*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)* - -To troubleshoot this Stop error, follow these steps to filter the drivers: - -1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version. - -2. Open the registry. - -3. Load the system hive, and name it **test**. - -4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers: - - `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class` - -5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data. - -6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive. - -7. Restart the server in Normal mode. - -For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md). - -To fix problems that occur after you install Windows updates, check for pending updates by using these steps: - -1. Open a Command Prompt window in WinRE. - -2. Run the command: - - ```command - DISM /image:C:\ /get-packages - ``` - -3. If there are any pending updates, uninstall them by running the following commands: - - ```command - DISM /image:C:\ /remove-package /packagename: name of the package - - DISM /Image:C:\ /Cleanup-Image /RevertPendingActions - ``` - - Try to start the computer. - -If the computer doesn't start, follow these steps: - -1. Open a command prompt window in WinRE, and start a text editor, such as Notepad. - -2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`. - -3. If the pending.xml file is found, rename the file as `pending.xml.old`. - -4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test. - -5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value. - -6. If the `pendingxmlidentifier` value exists, delete it. - -7. Unload the test hive. - -8. Load the system hive, name it **test**. - -9. Navigate to the following subkey: - - `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller` - -10. Change the **Start** value from `1` to `4`. - -11. Unload the hive. - -12. Try to start the computer. - -If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md). - -For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md). - -For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md). - -Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines: - -- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does. - -- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver. - -- If the stop error indicates system file corruption, run the system file checker in offline mode. - - - To do this action, open WinRE, open a command prompt, and then run the following command: - - ```command - SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows - ``` - - For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues). - - - If there's disk corruption, run the check disk command: - - ```command - chkdsk /f /r - ``` - -- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps: - - 1. Start WinRE, and open a command prompt window. - 2. Start a text editor, such as Notepad. - 3. Navigate to `C:\Windows\System32\Config\`. - 4. Rename the all five hives by appending `.old` to the name. - 5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode. - -> [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md deleted file mode 100644 index 35484e641a..0000000000 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ /dev/null @@ -1,324 +0,0 @@ ---- -title: Advanced Troubleshooting Wireless Network Connectivity -ms.reviewer: -manager: dougeby -description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. -ms.prod: w10 -author: aczechowski -ms.localizationpriority: medium -ms.author: aaroncz -ms.topic: troubleshooting ---- - -# Advanced troubleshooting wireless network connectivity - -> [!NOTE] -> Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi problems in Windows 10, check out this [Windows 10 Wi-Fi fix article](https://support.microsoft.com/en-in/help/4000432/windows-10-fix-wi-fi-problems). - -## Overview - -This overview describes the general troubleshooting of establishing Wi-Fi connections from Windows clients. -Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found. -This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario. - -## Scenarios - -This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7. - -> [!NOTE] -> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](/windows/desktop/etw/event-tracing-portal) (ETW). It's not meant to be representative of every wireless problem scenario. - -Wireless ETW is incredibly verbose and calls out many innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem. - -It's important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors. -The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem. - -### Known Issues and fixes - -| OS version | Fixed in | -| --- | --- | -| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | -| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) | -| **Windows 10, version 1703** | [KB4338827](https://support.microsoft.com/help/4338827) | - -Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update-history webpage for your system: -- [Windows 10 version 1809](https://support.microsoft.com/help/4464619) -- [Windows 10 version 1803](https://support.microsoft.com/help/4099479) -- [Windows 10 version 1709](https://support.microsoft.com/en-us/help/4043454) -- [Windows 10 version 1703](https://support.microsoft.com/help/4018124) -- [Windows 10 version 1607 and Windows Server 2016](https://support.microsoft.com/help/4000825) -- [Windows 10 version 1511](https://support.microsoft.com/help/4000824) -- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) -- [Windows Server 2012](https://support.microsoft.com/help/4009471) -- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469) - -## Data Collection - -1. Network Capture with ETW. Enter the following command at an elevated command prompt: - - ```console - netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl - ``` -2. Reproduce the issue. - - If there's a failure to establish connection, try to manually connect. - - If it's intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure. - - If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data. - - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop). -3. Stop the trace by entering the following command: - - ```console - netsh trace stop - ``` -4. To convert the output file to text format: - - ```console - netsh trace convert c:\tmp\wireless.etl - ``` - -See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you'll have three files: wireless.cab, wireless.etl, and wireless.txt. - -## Troubleshooting - -The following view is a high-level one of the main wifi components in Windows. - -|Wi-fi Components|Description| -|--- |--- | -||The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.| -||The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows:
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
-
-> [!NOTE]
-> If you're not a support agent or IT professional, you'll find more helpful information about stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
-
-## What causes stop errors?
-
-A stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:
-
-- `atikmpag.sys`
-- `igdkmd64.sys`
-- `nvlddmkm.sys`
-
-There's no simple explanation for the cause of stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that stop errors usually aren't caused by Microsoft Windows components. Instead, these errors are related to malfunctioning hardware drivers or drivers that are installed by third-party software. These drivers include video cards, wireless network cards, security programs, and so on.
-
-Our analysis of the root causes of crashes indicates that:
-
-- 70% are caused by third-party driver code.
-- 10% are caused by hardware issues.
-- 5% are caused by Microsoft code.
-- 15% have unknown causes, because the memory is too corrupted to analyze.
-
-> [!NOTE]
-> The root cause of stop errors is never a user-mode process. While a user-mode process (such as Notepad or Slack) may trigger a stop error, it is merely exposing the underlying bug which is always in a driver, hardware, or the OS.
-
-## General troubleshooting steps
-
-To troubleshoot stop error messages, follow these general steps:
-
-1. Review the stop error code that you find in the event logs. Search online for the specific stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.
-
-1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system. For example:
-
- - [Windows 10, version 21H2](https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb)
- - [Windows 10, version 21H1](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11)
- - [Windows 10, version 20H2](https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3)
-
-1. Make sure that the BIOS and firmware are up-to-date.
-
-1. Run any relevant hardware and memory tests.
-
-1. Run [Microsoft Safety Scanner](/microsoft-365/security/intelligence/safety-scanner-download) or any other virus detection program that includes checks of the MBR for infections.
-
-1. Make sure that there's sufficient free space on the hard disk. The exact requirement varies, but we recommend 10-15 percent free disk space.
-
-1. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:
-
- - The error message indicates that a specific driver is causing the problem.
- - You're seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash.
- - You have made any software or hardware changes.
-
- > [!NOTE]
- > If there are no updates available from a specific manufacturer, we recommend that you disable the related service.
- >
- > For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
- >
- > You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver).
- >
- > You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll back a device driver to a previous version](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)).
-
-### Memory dump collection
-
-To configure the system for memory dump files, follow these steps:
-
-1. Select the Taskbar search box, type **Advanced system settings**, and then press **Enter**.
-
-2. On the **Advanced** tab on the System Properties box, select the **Settings** button that appears in the section **Startup and Recovery**.
-
-3. In the new window, select the drop-down below the option **Write debugging information**.
-
-4. Choose **Automatic memory dump**.
-
-5. Select **OK**.
-
-6. Restart the computer for the setting to take effect.
-
-7. If the server is virtualized, disable auto reboot after the memory dump file is created. This disablement lets you take a snapshot of the server in-state and also if the problem recurs.
-
-The memory dump file is saved at the following locations:
-
-| Dump file type | Location |
-|---------------------------------|-----------------------------------------------------|
-| (none) | `%SystemRoot%\MEMORY.DMP` (inactive, or grayed out) |
-| Small memory dump file (256 kb) | `%SystemRoot%\Minidump` |
-| Kernel memory dump file | `%SystemRoot%\MEMORY.DMP` |
-| Complete memory dump file | `%SystemRoot%\MEMORY.DMP` |
-| Automatic memory dump file | `%SystemRoot%\MEMORY.DMP` |
-| Active memory dump file | `%SystemRoot%\MEMORY.DMP` |
-
-You can use the Microsoft Crash Dump File Checker (DumpChk) tool to verify that the memory dump files aren't corrupted or invalid. For more information, see the following video:
-
-> [!VIDEO https://www.youtube.com/embed/xN7tOfgNKag]
-
-For more information on how to use Dumpchk.exe to check your dump files, see the following articles:
-
-- [Using DumpChk](/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpChk](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
-
-### Pagefile settings
-
-For more information on pagefile settings, see the following articles:
-
-- [Introduction to page files](introduction-page-file.md)
-- [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
-- [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
-
-### Memory dump analysis
-
-Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.
-
-When a stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the stop error again. If you can replicate the problem, you can usually determine the cause.
-
-You can use the tools such as Windows Software Development Kit (SDK) and symbols to diagnose dump logs. The next section discusses how to use this tool.
-
-## Advanced troubleshooting steps
-
-> [!NOTE]
-> Advanced troubleshooting of crash dumps can be very challenging if you aren't experienced with programming and internal Windows mechanisms. We have attempted to provide a brief insight here into some of the techniques used, including some examples. However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. For a video overview, [Debugging kernel mode crashes and hangs](/shows/defrag-tools/defragtools-137-debugging-kernel-mode-dumps). Also see the advanced references listed below.
-
-### Advanced debugging references
-
-- [Advanced Windows Debugging, first edition book](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)
-- [Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](/windows-hardware/drivers/debugger/)
-
-### Debugging steps
-
-1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. For more information, see [Method 1: Memory dump](troubleshoot-windows-freeze.md#method-1-memory-dump).
-
-2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
-
-3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk).
-
-4. Start the install and choose **Debugging Tools for Windows**. The WinDbg tool is installed.
-
-5. Go to the **File** menu and select **Symbol File Path** to open the WinDbg tool and set the symbol path.
-
- 1. If the computer is connected to the internet, enter the [Microsoft public symbol server](/windows-hardware/drivers/debugger/microsoft-public-symbols): `https://msdl.microsoft.com/download/symbols` and select **OK**. This method is recommended.
-
- 1. If the computer isn't connected to the internet, specify a local [symbol path](/windows-hardware/drivers/debugger/symbol-path).
-
-6. Select **Open Crash Dump**, and then open the memory.dmp file that you copied.
-
- :::image type="content" alt-text="Example output in WinDbg when opening a crash dump file." source="images/windbg.png" lightbox="images/windbg.png":::
-
-7. Under **Bugcheck Analysis**, select **`!analyze -v`**. The command `!analyze -v` is entered in the prompt at the bottom of the page.
-
-8. A detailed bug check analysis appears.
-
- :::image type="content" alt-text="An example detailed bug check analysis." source="images/bugcheck-analysis.png" lightbox="images/bugcheck-analysis.png":::
-
-9. Scroll down to the **STACK_TEXT** section. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash. If applicable, it also says what service is crashing the DLL.
-
-10. For more information about how to interpret the STACK_TEXT output, see [Using the !analyze Extension](/windows-hardware/drivers/debugger/using-the--analyze-extension).
-
-There are many possible causes of a bug check and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
-
-> [!NOTE]
-> HEX data is removed here and lines are numbered for clarity.
-
-```console
-1 : nt!KeBugCheckEx
-2 : nt!PspCatchCriticalBreak+0xff
-3 : nt!PspTerminateAllThreads+0x1134cf
-4 : nt!PspTerminateProcess+0xe0
-5 : nt!NtTerminateProcess+0xa9
-6 : nt!KiSystemServiceCopyEnd+0x13
-7 : nt!KiServiceLinkage
-8 : nt!KiDispatchException+0x1107fe
-9 : nt!KiFastFailDispatch+0xe4
-10 : nt!KiRaiseSecurityCheckFailure+0x3d3
-11 : ntdll!RtlpHpFreeWithExceptionProtection$filt$0+0x44
-12 : ntdll!_C_specific_handler+0x96
-13 : ntdll!RtlpExecuteHandlerForException+0xd
-14 : ntdll!RtlDispatchException+0x358
-15 : ntdll!KiUserExceptionDispatch+0x2e
-16 : ntdll!RtlpHpVsContextFree+0x11e
-17 : ntdll!RtlpHpFreeHeap+0x48c
-18 : ntdll!RtlpHpFreeWithExceptionProtection+0xda
-19 : ntdll!RtlFreeHeap+0x24a
-20 : FWPolicyIOMgr!FwBinariesFree+0xa7c2
-21 : mpssvc!FwMoneisDiagEdpPolicyUpdate+0x1584f
-22 : mpssvc!FwEdpMonUpdate+0x6c
-23 : ntdll!RtlpWnfWalkUserSubscriptionList+0x29b
-24 : ntdll!RtlpWnfProcessCurrentDescriptor+0x105
-25 : ntdll!RtlpWnfNotificationThread+0x80
-26 : ntdll!TppExecuteWaitCallback+0xe1
-27 : ntdll!TppWorkerThread+0x8d0
-28 : KERNEL32!BaseThreadInitThunk+0x14
-29 : ntdll!RtlUserThreadStart+0x21
-```
-
-This issue is because of the **mpssvc** service, which is a component of the Windows Firewall. The problem was repaired by disabling the firewall temporarily and then resetting firewall policies.
-
-For more examples, see [Debugging examples](#debugging-examples).
-
-## Video resources
-
-The following videos illustrate various troubleshooting techniques for analyzing dump files.
-
-- [Analyze dump file](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
-- [Installing debugging tool for Windows (x64 and x86)](/shows/defrag-tools/building-your-usb-thumbdrive)
-- [Debugging kernel mode crash memory dumps](/shows/defrag-tools/defragtools-137-debugging-kernel-mode-dumps)
-- [Special pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
-
-## Advanced troubleshooting using Driver Verifier
-
-We estimate that about 75 percent of all stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception. It can then further examine that part of the code.
-
-> [!WARNING]
-> Driver Verifier consumes lots of CPU and can slow down the computer significantly. You may also experience additional crashes. Verifier disables faulty drivers after a stop error occurs, and continues to do this until you can successfully restart the system and access the desktop. You can also expect to see several dump files created.
->
-> Don't try to verify all the drivers at one time. This action can degrade performance and make the system unusable. It also limits the effectiveness of the tool.
-
-Use the following guidelines when you use Driver Verifier:
-
-- Test any "suspicious" drivers. For example, drivers that were recently updated or that are known to be problematic.
-
-- If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
-
-- Enable concurrent verification on groups of 10-20 drivers.
-
-- Additionally, if the computer can't boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This solution is because the tool can't run in Safe mode.
-
-For more information, see [Driver Verifier](/windows-hardware/drivers/devtest/driver-verifier).
-
-## Common Windows stop errors
-
-This section doesn't contain a list of all error codes, but since many error codes have the same potential resolutions, your best bet is to follow the steps below to troubleshoot your error.
-
-The following sections list general troubleshooting procedures for common stop error codes.
-
-### VIDEO_ENGINE_TIMEOUT_DETECTED or VIDEO_TDR_TIMEOUT_DETECTED
-
-Stop error code 0x00000141, or 0x00000117
-
-Contact the vendor of the listed display driver to get an appropriate update for that driver.
-
-### DRIVER_IRQL_NOT_LESS_OR_EQUAL
-
-Stop error code 0x0000000D1
-
-Apply the latest updates for the driver by applying the latest cumulative updates for the system through the Microsoft Update Catalog website. Update an outdated network driver. Virtualized VMware systems often run "Intel(R) PRO/1000 MT Network Connection" (e1g6032e.sys). You can download this driver from the [Intel Download Drivers & Software website](https://downloadcenter.intel.com). Contact the hardware vendor to update the network driver for a resolution. For VMware systems, use the VMware integrated network driver instead of Intel's e1g6032e.sys. For example, use VMware types `VMXNET`, `VMXNET2`, or `VMXNET3`.
-
-### PAGE_FAULT_IN_NONPAGED_AREA
-
-Stop error code 0x000000050
-
-If a driver is identified in the stop error message, contact the manufacturer for an update. If no updates are available, disable the driver, and monitor the system for stability. Run `chkdsk /f /r` to detect and repair disk errors. Restart the system before the disk scan begins on a system partition. Contact the manufacturer for any diagnostic tools that they may provide for the hard disk subsystem. Try to reinstall any application or service that was recently installed or updated. It's possible that the crash was triggered while the system was starting applications and reading the registry for preference settings. Reinstalling the application can fix corrupted registry keys. If the problem persists, and you have run a recent system state backup, try to restore the registry hives from the backup.
-
-### SYSTEM_SERVICE_EXCEPTION
-
-Stop error code c000021a {Fatal System Error} The Windows SubSystem system process terminated unexpectedly with a status of 0xc0000005. The system has been shut down.
-
-Use the System File Checker tool to repair missing or corrupted system files. The System File Checker lets users scan for corruptions in Windows system files and restore corrupted files. For more information, see [Use the System File Checker tool](https://support.microsoft.com/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e).
-
-### NTFS_FILE_SYSTEM
-
-Stop error code 0x000000024
-
-This stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this step, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button. Update the NTFS file system driver (Ntfs.sys). Apply the latest cumulative updates for the current operating system that's experiencing the problem.
-
-### KMODE_EXCEPTION_NOT_HANDLED
-
-Stop error code 0x0000001E
-
-If a driver is identified in the stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added.
-
-If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use safe mode to disable the driver in Device Manager. To disable the driver, follow these steps:
-
-1. Go to **Settings > Update & security > Recovery**.
-1. Under **Advanced startup**, select **Restart now**.
-1. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**.
-1. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in safe mode. If you intend to use the internet while in safe mode, press **5** or **F5** for the **Safe Mode with Networking** option.
-
-### DPC_WATCHDOG_VIOLATION
-
-Stop error code 0x00000133
-
-This stop error code is caused by a faulty driver that doesn't complete its work within the allotted time frame in certain conditions. To help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for other error messages that might help identify the device or driver that's causing stop error 0x133. Verify that any new hardware that's installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the `c:\windows\memory.dmp` file into the debugger. Then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](/archive/blogs/ntdebugging/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012) to find the problematic driver from the memory dump.
-
-### USER_MODE_HEALTH_MONITOR
-
-Stop error code 0x0000009E
-
-This stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
-
-This stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe. Check the event logs for any storage failures to identify the failing process. Try to update the component or process that's indicated in the event logs. You should see the following event recorded:
-
-- Event ID: 4870
-- Source: Microsoft-Windows-FailoverClustering
-- Description: User mode health monitoring has detected that the system isn't being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID '%1', for '%2' seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
-
-For more information, see ["0x0000009E" Stop error on cluster nodes in a Windows Server-based multi-node failover cluster environment](https://support.microsoft.com/topic/-0x0000009e-stop-error-on-cluster-nodes-in-a-windows-server-based-multi-node-failover-cluster-environment-7e0acceb-b498-47f8-e004-96de6e497cba) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
-
-## Debugging examples
-
-### Example 1
-
-This bug check is caused by a driver hang during upgrade, resulting in a bug check D1 in NDIS.sys, which is a Microsoft driver. The **IMAGE_NAME** tells you the faulting driver, but since this driver is s Microsoft driver, it can't be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
-
-```console
-2: kd> !analyze -v
-*******************************************************************************
-* *
-* Bugcheck Analysis *
-* *
-*******************************************************************************
-
-DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
-An attempt was made to access a pageable (or completely invalid) address at an
-interrupt request level (IRQL) that is too high. This is usually
-caused by drivers using improper addresses.
-If kernel debugger is available get stack backtrace.
-Arguments:
-Arg1: 000000000011092a, memory referenced
-Arg2: 0000000000000002, IRQL
-Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
-Arg4: fffff807aa74f4c4, address which referenced memory
-Debugging Details:
-------------------
-
-KEY_VALUES_STRING: 1
-STACKHASH_ANALYSIS: 1
-TIMELINE_ANALYSIS: 1
-DUMP_CLASS: 1
-DUMP_QUALIFIER: 400
-SIMULTANEOUS_TELSVC_INSTANCES: 0
-SIMULTANEOUS_TELWP_INSTANCES: 0
-BUILD_VERSION_STRING: 16299.15.amd64fre.rs3_release.170928-1534
-SYSTEM_MANUFACTURER: Alienware
-SYSTEM_PRODUCT_NAME: Alienware 15 R2
-SYSTEM_SKU: Alienware 15 R2
-SYSTEM_VERSION: 1.2.8
-BIOS_VENDOR: Alienware
-BIOS_VERSION: 1.2.8
-BIOS_DATE: 01/29/2016
-BASEBOARD_MANUFACTURER: Alienware
-BASEBOARD_PRODUCT: Alienware 15 R2
-BASEBOARD_VERSION: A00
-DUMP_TYPE: 2
-BUGCHECK_P1: 11092a
-BUGCHECK_P2: 2
-BUGCHECK_P3: 1
-BUGCHECK_P4: fffff807aa74f4c4
-WRITE_ADDRESS: fffff80060602380: Unable to get MiVisibleState
-Unable to get NonPagedPoolStart
-Unable to get NonPagedPoolEnd
-Unable to get PagedPoolStart
-Unable to get PagedPoolEnd
-000000000011092a
-CURRENT_IRQL: 2
-FAULTING_IP:
-NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
-fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx
-CPU_COUNT: 8
-CPU_MHZ: a20
-CPU_VENDOR: GenuineIntel
-CPU_FAMILY: 6
-CPU_MODEL: 5e
-CPU_STEPPING: 3
-CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: BA'00000000 (cache) BA'00000000 (init)
-BLACKBOXPNP: 1 (!blackboxpnp)
-DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
-BUGCHECK_STR: AV
-PROCESS_NAME: System
-ANALYSIS_SESSION_HOST: SHENDRIX-DEV0
-ANALYSIS_SESSION_TIME: 01-17-2019 11:06:05.0653
-ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
-TRAP_FRAME: ffffa884c0c3f6b0 -- (.trap 0xffffa884c0c3f6b0)
-NOTE: The trap frame doesn't contain all registers.
-Some register values may be zeroed or incorrect.
-rax=fffff807ad018bf0 rbx=0000000000000000 rcx=000000000011090a
-rdx=fffff807ad018c10 rsi=0000000000000000 rdi=0000000000000000
-rip=fffff807aa74f4c4 rsp=ffffa884c0c3f840 rbp=000000002408fd00
-r8=ffffb30e0e99ea30 r9=0000000001d371c1 r10=0000000020000080
-r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
-r14=0000000000000000 r15=0000000000000000
-iopl=0 nv up ei ng nz na pe nc
-NDIS!NdisQueueIoWorkItem+0x4:
-fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx ds:00000000`0011092a=????????????????
-Resetting default scope
-
-LAST_CONTROL_TRANSFER: from fffff800603799e9 to fffff8006036e0e0
-
-STACK_TEXT:
-ffffa884`c0c3f568 fffff800`603799e9 : 00000000`0000000a 00000000`0011092a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134]
-ffffa884`c0c3f570 fffff800`60377d7d : fffff78a`4000a150 ffffb30e`03fba001 ffff8180`f0b5d180 00000000`000000ff : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998]
-ffffa884`c0c3f6b0 fffff807`aa74f4c4 : 00000000`00000002 ffff8180`f0754180 00000000`00269fb1 ffff8180`f0754180 : nt!KiPageFault+0x23d [minkernel\ntos\ke\amd64\trap.asm @ 1248]
-ffffa884`c0c3f840 fffff800`60256b63 : ffffb30e`0e18f710 ffff8180`f0754180 ffffa884`c0c3fa18 00000000`00000002 : NDIS!NdisQueueIoWorkItem+0x4 [minio\ndis\sys\miniport.c @ 9708]
-ffffa884`c0c3f870 fffff800`60257bfd : 00000000`00000008 00000000`00000000 00000000`00269fb1 ffff8180`f0754180 : nt!KiProcessExpiredTimerList+0x153 [minkernel\ntos\ke\dpcsup.c @ 2078]
-ffffa884`c0c3f960 fffff800`6037123a : 00000000`00000000 ffff8180`f0754180 00000000`00000000 ffff8180`f0760cc0 : nt!KiRetireDpcList+0x43d [minkernel\ntos\ke\dpcsup.c @ 1512]
-ffffa884`c0c3fb60 00000000`00000000 : ffffa884`c0c40000 ffffa884`c0c39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a [minkernel\ntos\ke\amd64\idle.asm @ 166]
-
-RETRACER_ANALYSIS_TAG_STATUS: Failed in getting KPCR for core 2
-THREAD_SHA1_HASH_MOD_FUNC: 5b59a784f22d4b5cbd5a8452fe39914b8fd7961d
-THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5643383f9cae3ca39073f7721b53f0c633bfb948
-THREAD_SHA1_HASH_MOD: 20edda059578820e64b723e466deea47f59bd675
-FOLLOWUP_IP:
-NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
-fffff807`aa74f4c4 48895120 mov qword ptr [rcx+20h],rdx
-FAULT_INSTR_CODE: 20518948
-FAULTING_SOURCE_LINE: minio\ndis\sys\miniport.c
-FAULTING_SOURCE_FILE: minio\ndis\sys\miniport.c
-FAULTING_SOURCE_LINE_NUMBER: 9708
-FAULTING_SOURCE_CODE:
- 9704: _In_ _Points_to_data_ PVOID WorkItemContext
- 9705: )
- 9706: {
- 9707:
-> 9708: ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->Routine = Routine;
- 9709: ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->WorkItemContext = WorkItemContext;
- 9710:
- 9711: IoQueueWorkItem(((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->IoWorkItem,
- 9712: ndisDispatchIoWorkItem,
- 9713: CriticalWorkQueue,
-
-SYMBOL_STACK_INDEX: 3
-SYMBOL_NAME: NDIS!NdisQueueIoWorkItem+4
-FOLLOWUP_NAME: ndiscore
-MODULE_NAME: NDIS
-IMAGE_NAME: NDIS.SYS
-DEBUG_FLR_IMAGE_TIMESTAMP: 0
-IMAGE_VERSION: 10.0.16299.99
-DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR: Hybrid_FALSE
-DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR: GPU0_VenId0x1414_DevId0x8d_WDDM1.3_Active;
-STACK_COMMAND: .thread ; .cxr ; kb
-BUCKET_ID_FUNC_OFFSET: 4
-FAILURE_BUCKET_ID: AV_NDIS!NdisQueueIoWorkItem
-BUCKET_ID: AV_NDIS!NdisQueueIoWorkItem
-PRIMARY_PROBLEM_CLASS: AV_NDIS!NdisQueueIoWorkItem
-TARGET_TIME: 2017-12-10T14:16:08.000Z
-OSBUILD: 16299
-OSSERVICEPACK: 98
-SERVICEPACK_NUMBER: 0
-OS_REVISION: 0
-SUITE_MASK: 784
-PRODUCT_TYPE: 1
-OSPLATFORM_TYPE: x64
-OSNAME: Windows 10
-OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
-OS_LOCALE:
-USER_LCID: 0
-OSBUILD_TIMESTAMP: 2017-11-26 03:49:20
-BUILDDATESTAMP_STR: 170928-1534
-BUILDLAB_STR: rs3_release
-BUILDOSVER_STR: 10.0.16299.15.amd64fre.rs3_release.170928-1534
-ANALYSIS_SESSION_ELAPSED_TIME: 8377
-ANALYSIS_SOURCE: KM
-FAILURE_ID_HASH_STRING: km:av_ndis!ndisqueueioworkitem
-FAILURE_ID_HASH: {10686423-afa1-4852-ad1b-9324ac44ac96}
-FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
-Followup: ndiscore
----------
-```
-
-### Example 2
-
-In this example, a non-Microsoft driver caused page fault, so we don't have symbols for this driver. However, looking at **IMAGE_NAME** and or **MODULE_NAME** indicates it's **WwanUsbMP.sys** that caused the issue. Disconnecting the device and retrying the upgrade is a possible solution.
-
-```console
-1: kd> !analyze -v
-*******************************************************************************
-* *
-* Bugcheck Analysis *
-* *
-*******************************************************************************
-
-PAGE_FAULT_IN_NONPAGED_AREA (50)
-Invalid system memory was referenced. This can't be protected by try-except.
-Typically the address is just plain bad or it is pointing at freed memory.
-Arguments:
-Arg1: 8ba10000, memory referenced.
-Arg2: 00000000, value 0 = read operation, 1 = write operation.
-Arg3: 82154573, If non-zero, the instruction address which referenced the bad memory
- address.
-Arg4: 00000000, (reserved)
-
-Debugging Details:
-------------------
-
-*** WARNING: Unable to verify timestamp for WwanUsbMp.sys
-*** ERROR: Module load completed but symbols could not be loaded for WwanUsbMp.sys
-
-KEY_VALUES_STRING: 1
-STACKHASH_ANALYSIS: 1
-TIMELINE_ANALYSIS: 1
-DUMP_CLASS: 1
-DUMP_QUALIFIER: 400
-BUILD_VERSION_STRING: 16299.15.x86fre.rs3_release.170928-1534
-MARKER_MODULE_NAME: IBM_ibmpmdrv
-SYSTEM_MANUFACTURER: LENOVO
-SYSTEM_PRODUCT_NAME: 20AWS07H00
-SYSTEM_SKU: LENOVO_MT_20AW_BU_Think_FM_ThinkPad T440p
-SYSTEM_VERSION: ThinkPad T440p
-BIOS_VENDOR: LENOVO
-BIOS_VERSION: GLET85WW (2.39 )
-BIOS_DATE: 09/29/2016
-BASEBOARD_MANUFACTURER: LENOVO
-BASEBOARD_PRODUCT: 20AWS07H00
-BASEBOARD_VERSION: Not Defined
-DUMP_TYPE: 2
-BUGCHECK_P1: ffffffff8ba10000
-BUGCHECK_P2: 0
-BUGCHECK_P3: ffffffff82154573
-BUGCHECK_P4: 0
-READ_ADDRESS: 822821d0: Unable to get MiVisibleState
-8ba10000
-FAULTING_IP:
-nt!memcpy+33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213
-82154573 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
-MM_INTERNAL_CODE: 0
-CPU_COUNT: 4
-CPU_MHZ: 95a
-CPU_VENDOR: GenuineIntel
-CPU_FAMILY: 6
-CPU_MODEL: 3c
-CPU_STEPPING: 3
-CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 21'00000000 (cache) 21'00000000 (init)
-BLACKBOXBSD: 1 (!blackboxbsd)
-BLACKBOXPNP: 1 (!blackboxpnp)
-DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
-BUGCHECK_STR: AV
-PROCESS_NAME: System
-CURRENT_IRQL: 2
-ANALYSIS_SESSION_HOST: SHENDRIX-DEV0
-ANALYSIS_SESSION_TIME: 01-17-2019 10:54:53.0780
-ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
-TRAP_FRAME: 8ba0efa8 -- (.trap 0xffffffff8ba0efa8)
-ErrCode = 00000000
-eax=8ba1759e ebx=a2bfd314 ecx=00001d67 edx=00000002 esi=8ba10000 edi=a2bfe280
-eip=82154573 esp=8ba0f01c ebp=8ba0f024 iopl=0 nv up ei pl nz ac pe nc
-cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010216
-nt!memcpy+0x33:
-82154573 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
-Resetting default scope
-LOCK_ADDRESS: 8226c6e0 -- (!locks 8226c6e0)
-Cannot get _ERESOURCE type
-Resource @ nt!PiEngineLock (0x8226c6e0) Available
-1 total locks
-PNP_TRIAGE_DATA:
- Lock address : 0x8226c6e0
- Thread Count : 0
- Thread address: 0x00000000
- Thread wait : 0x0
-
-LAST_CONTROL_TRANSFER: from 82076708 to 821507e8
-
-STACK_TEXT:
-8ba0ede4 82076708 00000050 8ba10000 00000000 nt!KeBugCheckEx [minkernel\ntos\ke\i386\procstat.asm @ 114]
-8ba0ee40 8207771e 8ba0efa8 8ba10000 8ba0eea0 nt!MiSystemFault+0x13c8 [minkernel\ntos\mm\mmfault.c @ 4755]
-8ba0ef08 821652ac 00000000 8ba10000 00000000 nt!MmAccessFault+0x83e [minkernel\ntos\mm\mmfault.c @ 6868]
-8ba0ef08 82154573 00000000 8ba10000 00000000 nt!_KiTrap0E+0xec [minkernel\ntos\ke\i386\trap.asm @ 5153]
-8ba0f024 86692866 a2bfd314 8ba0f094 0000850a nt!memcpy+0x33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213]
-8ba0f040 866961bc 8ba0f19c a2bfd0e8 00000000 NDIS!ndisMSetPowerManagementCapabilities+0x8a [minio\ndis\sys\miniport.c @ 7969]
-8ba0f060 866e1f66 866e1caf adfb9000 00000000 NDIS!ndisMSetGeneralAttributes+0x23d [minio\ndis\sys\miniport.c @ 8198]
-8ba0f078 ac50c15f a2bfd0e8 0000009f 00000001 NDIS!NdisMSetMiniportAttributes+0x2b7 [minio\ndis\sys\miniport.c @ 7184]
-WARNING: Stack unwind information not available. Following frames may be wrong.
-8ba0f270 ac526f96 adfb9000 a2bfd0e8 8269b9b0 WwanUsbMp+0x1c15f
-8ba0f3cc 866e368a a2bfd0e8 00000000 8ba0f4c0 WwanUsbMp+0x36f96
-8ba0f410 867004b0 a2bfd0e8 a2bfd0e8 a2be2a70 NDIS!ndisMInvokeInitialize+0x60 [minio\ndis\sys\miniport.c @ 13834]
-8ba0f7ac 866dbc8e a2acf730 866b807c 00000000 NDIS!ndisMInitializeAdapter+0xa23 [minio\ndis\sys\miniport.c @ 601]
-8ba0f7d8 866e687d a2bfd0e8 00000000 00000000 NDIS!ndisInitializeAdapter+0x4c [minio\ndis\sys\initpnp.c @ 931]
-8ba0f800 866e90bb adfb64d8 00000000 a2bfd0e8 NDIS!ndisPnPStartDevice+0x118 [minio\ndis\sys\configm.c @ 4235]
-8ba0f820 866e8a58 adfb64d8 a2bfd0e8 00000000 NDIS!ndisStartDeviceSynchronous+0xbd [minio\ndis\sys\ndispnp.c @ 3096]
-8ba0f838 866e81df adfb64d8 8ba0f85e 8ba0f85f NDIS!ndisPnPIrpStartDevice+0xb4 [minio\ndis\sys\ndispnp.c @ 1067]
-8ba0f860 820a7e98 a2bfd030 adfb64d8 8ba0f910 NDIS!ndisPnPDispatch+0x108 [minio\ndis\sys\ndispnp.c @ 2429]
-8ba0f878 8231f07e 8ba0f8ec adf5d4c8 872e2eb8 nt!IofCallDriver+0x48 [minkernel\ntos\io\iomgr\iosubs.c @ 3149]
-8ba0f898 820b8569 820c92b8 872e2eb8 8ba0f910 nt!PnpAsynchronousCall+0x9e [minkernel\ntos\io\pnpmgr\irp.c @ 3005]
-8ba0f8cc 820c9a76 00000000 820c92b8 872e2eb8 nt!PnpSendIrp+0x67 [minkernel\ntos\io\pnpmgr\irp.h @ 286]
-8ba0f914 8234577b 872e2eb8 adf638b0 adf638b0 nt!PnpStartDevice+0x60 [minkernel\ntos\io\pnpmgr\irp.c @ 3187]
-8ba0f94c 82346cc7 872e2eb8 adf638b0 adf638b0 nt!PnpStartDeviceNode+0xc3 [minkernel\ntos\io\pnpmgr\start.c @ 1712]
-8ba0f96c 82343c68 00000000 a2bdb3d8 adf638b0 nt!PipProcessStartPhase1+0x4d [minkernel\ntos\io\pnpmgr\start.c @ 114]
-8ba0fb5c 824db885 8ba0fb80 00000000 00000000 nt!PipProcessDevNodeTree+0x386 [minkernel\ntos\io\pnpmgr\enum.c @ 6129]
-8ba0fb88 8219571b 85852520 8c601040 8226ba90 nt!PiRestartDevice+0x91 [minkernel\ntos\io\pnpmgr\enum.c @ 4743]
-8ba0fbe8 820804af 00000000 00000000 8c601040 nt!PnpDeviceActionWorker+0xdb4b7 [minkernel\ntos\io\pnpmgr\action.c @ 674]
-8ba0fc38 8211485c 85852520 421de295 00000000 nt!ExpWorkerThread+0xcf [minkernel\ntos\ex\worker.c @ 4270]
-8ba0fc70 82166785 820803e0 85852520 00000000 nt!PspSystemThreadStartup+0x4a [minkernel\ntos\ps\psexec.c @ 7756]
-8ba0fc88 82051e07 85943940 8ba0fcd8 82051bb9 nt!KiThreadStartup+0x15 [minkernel\ntos\ke\i386\threadbg.asm @ 82]
-8ba0fc94 82051bb9 8b9cc600 8ba10000 8ba0d000 nt!KiProcessDeferredReadyList+0x17 [minkernel\ntos\ke\thredsup.c @ 5309]
-8ba0fcd8 00000000 00000000 00000000 00000000 nt!KeSetPriorityThread+0x249 [minkernel\ntos\ke\thredobj.c @ 3881]
-
-
-RETRACER_ANALYSIS_TAG_STATUS: Failed in getting KPCR for core 1
-THREAD_SHA1_HASH_MOD_FUNC: e029276c66aea80ba36903e89947127118d31128
-THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 012389f065d31c8eedd6204846a560146a38099b
-THREAD_SHA1_HASH_MOD: 44dc639eb162a28d47eaeeae4afe6f9eeccced3d
-FOLLOWUP_IP:
-WwanUsbMp+1c15f
-ac50c15f 8bf0 mov esi,eax
-FAULT_INSTR_CODE: f33bf08b
-SYMBOL_STACK_INDEX: 8
-SYMBOL_NAME: WwanUsbMp+1c15f
-FOLLOWUP_NAME: MachineOwner
-MODULE_NAME: WwanUsbMp
-IMAGE_NAME: WwanUsbMp.sys
-DEBUG_FLR_IMAGE_TIMESTAMP: 5211bb0c
-DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR: Hybrid_FALSE
-DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR: GPU0_VenId0x1414_DevId0x8d_WDDM1.3_NotActive;GPU1_VenId0x8086_DevId0x416_WDDM1.3_Active_Post;
-STACK_COMMAND: .thread ; .cxr ; kb
-BUCKET_ID_FUNC_OFFSET: 1c15f
-FAILURE_BUCKET_ID: AV_R_INVALID_WwanUsbMp!unknown_function
-BUCKET_ID: AV_R_INVALID_WwanUsbMp!unknown_function
-PRIMARY_PROBLEM_CLASS: AV_R_INVALID_WwanUsbMp!unknown_function
-TARGET_TIME: 2018-02-12T11:33:51.000Z
-OSBUILD: 16299
-OSSERVICEPACK: 15
-SERVICEPACK_NUMBER: 0
-OS_REVISION: 0
-SUITE_MASK: 272
-PRODUCT_TYPE: 1
-OSPLATFORM_TYPE: x86
-OSNAME: Windows 10
-OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
-OS_LOCALE:
-USER_LCID: 0
-OSBUILD_TIMESTAMP: 2017-09-28 18:32:28
-BUILDDATESTAMP_STR: 170928-1534
-BUILDLAB_STR: rs3_release
-BUILDOSVER_STR: 10.0.16299.15.x86fre.rs3_release.170928-1534
-ANALYSIS_SESSION_ELAPSED_TIME: 162bd
-ANALYSIS_SOURCE: KM
-FAILURE_ID_HASH_STRING: km:av_r_invalid_wwanusbmp!unknown_function
-FAILURE_ID_HASH: {31e4d053-0758-e43a-06a7-55f69b072cb3}
-FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
-
-Followup: MachineOwner
----------
-
-ReadVirtual: 812d1248 not properly sign extended
-```
-
-## References
-
-[Bug check code reference](/windows-hardware/drivers/debugger/bug-check-code-reference2)
diff --git a/windows/client-management/troubleshoot-tcpip-connectivity.md b/windows/client-management/troubleshoot-tcpip-connectivity.md
deleted file mode 100644
index a04d75d606..0000000000
--- a/windows/client-management/troubleshoot-tcpip-connectivity.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Troubleshoot TCP/IP connectivity
-description: Learn how to troubleshoot TCP/IP connectivity and what you should do if you come across TCP reset in a network capture.
-ms.prod: w10
-ms.topic: troubleshooting
-author: dansimp
-ms.localizationpriority: medium
-ms.author: dansimp
-ms.date: 12/06/2018
-ms.reviewer:
-manager: dansimp
-ms.collection: highpri
----
-
-# Troubleshoot TCP/IP connectivity
-
-You might come across connectivity errors on the application end or timeout errors. The following are the most common scenarios:
-- Application connectivity to a database server
-- SQL timeout errors
-- BizTalk application timeout errors
-- Remote Desktop Protocol (RDP) failures
-- File share access failures
-- General connectivity
-
-When you suspect that the issue is on the network, you collect a network trace. The network trace would then be filtered. During troubleshooting connectivity errors, you might come across TCP reset in a network capture that could indicate a network issue.
-
-* TCP is defined as connection-oriented and reliable protocol. One of the ways in which TCP ensures reliability is through the handshake process. Establishing a TCP session would begin with a three-way handshake, followed by data transfer, and then a four-way closure. The four-way closure where both sender and receiver agree on closing the session is termed as *graceful closure*. After the four-way closure, the server will allow 4 minutes of time (default), during which any pending packets on the network are to be processed, this period is the TIME_WAIT state. After the TIME_WAIT state completes, all the resources allocated for this connection are released.
-
-* TCP reset is an abrupt closure of the session; it causes the resources allocated to the connection to be immediately released and all other information about the connection is erased.
-
-* TCP reset is identified by the RESET flag in the TCP header set to `1`.
-
-A network trace on the source and the destination helps you to determine the flow of the traffic and see at what point the failure is observed.
-
-The following sections describe some of the scenarios when you'll see a RESET.
-
-## Packet drops
-
-When one TCP peer is sending out TCP packets for which there's no response received from the other end, the TCP peer would end up retransmitting the data and when there's no response received, it would end the session by sending an ACK RESET (thisACK RESET means that the application acknowledges whatever data is exchanged so far, but because of packet drop, the connection is closed).
-
-The simultaneous network traces on source and destination will help you verify this behavior where on the source side you would see the packets being retransmitted and on the destination none of these packets are seen. This scenario denotes that the network device between the source and destination is dropping the packets.
-
-If the initial TCP handshake is failing because of packet drops, then you would see that the TCP SYN packet is retransmitted only three times.
-
-Source side connecting on port 445:
-
-
-
-Destination side: applying the same filter, you don't see any packets.
-
-
-
-For the rest of the data, TCP will retransmit the packets five times.
-
-**Source 192.168.1.62 side trace:**
-
-
-
-**Destination 192.168.1.2 side trace:**
-
-You wouldn't see any of the above packets. Engage your network team to investigate with the different hops and see if any of them are potentially causing drops in the network.
-
-If you're seeing that the SYN packets are reaching the destination, but the destination is still not responding, then verify if the port that you're trying to connect to is in the listening state. (Netstat output will help). If the port is listening and still there's no response, then there could be a wfp drop.
-
-## Incorrect parameter in the TCP header
-
-You see this behavior when the packets are modified in the network by middle devices and TCP on the receiving end is unable to accept the packet, such as the sequence number being modified, or packets being replayed by middle device by changing the sequence number. Again, the simultaneous network trace on the source and destination will be able to tell you if any of the TCP headers are modified. Start by comparing the source trace and destination trace, you'll be able to notice if there's a change in the packets itself or if any new packets are reaching the destination on behalf of the source.
-
-In this case, you'll again need help from the network team to identify any device that's modifying packets or replaying packets to the destination. The most common ones are RiverBed devices or WAN accelerators.
-
-
-## Application side reset
-
-When you've identified that the resets aren't due to retransmits or incorrect parameter or packets being modified with the help of network trace, then you've narrowed it down to application level reset.
-
-The application resets are the ones where you see the Acknowledgment flag set to `1` along with the reset flag. This setting would mean that the server is acknowledging the receipt of the packet but for some reason it will not accept the connection. This stage is when the application that received the packet didn't like something it received.
-
-In the below screenshots, you see that the packets seen on the source and the destination are the same without any modification or any drops, but you see an explicit reset sent by the destination to the source.
-
-**Source Side**
-
-
-
-**On the destination-side trace**
-
-
-
-You also see an ACK+RST flag packet in a case when the TCP establishment packet SYN is sent out. The TCP SYN packet is sent when the client wants to connect on a particular port, but if the destination/server for some reason doesn't want to accept the packet, it would send an ACK+RST packet.
-
-
-
-The application that's causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection.
-
->[!Note]
->The above information is about resets from a TCP standpoint and not UDP. UDP is a connectionless protocol and the packets are sent unreliably. You wouldn't see retransmission or resets when using UDP as a transport protocol. However, UDP makes use of ICMP as a error reporting protocol. When you've the UDP packet sent out on a port and the destination does not have port listed, you'll see the destination sending out **ICMP Destination host unreachable: Port unreachable** message immediately after the UDP packet
-
-
-```
-10.10.10.1 10.10.10.2 UDP UDP:SrcPort=49875,DstPort=3343
-
-10.10.10.2 10.10.10.1 ICMP ICMP:Destination Unreachable Message, Port Unreachable,10.10.10.2:3343
-```
-
-
-During the troubleshooting connectivity issue, you might also see in the network trace that a machine receives packets but doesn't respond to. In such cases, there could be a drop at the server level. To understand whether the local firewall is dropping the packet, enable the firewall auditing on the machine.
-
-```
-auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
-```
-
-You can then review the Security event logs to see for a packet drop on a particular port-IP and a filter ID associated with it.
-
-
-
-Now, run the command `netsh wfp show state`, this execution will generate a wfpstate.xml file. After you open this file and filter for the ID that you find in the above event (2944008), you'll be able to see a firewall rule name that's associated with this ID that's blocking the connection.
-
-
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
deleted file mode 100644
index 18eff7c2dd..0000000000
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-title: Collect data using Network Monitor
-description: Learn how to run Network Monitor to collect data for troubleshooting TCP/IP connectivity.
-ms.prod: w10
-ms.topic: troubleshooting
-author: dansimp
-ms.localizationpriority: medium
-ms.author: dansimp
-ms.date: 01/27/2022
-ms.reviewer:
-manager: dansimp
-ms.collection: highpri
----
-
-# Collect data using Network Monitor
-
-In this article, you'll learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
-
-> [!NOTE]
-> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages were removed from microsoft.com sites on November 25, 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, consider using another, non-Microsoft network protocol analyzer tool. For more information, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide).
-
-To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image:
-
-
-
-When the driver gets hooked to the network interface card (NIC) during installation, the NIC is reinitialized, which might cause a brief network glitch.
-
-**To capture traffic**
-
-1. Run netmon in an elevated status by choosing **Run as Administrator**.
-
- 
-
-2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then select **Start**.
-
- 
-
-3. Reproduce the issue, and you'll see that Network Monitor grabs the packets on the wire.
-
- 
-
-4. Select **Stop**, and go to **File > Save as** to save the results. By default, the file will be saved as a ".cap" file.
-
-The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you're facing. So you'll need to filter the network capture to see only the related traffic.
-
-**Commonly used filters**
-
-- Ipv4.address=="client ip" and ipv4.address=="server ip"
-- Tcp.port==
-- Udp.port==
-- Icmp
-- Arp
-- Property.tcpretranmits
-- Property.tcprequestfastretransmits
-- Tcp.flags.syn==1
-
->[!TIP]
->If you want to filter the capture for a specific field and do not know the syntax for that filter, just right-click that field and select **Add *the selected value* to Display Filter**.
-
-Network traces that are collected using the **netsh** commands built in to Windows are of the extension "ETL". However, these ETL files can be opened using Network Monitor for further analysis.
-
-## More information
-
-[Intro to Filtering with Network Monitor 3.0](/archive/blogs/netmon/intro-to-filtering-with-network-monitor-3-0) Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
-
-In these topics, you will learn how to troubleshoot common problems that are related to Windows startup.
-
-## How it works
-
-When Microsoft Windows experiences a condition that compromises safe system operation, the system halts. These Windows startup problems are categorized in the following groups:
-
-- Bug check: Also commonly known as a system crash, a kernel error, or a Stop error.
-
-- No boot: The system may not produce a bug check but is unable to start up into Windows.
-
-- Freeze: Also known as "system hang".
-
-## Best practices
-
-To understand the underlying cause of Windows startup problems, it's important that the system be configured correctly. Here are some best practices for configuration:
-
-### Page file settings
-
-- [Introduction of page file](introduction-page-file.md)
-
-- [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
-
-### Memory dump settings
-
-- [Configure system failure and recovery options in Windows](system-failure-recovery-options.md)
-
-- [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
-
-## Troubleshooting
-
-These articles will walk you through the resources you need to troubleshoot Windows startup issues:
-
-- [Advanced troubleshooting for Windows boot problems](./advanced-troubleshooting-boot-problems.md)
-
-- [Advanced troubleshooting for Stop error or blue screen error](./troubleshoot-stop-errors.md)
-
-- [Advanced troubleshooting for Windows-based computer freeze issues](./troubleshoot-windows-freeze.md)
-
-- [Stop error occurs when you update the in-box Broadcom network adapter driver](troubleshoot-stop-error-on-broadcom-driver-update.md)
\ No newline at end of file
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
deleted file mode 100644
index 6dd2f0b24a..0000000000
--- a/windows/client-management/windows-10-support-solutions.md
+++ /dev/null
@@ -1,132 +0,0 @@
----
-title: Windows 10 support solutions
-description: Learn where to find information about troubleshooting Windows 10 issues, for example BitLocker issues and bugcheck errors.
-ms.reviewer: kaushika
-manager: aaroncz
-ms.prod: w10
-ms.author: vinpa
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.topic: troubleshooting
----
-
-# Windows 10 support solutions
-
-Microsoft regularly releases both updates for Windows Server. To ensure your servers can receive future updates, including security updates, it's important to keep your servers updated. Check out - [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history) for a complete list of released updates.
-
-This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 in an enterprise or IT pro environment. More topics will be added as they become available.
-
-## Troubleshoot 802.1x Authentication
-- [Advanced Troubleshooting 802.1X Authentication](./advanced-troubleshooting-802-authentication.md)
-- [Data collection for troubleshooting 802.1X authentication](./data-collection-for-802-authentication.md)
-
-## Troubleshoot BitLocker
-- [Guidelines for troubleshooting BitLocker](/windows/security/information-protection/bitlocker/troubleshoot-bitlocker)
-- [BitLocker can't encrypt a drive: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues)
-- [Enforcing BitLocker policies by using Intune: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
-- [BitLocker Network Unlock: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues)
-- [BitLocker recovery: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues)
-- [BitLocker configuration: known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-config-issues)
-- [BitLocker can't encrypt a drive: known TPM issues](/windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues)
-- [BitLocker and TPM: other known issues](/windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues)
-- [Decode Measured Boot logs to track PCR changes](/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs)
-- [BitLocker frequently asked questions (FAQ)](/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions)
-
-## Troubleshoot Bugcheck and Stop errors
-- [Introduction to the page file](./introduction-page-file.md)
-- [How to determine the appropriate page file size for 64-bit versions of Windows](./determine-appropriate-page-file-size.md)
-- [Configure system failure and recovery options in Windows](./system-failure-recovery-options.md)
-- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md)
-- [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md)
-- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
-- [Blue Screen Data - Windows drivers](/windows-hardware/drivers/debugger/blue-screen-data)
-- [Bug Check Code Reference - Windows drivers](/windows-hardware/drivers/debugger/bug-check-code-reference2)
-
-## Troubleshoot Credential Guard
-- [Windows Defender Credential Guard - Known issues (Windows 10)](/windows/security/identity-protection/credential-guard/credential-guard-known-issues)
-
-## Troubleshoot Disks
-- [MBR2GPT](/windows/deployment/mbr-to-gpt)
-- [Windows and GPT FAQ](/windows-hardware/manufacture/desktop/windows-and-gpt-faq)
-
-## Troubleshoot Kiosk mode
-- [Troubleshoot kiosk mode issues](/windows/configuration/kiosk-troubleshoot)
-
-## Troubleshoot No Boot
-- [Advanced troubleshooting for Windows boot problems](./advanced-troubleshooting-boot-problems.md)
-
-## Troubleshoot Push Button Reset
-- [Push-button reset frequently-asked questions (FAQ)](/windows-hardware/manufacture/desktop/pbr-faq)
-- [Push-button reset frequently-asked questions (FAQ)](/windows-hardware/manufacture/desktop/pbr-validation)
-- [Recovery components](/windows-hardware/manufacture/desktop/recovery-strategy-for-common-customizations)
-
-### Troubleshoot Power Management
-- [Modern Standby FAQs](/windows-hardware/design/device-experiences/modern-standby-faqs)
-
-
-## Troubleshoot Secure Boot
-- [Secure Boot isn't configured correctly: troubleshooting](/windows-hardware/manufacture/desktop/secure-boot-isnt-configured-correctly-troubleshooting)
-
-
-## Troubleshoot Setup and Install
-- [Deployment Troubleshooting and Log Files](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files)
-
-
-## Troubleshoot Start Menu
-- [Troubleshoot Start menu errors](/windows/configuration/start-layout-troubleshoot)
-
-
-## Troubleshoot Subscription Activation
-- [Deploy Windows 10 Enterprise licenses](/windows/deployment/deploy-enterprise-licenses)
-
-## Troubleshoot System Hang
-- [Advanced troubleshooting for Windows-based computer freeze issues](./troubleshoot-windows-freeze.md)
-
-## Troubleshoot TCP/IP Communication
-- [Collect data using Network Monitor](./troubleshoot-tcpip-netmon.md)
-- [Troubleshoot TCP/IP connectivity](./troubleshoot-tcpip-connectivity.md)
-- [Troubleshoot port exhaustion issues](./troubleshoot-tcpip-port-exhaust.md)
-- [Troubleshoot Remote Procedure Call (RPC) errors](./troubleshoot-tcpip-rpc-errors.md)
-
-## Troubleshoot User State Migration Toolkit (USMT)
-- [Common Issues](/windows/deployment/usmt/usmt-common-issues)
-- [Frequently Asked Questions](/windows/deployment/usmt/usmt-faq)
-- [Log Files](/windows/deployment/usmt/usmt-log-files)
-- [Return Codes](/windows/deployment/usmt/usmt-return-codes)
-
-## Troubleshoot Windows Hello for Business (WHFB)
-- [Windows Hello for Business Frequently Asked Questions](/windows/security/identity-protection/hello-for-business/hello-faq)
-- [Windows Hello errors during PIN creation (Windows 10)](/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation)
-- [Event ID 300 - Windows Hello successfully created (Windows 10)](/windows/security/identity-protection/hello-for-business/hello-event-300)
-
-
-## Troubleshoot Windows Analytics
-- [Frequently asked questions and troubleshooting Windows Analytics](/windows/deployment/update/windows-analytics-faq-troubleshooting)
-
-## Troubleshoot Windows Update
-- [How Windows Update works](/windows/deployment/update/how-windows-update-works)
-- [Windows Update log files](/windows/deployment/update/windows-update-logs)
-- [Windows Update troubleshooting](/windows/deployment/update/windows-update-troubleshooting)
-- [Windows Update common errors and mitigation](/windows/deployment/update/windows-update-errors)
-- [Windows Update - More resources](/windows/deployment/update/windows-update-resources)
-- [Get started with Windows Update](/windows/deployment/update/windows-update-overview)
-- [Servicing stack updates](/windows/deployment/update/servicing-stack-updates)
-
-## Troubleshoot Windows Upgrade
-- [Quick fixes - Windows IT Pro](/windows/deployment/upgrade/quick-fixes)
-- [SetupDiag](/windows/deployment/upgrade/setupdiag)
-- [Troubleshoot Windows 10 upgrade errors - Windows IT Pro](/windows/deployment/upgrade/troubleshoot-upgrade-errors)
-- [Windows error reporting - Windows IT Pro](/windows/deployment/upgrade/windows-error-reporting)
-- [Upgrade error codes - Windows IT Pro](/windows/deployment/upgrade/upgrade-error-codes)
-- [Log files - Windows IT Pro](/windows/deployment/upgrade/log-files)
-- [Resolution procedures - Windows IT Pro](/windows/deployment/upgrade/resolution-procedures)
-
-## Troubleshoot Windows Recovery (WinRE)
-- [Windows RE troubleshooting features](/windows-hardware/manufacture/desktop/windows-re-troubleshooting-features)
-
-## Troubleshoot Wireless Connection
-- [Advanced Troubleshooting Wireless Network Connectivity](./advanced-troubleshooting-wireless-network-connectivity.md)
-
-## Other Resources
-
-- [Troubleshooting Windows Server components](/windows-server/troubleshoot/windows-server-troubleshooting)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 149f92d455..12383a7586 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -3,11 +3,12 @@ title: Provision PCs with common settings (Windows 10/11)
description: Create a provisioning package to apply common settings to a PC running Windows 10.
ms.reviewer: gkomatsu
manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
+ms.technology: itpro-configure
---
# Provision PCs with common settings for initial deployment (desktop wizard)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index cfa21daedd..073685eb1c 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -1,7 +1,7 @@
---
title: Provision PCs with apps and certificates (Windows 10)
description: Create a provisioning package to apply settings to a PC running Windows 10.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.date: 07/27/2017
ms.reviewer:
manager: aaroncz
+ms.technology: itpro-configure
---
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 7e5632400f..dd404266a8 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,13 +1,14 @@
---
title: Provision PCs with apps (Windows 10/11)
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.author: lizlong
ms.topic: article
ms.reviewer: gkomatsu
manager: aaroncz
+ms.technology: itpro-configure
---
# Provision PCs with apps
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index a7fc0987ba..945abf326f 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -42,6 +42,9 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
- [Instructions for Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
+
+ >[!NOTE]
+ >To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
- The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 76c5aaf5a9..9b347a6304 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,13 +1,14 @@
---
title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
manager: aaroncz
+ms.technology: itpro-configure
---
# PowerShell cmdlets for provisioning Windows client (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index b203cd0294..ae5b559aae 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,13 +1,14 @@
---
title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
manager: aaroncz
+ms.technology: itpro-configure
---
# Use a script to install a desktop app in provisioning packages
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 553df87c89..2784db5f1e 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,13 +1,14 @@
---
title: Uninstall a provisioning package - reverted settings (Windows 10/11)
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
manager: aaroncz
+ms.technology: itpro-configure
---
# Settings changed when you uninstall a provisioning package
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 6490c7a003..beda72c25c 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -2,19 +2,19 @@
title: Set up a shared or guest Windows device
description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
ms.date: 10/15/2022
-ms.prod: windows
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-configure
ms.topic: reference
ms.localizationpriority: medium
author: paolomatarazzo
ms.author: paoloma
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.collection:
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows 11 SE
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows 11 SE
---
# Set up a shared or guest Windows device
@@ -25,7 +25,7 @@ appliesto:
|---|---|
|Shared PC mode | **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**: when enabled, **Shared PC mode** is turned on and different settings are configured in the local group policy object (LGPO). For a detailed list of settings enabled by Shared PC Mode in the LGPO, see the [Shared PC technical reference](shared-pc-technical.md#enablesharedpcmode-and-enablesharedpcmodewithonedrivesync). Try our Virtual Agent - It can help you quickly identify and fix common Windows Update issues
-
-The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
-
-## 0x8024402F
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. Try our Virtual Agent - It can help you quickly identify and fix common Windows Update issues
-
-If you run into problems when using Windows Update, start with the following steps:
-
-1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**.
-
-2. Install the most recent Servicing Stack Update that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates.
-
-3. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
-
- - [Windows 10, version 2004 and Windows Server, version 2004](https://support.microsoft.com/help/4555932)
- - [Windows 10, version 1909 and Windows Server, version 1909](https://support.microsoft.com/help/4529964)
- - [Windows 10, version 1903 and Windows Server, version 1903](https://support.microsoft.com/help/4498140)
- - [Windows 10, version 1809 and Windows Server 2019](https://support.microsoft.com/help/4464619/windows-10-update-history)
- - [Windows 10, version 1803](https://support.microsoft.com/help/4099479/windows-10-update-history)
- - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)
- - [Windows 10, version 1703](https://support.microsoft.com/help/4018124)
- - [Windows 10 and Windows Server 2016](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history)
- - [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470/windows-8-1-windows-server-2012-r2-update-history)
- - [Windows Server 2012](https://support.microsoft.com/help/4009471/windows-server-2012-update-history)
- - [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history)
-
-Advanced users can also refer to the [log](windows-update-logs.md) generated by Windows Update for further investigation.
-
-You might encounter the following scenarios when using Windows Update.
-
-## Why am I offered an older update?
-The update that is offered to a device depends on several factors. The following are some of the most common attributes:
-
-- OS Build
-- OS Branch
-- OS Locale
-- OS Architecture
-- Device update management configuration
-
-If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a deployment group, that your admin is intentionally slowing the rollout of updates. Since the deployment is slow and measured to begin with, all devices will not receive the update on the same day.
-
-## My device is frozen at scan. Why?
-The Settings UI communicates with the Update Orchestrator service that in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:
-
-1. Close the Settings app and reopen it.
-
-2. Start Services.msc and check if the following services are running:
-
- - Update State Orchestrator
- - Windows Update
-
-## Feature updates are not being offered while other updates are
-Devices running Windows 10, version 1709 through Windows 10, version 1803 that are [configured to update from Windows Update](#BKMK_DCAT) (including Windows Update for Business) are able to install servicing and definition updates but are never offered feature updates.
-
-Checking the WindowsUpdate.log reveals the following error:
-```console
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent * START * Finding updates CallerId = Update;taskhostw Id = 25
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Online = Yes; Interactive = No; AllowCachedResults = No; Ignore download priority = No
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent ServiceID = {855E8A7C-ECB4-4CA3-B045-1DFA50104289} Third party service
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Search Scope = {Current User}
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Caller SID for Applicability: S-1-12-1-2933642503-1247987907-1399130510-4207851353
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc Got 855E8A7C-ECB4-4CA3-B045-1DFA50104289 redir Client/Server URL: https://fe3.delivery.mp.microsoft.com/ClientWebService/client.asmx""
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc Token Requested with 0 category IDs.
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc GetUserTickets: No user tickets found. Returning WU_E_NO_USERTOKEN.
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method failed [AuthTicketHelper::GetDeviceTickets:570]
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method failed [AuthTicketHelper::GetDeviceTickets:570]
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] GetDeviceTickets
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method failed [AuthTicketHelper::AddTickets:1092]
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Method failed [CUpdateEndpointProvider::GenerateSecurityTokenWithAuthTickets:1587]
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] GetAgentTokenFromServer
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] GetAgentToken
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] EP:Call to GetEndpointToken
-YYYY/MM/DD HH:mm:ss:SSS PID TID Misc *FAILED* [80070426] Failed to obtain service 855E8A7C-ECB4-4CA3-B045-1DFA50104289 plugin Client/Server auth token of type 0x00000001
-YYYY/MM/DD HH:mm:ss:SSS PID TID ProtocolTalker *FAILED* [80070426] Method failed [CAgentProtocolTalkerContext::DetermineServiceEndpoint:377]
-YYYY/MM/DD HH:mm:ss:SSS PID TID ProtocolTalker *FAILED* [80070426] Initialization failed for Protocol Talker Context
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent Exit code = 0x80070426
-YYYY/MM/DD HH:mm:ss:SSS PID TID Agent * END * Finding updates CallerId = Update;taskhostw Id = 25
-```
-
-The 0x80070426 error code translates to:
-```console
-ERROR_SERVICE_NOT_ACTIVE - # The service has not been started.
-```
-
-Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: 855E8A7C-ECB4-4CA3-B045-1DFA50104289) relies on MSA to get the global device ID for the device. Without the MSA service running, the global device ID won't be generated and sent by the client and the search for feature updates never completes successfully.
-
-To resolve this issue, reset the MSA service to the default StartType of "manual."
-
-## Issues related to HTTP/Proxy
-Windows Update uses WinHttp with Partial Range requests (RFC 7233) to download updates and applications from Windows Update servers or on-premises WSUS servers. Therefore proxy servers on the network must support HTTP RANGE requests. If a proxy was configured in Internet Explorer (User level) but not in WinHTTP (System level), connections to Windows Update will fail.
-
-To fix this issue, configure a proxy in WinHTTP by using the following netsh command:
-
-```console
-netsh winhttp set proxy ProxyServerName:PortNumber
-```
-
->[!NOTE]
-> You can also import the proxy settings from Internet Explorer by using the following command: netsh winhttp import proxy source=ie
-
-If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_MISMATCH error, or if you notice high CPU usage while updates are downloading, check the proxy configuration to permit HTTP RANGE requests to run.
-
-You might choose to apply a rule to permit HTTP RANGE requests for the following URLs:
-
-`*.download.windowsupdate.com`
-`*.dl.delivery.mp.microsoft.com`
-`*.delivery.mp.microsoft.com`
-
-If you can't allow RANGE requests, you'll be downloading more content than needed in updates (as delta patching will not work).
-
-
-## The update is not applicable to your computer
-The most common reasons for this error are described in the following table:
-
-|Cause|Explanation|Resolution|
-|-----|-----------|----------|
-|Update is superseded|As updates for a component are released, the updated component will supersede an older component that is already on the system. When this occurs, the previous update is marked as superseded. If the update that you're trying to install already has a newer version of the payload on your system, you might receive this error message.|Check that the package that you are installing contains newer versions of the binaries. Or, check that the package is superseded by another new package. |
-|Update is already installed|If the update that you're trying to install was previously installed, for example, by another update that carried the same payload, you may encounter this error message.|Verify that the package that you are trying to install was not previously installed.|
-|Wrong update for architecture|Updates are published by CPU architecture. If the update that you're trying to install does not match the architecture for your CPU, you may encounter this error message. |Verify that the package that you're trying to install matches the Windows version that you are using. The Windows version information can be found in the "Applies To" section of the article for each update. For example, Windows Server 2012-only updates cannot be installed on Windows Server 2012 R2-based computers. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
-|0xC7700112|Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk.|This issue is resolved in the latest version of Upgrade Assistant. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.|
-|0x80190001|An unexpected error was encountered while attempting to download files required for upgrade.|To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10).|
-|0x80246007|The update wasn't downloaded successfully.|Attempt other methods of upgrading the operating system. Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/software-download/windows10). Attempt to upgrade using .ISO or USB. **Note:** Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).|
-|0x80244018|Your machine is connected through a proxy server.|Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).|
-|0xC1900201|The system didn't pass the minimum requirements to install the update.|Contact the hardware vendor to get the latest updates.|
-|0x80240017|The upgrade is unavailable for this edition of Windows.|Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator.|
-|0x80070020|The existing process can't access the file because it's being used by another process.|Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).|
-|0x80070522|The user doesn’t have required privilege or credentials to upgrade.|Ensure that you've signed in as a local administrator or have local administrator privileges.|
-|0xC1900107|A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.|Restart the device and run setup again. If restarting the device doesn't resolve the issue, then use the Disk Cleanup utility to clean up the temporary files and the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68).|
-|0xC1900209|The user has chosen to cancel because the system doesn't pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.|Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](/archive/blogs/mniehaus/windows-10-pre-upgrade-validation-using-setup-exe) for more information. You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.|
-|0x8007002|This error is specific to upgrades using Configuration Manager R2 SP1 CU3 (5.00.8238.1403)|Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760) The error 80072efe means that the connection with the server was terminated abnormally. To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.|
-|0x80240FFF|Occurs when update synchronization fails. It can occur when you're using Windows Server Update Services on its own or when it's integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.|You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following: For detailed information on how to run these steps check out How to delete upgrades in WSUS.|
-|0x8007007E|Occurs when update synchronization fails because you don't have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you're using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.|Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix. Stop the Windows Update service. Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore. Restart the Windows Update service.|
-
-## Other error codes
-
-| Error Codes | Cause | Mitigation |
-| --- | --- | --- |
-|0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-|0x8007025D - 0x2000C|This error occurs if the ISO file's metadata is corrupt or if there's an issue with the storage medium, such as a RAM module containing bad blocks during the installation of Windows.|Redownload the ISO/Media and reattempt the upgrade Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
-|0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-|0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide. Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).|
-|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements. Review logs for [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications).||
-|0x80070004 - 0x3000D|This is a problem with data migration during the first boot phase. There are multiple possible causes.|[Analyze log files](log-files.md#analyze-log-files) to determine the issue.|
-|0xC1900101 - 0x4001E|Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.|This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section.|
-|0x80070005 - 0x4000D|The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied.|
-|0x80070004 - 0x50012|Windows Setup failed to open a file.|[Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems.|
-|0xC190020e Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues
-
-If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process.
-
-> [!IMPORTANT]
-> Use the [SetupDiag](setupdiag.md) tool before you begin manually troubleshooting an upgrade error. SetupDiag automates log file analysis, detecting and reporting details on many different types of known upgrade issues.
-
-Briefly, the upgrade process consists of four phases that are controlled by [Windows Setup](/windows-hardware/manufacture/desktop/windows-setup-technical-reference): **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. Note: Progress is tracked in the registry during the upgrade process using the following key: **HKLM\System\Setup\mosetup\volatile\SetupProgress**. This key is volatile and only present during the upgrade process; it contains a binary value in the range 0-100.
-
-These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered.
-
-1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible.
-
-2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software.
-
- Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
-
- >[!TIP]
- >If you attempt to use the media creation tool with a USB drive and this fails with error 0x80004005 - 0xa001a, this is because the USB drive is using GPT partition style. The tool requires that you use MBR partition style. You can use the DISKPART command to convert the USB drive from GPT to MBR. For more information, see [Change a GUID Partition Table Disk into a Master Boot Record Disk](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725797(v=ws.11)).
-
- **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
-
- If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
-
- If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption.
-
-3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade.
-
-4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade.
-
-If the general troubleshooting techniques described above or the [quick fixes](quick-fixes.md) detailed below do not resolve your issue, you can attempt to analyze [log files](log-files.md) and interpret [upgrade error codes](upgrade-error-codes.md). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue.
-
-## The Windows 10 upgrade process
-
-The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings.
-
-When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase.
-
-1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered.
-
- 
-
-2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017.
-
- 
-
-3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D.
-
- 
-
-4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017.
-
- At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed.
-
- 
-
- 
-
- 
-
-5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015.
-
-**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
-
-:::image type="content" alt-text="Upgrade process." source="../images/upgrade-process.png" lightbox="../images/upgrade-process.png":::
-
-DU = Driver/device updates. For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans). For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
| Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network. For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
| Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join. At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements). Other device management prerequisites include: See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works. For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview). At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements). Other device management prerequisites include: See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works with Windows Autopatch. For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview). A TPM isn't required for BitLocker; however, only a computer with a TPM can provide the additional security of pre-startup system integrity verification and multifactor authentication.|
|BIOS configuration|
-[Network Monitor Filter Examples](https://blogs.technet.microsoft.com/rmilne/2016/08/11/network-monitor-filter-examples/)
-[Network Monitor Wireless Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1900.network-monitor-wireless-filtering.aspx)
-[Network Monitor TCP Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1134.network-monitor-tcp-filtering.aspx)
-[Network Monitor Conversation Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1829.network-monitor-conversation-filtering.aspx)
-[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
deleted file mode 100644
index 6a732b7a1d..0000000000
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ /dev/null
@@ -1,199 +0,0 @@
----
-title: Troubleshoot port exhaustion issues
-description: Learn how to troubleshoot port exhaustion issues. Port exhaustion occurs when all the ports on a machine are used.
-ms.prod: w10
-ms.topic: troubleshooting
-author: dansimp
-ms.localizationpriority: medium
-ms.author: dansimp
-ms.date: 02/07/2022
-ms.reviewer:
-manager: dansimp
-ms.collection: highpri
----
-
-# Troubleshoot port exhaustion issues
-
-TCP and UDP protocols work based on port numbers used for establishing connection. Any application or a service that needs to establish a TCP/UDP connection will require a port on its side.
-
-There are two types of ports:
-
-- *Ephemeral ports*, which are dynamic ports, are the set of ports that every machine by default will have them to make an outbound connection.
-- *Well-known ports* are the defined port for a particular application or service. For example, file server service is on port 445, HTTPS is 443, HTTP is 80, and RPC is 135. Custom application will also have their defined port numbers.
-
-When a connection is being established with an application or service, client devices use an ephemeral port from the device to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to `https://www.microsoft.com` on port 443.
-
-In a scenario where the same browser is creating many connections to multiple websites, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you'll notice that the connections will start to fail and one high possibility for this failure would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports on a machine are used, we term it as *port exhaustion*.
-
-## Default dynamic port range for TCP/IP
-
-To comply with [Internet Assigned Numbers Authority (IANA)](http://www.iana.org/assignments/port-numbers) recommendations, Microsoft has increased the dynamic client port range for outgoing connections. The new default start port is **49152**, and the new default end port is **65535**. This increase is a change from the configuration of earlier versions of Windows that used a default port range of **1025** through **5000**.
-
-You can view the dynamic port range on a computer by using the following netsh commands:
-
-- `netsh int ipv4 show dynamicport tcp`
-- `netsh int ipv4 show dynamicport udp`
-- `netsh int ipv6 show dynamicport tcp`
-- `netsh int ipv6 show dynamicport udp`
-
-
-The range is set separately for each transport (TCP or UDP). The port range is now a range that has a starting point and an ending point. Microsoft customers who deploy servers that are running Windows Server may have problems that affect RPC communication between servers if firewalls are used on the internal network. In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of **49152** through **65535**. This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows. The above command sets the dynamic port range for TCP.
-
-```console
-netsh int
XenServer: Use method 1, 2, 3, or 4. These methods are listed later in this section.|
-|A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.|
-
-### Method 1: Memory dump
-
-> [!IMPORTANT]
-> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/topic/how-to-back-up-and-restore-the-registry-in-windows-855140ad-e318-2a13-2829-d428a2ab0692) in case problems occur.
-
-A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.
-
-If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.
-
-> [!NOTE]
-> If you have a restart feature that's enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.
-
-1. Make sure that the computer is set up to get a complete memory dump file.
-
- 1. Go to **Run** and enter `Sysdm.cpl`, and then press enter.
-
- 1. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**. Select **Change** to check or change the virtual memory.
-
- 1. Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**.
-
- 1. In the **Write Debugging Information** section, select **Complete Memory Dump**.
-
- 1. Select **Overwrite any existing file**.
-
- 1. Make sure that there's a paging file (pagefile.sys) on the system drive and that it's at least 100 MB over the installed RAM (Initial and Maximum Size).
-
- 1. Make sure that there's more available space on the system drive than there's physical RAM.
-
-1. To allow the system to generate a dump file by using the keyboard, enable the `CrashOnCtrlScroll` registry value.
-
- 1. Open the Registry Editor, and then locate the following registry keys:
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
-
- 1. Create the following `CrashOnCtrlScroll` registry entry in the two registry keys:
-
- - **Value Name**: `CrashOnCtrlScroll`
- - **Data Type**: `REG_DWORD`
- - **Value**: `1`
-
- 1. Close the Registry Editor and restart the computer.
-
-1. On some physical computers running earlier versions of Windows, you may generate a nonmakeable interruption (NMI) from a web interface feature such as DRAC, iLo, or RSA. However, by default, this setting will stop the system without creating a memory dump.
-
- > [!NOTE]
- > For currently supported versions of Windows, the `NMICrashDump` registry key is no longer required. An NMI causes a [Stop error that follows a memory dump data collection](/troubleshoot/windows-client/performance/nmi-hardware-failure-error).
-
-1. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.
-
- > [!NOTE]
- > By default, the dump file is located in the following path: `%SystemRoot%\MEMORY.DMP`
-
-### Method 2: Data sanity check
-
-Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file. It can also verify that the file was created correctly and isn't corrupted or invalid.
-
-- [Using DumpChk](/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpChk](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
-
-Learn how to use Dumpchk.exe to check your dump files:
-
-> [!VIDEO https://www.youtube.com/embed/xN7tOfgNKag]
-
-### Method 3: Performance Monitor
-
-You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator:
-
-```command
-Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00
-```
-
-```command
-Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10
-```
-
-Then, you can start or stop the log by running the following commands:
-
-```command
-logman start LOGNAME_Long / LOGNAME_Short
-logman stop LOGNAME_Long / LOGNAME_Short
-```
-
-The Performance Monitor log is located in the path: `C:\PERFLOGS`
-
-### Other methods to collect data
-
-#### Use memory dump to collect data for the physical computer that's running in a frozen state
-
-> [!WARNING]
-> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/topic/how-to-back-up-and-restore-the-registry-in-windows-855140ad-e318-2a13-2829-d428a2ab0692) in case problems occur.
-
-If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump:
-
-1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network.
-
- > [!NOTE]
- > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.
-
- 1. Try to access the desktop of the computer by any means.
-
- > [!NOTE]
- > In case accessing the OS isn't possible, try to remotely access Registry Editor on the computer. You can then check the type of memory dump file and page file with which the computer is currently configured.
-
- 1. From a remote computer that's preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the affected computer, and verify the following settings:
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`
-
- Make sure that the [CrashDumpEnabled](/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump`
-
- On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management provider such as DRAC, iLo, and RSA.
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles`
-
- If the value of the **Pagefile** registry entry is system-managed, the size won't be reflected in the registry. For example, `?:\pagefile.sys)`
-
- If the page file is customized, the size will be reflected in the registry, such as `?:\pagefile.sys 1024 1124`. In this example, `1024` is the initial size and `1124` is the max size.
-
- > [!NOTE]
- > If the size isn't reflected in the Registry, try to access an administrative share where the page file is located. For example, `\\ServerName\C$`
-
- 1. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM.
-
- 1. Make sure that there's more free space on the hard disk drives of the computer than there's physical RAM.
-
-1. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard.
-
- 1. From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the affected computer and locate the following registry keys:
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
-
- - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
-
- 1. Create the following `CrashOnCtrlScroll` registry entry in the two registry keys:
-
- **Value Name**: `CrashOnCtrlScroll`
- **Data Type**: `REG_DWORD`
- **Value**: `1`
-
- 1. Close the Registry Editor and restart the computer.
-
-1. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.
-
- > [!NOTE]
- > By default, the dump file is located in the path: `%SystemRoot%\MEMORY.DMP`
-
-### Use Pool Monitor to collect data for the physical computer that is no longer frozen
-
-Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
-
-For more information, see [Using PoolMon to Find a Kernel-Mode Memory Leak](/windows-hardware/drivers/debugger/using-poolmon-to-find-a-kernel-mode-memory-leak) and [PoolMon Examples](/windows-hardware/drivers/devtest/poolmon-examples).
-
-### Use memory dump to collect data for the virtual machine that's running in a frozen state
-
-Use the one of the following methods for the application on which the virtual machine is running.
-
-#### Microsoft Hyper-V
-
-You can also use the built-in NMI feature through a [Debug-VM](/powershell/module/hyper-v/debug-vm) cmdlet to debug and get a memory dump.
-
-To debug the virtual machines on Hyper-V, run the following cmdlet in Windows PowerShell:
-
-```powershell
-Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname
-```
-
-#### VMware
-
-You can use VMware snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. Use VMware's [Checkpoint To Core Tool (vmss2core)](https://flings.vmware.com/vmss2core) to convert both suspend (`.vmss`) and snapshot (`.vmsn`) state files to a dump file. Then analyze the file by using the standard Windows debugging tools.
-
-#### Citrix XenServer
-
-The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination. For more information, see Method 1 of [How to Trigger a Memory Dump from a Windows Virtual Machine Running on XenServer](https://support.citrix.com/article/ctx123177) from Citrix.
-
-## Space limitations on the system drive in Windows Server
-
-On a Windows Server, you may not have enough free disk space to generate a complete memory dump file on the system volume.
-There's a second option if the system drive doesn't have sufficient space. You can use the DedicatedDumpFile registry entry. For more information, see [Configure the destination path for a memory dump](/windows-server/administration/server-core/server-core-memory-dump#step-2-configure-the-destination-path-for-a-memory-dump).
-
-For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](/archive/blogs/ntdebugging/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump).
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
deleted file mode 100644
index 6747a6a240..0000000000
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Advanced troubleshooting for Windows start-up issues
-description: Learn advanced options for how to troubleshoot common Windows start-up issues, like system crashes and freezes.
-ms.prod: w10
-ms.topic: troubleshooting
-author: dansimp
-ms.localizationpriority: medium
-ms.author: dansimp
-ms.date: 2/3/2020
-ms.reviewer:
-manager: dansimp
----
-
-# Advanced troubleshooting for Windows start-up issues
-
-
|
| Account management | **EnableAccountManager**: when enabled, automatic account management is turned on. The following settings define the behavior of *account manager*:
For more information, see the [Shared PC CSP documentation][WIN-3].
**AccountModel**: this option controls which types of users can sign-in to the device, and can be used to enable the Guest and Kiosk accounts. For more information, see the [Shared PC CSP documentation][WIN-3].
**KioskModeAUMID**: configures an application (referred as Application User Model ID - AUMID) to automatically execute when the kiosk account is used to sign in. A new account will be created and will use assigned access to only run the app specified by the AUMID. [Find the Application User Model ID of an installed app][WIN-7].
**KioskModeUserTileDisplayText**: sets the display text on the kiosk account if **KioskModeAUMID** has been set.|
-| Advanced customizations | **SetEduPolicies**: when enabled, specific settings designed for education devices are configured in the LGPO. For a detailed list of settings enabled by SetEduPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy).
**SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the LGPO. For a detailed list of settings enabled by SetPowerPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies).
**SleepTimeout**: specifies all timeouts for when the PC should sleep.
**SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep.
**MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update or Search indexing) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For a detailed list of settings enabled by MaintenanceStartTime, see [Shared PC technical reference](shared-pc-technical.md#maintenancestarttime).
**MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.
**RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.
|
+| Advanced customizations | **SetEduPolicies**: when enabled, specific settings designed for education devices are configured in the LGPO. For a detailed list of settings enabled by SetEduPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy).
**SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the LGPO. For a detailed list of settings enabled by SetPowerPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies).
**SleepTimeout**: specifies all timeouts for when the PC should sleep.
**SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep.
**MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update or Search indexing) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For a detailed list of settings enabled by MaintenanceStartTime, see [Shared PC technical reference](shared-pc-technical.md#maintenancestarttime).
**MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.
**RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.
|
## Configure Shared PC
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index 572cd93eff..b5761ada29 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -4,11 +4,12 @@ description: A single-use device such as a digital sign is easy to set up in Win
ms.reviewer: sybruckm
manager: aaroncz
ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.date: 09/20/2021
ms.topic: article
+ms.technology: itpro-configure
---
# Set up digital signs on Windows 10/11
diff --git a/windows/configuration/shared-devices-concepts.md b/windows/configuration/shared-devices-concepts.md
index 7f041e6b09..19e203f23c 100644
--- a/windows/configuration/shared-devices-concepts.md
+++ b/windows/configuration/shared-devices-concepts.md
@@ -2,19 +2,19 @@
title: Manage multi-user and guest Windows devices
description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
ms.date: 10/15/2022
-ms.prod: windows
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-configure
ms.topic: conceptual
ms.localizationpriority: medium
author: paolomatarazzo
ms.author: paoloma
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.collection:
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows 11 SE
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows 11 SE
---
# Manage multi-user and guest Windows devices with Shared PC
diff --git a/windows/configuration/shared-pc-technical.md b/windows/configuration/shared-pc-technical.md
index 2126265a32..a84ff0f030 100644
--- a/windows/configuration/shared-pc-technical.md
+++ b/windows/configuration/shared-pc-technical.md
@@ -2,19 +2,19 @@
title: Shared PC technical reference
description: List of policies and settings applied by the Shared PC options.
ms.date: 10/15/2022
-ms.prod: windows
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-configure
ms.topic: reference
ms.localizationpriority: medium
author: paolomatarazzo
ms.author: paoloma
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.collection:
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows 11 SE
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows 11 SE
---
# Shared PC technical reference
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 28d3a28707..4c0756d5ac 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -1,7 +1,7 @@
---
title: Troubleshoot Start menu errors
description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
-ms.prod: w10
+ms.prod: windows-client
ms.author: lizlong
author: lizgt2000
ms.localizationpriority: medium
@@ -9,6 +9,7 @@ ms.reviewer:
manager: aaroncz
ms.topic: troubleshooting
ms.collection: highpri
+ms.technology: itpro-configure
---
# Troubleshoot Start menu errors
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index 4d719d63a3..f97693d0be 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -1,7 +1,7 @@
---
title: Start layout XML for desktop editions of Windows 10 (Windows 10)
description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
@@ -10,6 +10,7 @@ ms.reviewer:
manager: aaroncz
ms.localizationpriority: medium
ms.collection: highpri
+ms.technology: itpro-configure
---
# Start layout XML for desktop editions of Windows 10 (reference)
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 23f838107a..e0f187ed40 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -1,13 +1,14 @@
---
title: Add image for secondary Microsoft Edge tiles (Windows 10)
description: Add app tiles on Windows 10 that's a secondary tile.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.reviewer:
manager: aaroncz
+ms.technology: itpro-configure
---
# Add image for secondary Microsoft Edge tiles
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index 03338078f4..db9259cab0 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -3,13 +3,14 @@ title: Configure access to Microsoft Store (Windows 10)
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
ms.reviewer:
manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 4/16/2018
ms.collection: highpri
+ms.technology: itpro-configure
---
# Configure access to Microsoft Store
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 4f791b62a0..4aa5814b85 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -4,7 +4,7 @@ description: See a list of the Policy CSP - Start items that are supported on Wi
manager: aaroncz
ms.author: lizlong
ms.reviewer: ericpapa
-ms.prod: w11
+ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index da0f246bc9..d5549aedf8 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -4,7 +4,7 @@ description: See a list of the Policy CSP - Start items that are supported on Wi
manager: aaroncz
ms.author: lizlong
ms.reviewer: chataylo
-ms.prod: w11
+ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 4f970289fa..b72c7c7f8d 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -2,12 +2,13 @@
title: Administering UE-V with Windows PowerShell and WMI
description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Administering UE-V with Windows PowerShell and WMI
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 0a76ddcdb0..ba28b638f1 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -2,12 +2,13 @@
title: Administering UE-V
description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Administering UE-V
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 3a98106d0c..e33519a625 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -2,12 +2,13 @@
title: Application Template Schema Reference for UE-V
description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Application Template Schema Reference for UE-V
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index f9a1b5f123..627c8b1414 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -2,12 +2,13 @@
title: Changing the Frequency of UE-V Scheduled Tasks
description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Changing the Frequency of UE-V Scheduled Tasks
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 249336440f..9367276244 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -2,12 +2,13 @@
title: Configuring UE-V with Group Policy Objects
description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Configuring UE-V with Group Policy Objects
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index 4377246f93..9c532cfd43 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,13 +1,14 @@
---
title: Configuring UE-V with Microsoft Endpoint Configuration Manager
-description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
+description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Configuring UE-V with Microsoft Endpoint Manager
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index efe3834122..608cf5454f 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -2,12 +2,13 @@
title: Deploy required UE-V features
description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example, a network share that stores and retrieves user settings.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Deploy required UE-V features
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 883ee35328..79d36471a0 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -2,12 +2,13 @@
title: Use UE-V with custom applications
description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Use UE-V with custom applications
diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md
index 75fab30ab1..8eb556d6e4 100644
--- a/windows/configuration/ue-v/uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-for-windows.md
@@ -2,12 +2,13 @@
title: User Experience Virtualization for Windows 10, version 1607
description: Overview of User Experience Virtualization for Windows 10, version 1607
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 05/02/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# User Experience Virtualization (UE-V) for Windows 10 overview
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 39bbfe1418..373021f144 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -2,7 +2,7 @@
title: Get Started with UE-V
description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 03/08/2018
ms.reviewer:
manager: dougeby
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 60b4b6dd82..9f62707fab 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -2,12 +2,13 @@
title: Manage Administrative Backup and Restore in UE-V
description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Manage Administrative Backup and Restore in UE-V
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index a8f2d63d6f..7bc1cfe1cd 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -2,12 +2,13 @@
title: Manage Configurations for UE-V
description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Manage Configurations for UE-V
diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index ba5bebadea..1ec2b72325 100644
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -2,12 +2,13 @@
title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index b6ebd53d9d..f6f4e14585 100644
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -2,12 +2,13 @@
title: Manage UE-V Service and Packages with Windows PowerShell and WMI
description: Managing the UE-V service and packages with Windows PowerShell and WMI
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Managing the UE-V service and packages with Windows PowerShell and WMI
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 2716fc1659..39539183ca 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -2,12 +2,13 @@
title: Migrating UE-V settings packages
description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Migrating UE-V settings packages
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index f44d3f47be..0f6369634f 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -2,12 +2,13 @@
title: Prepare a UE-V Deployment
description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Prepare a UE-V Deployment
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 743b218e4a..b68e1eb3fe 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -2,12 +2,13 @@
title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# User Experience Virtualization (UE-V) Release Notes
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index d6c504b837..4029c2a043 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -2,12 +2,13 @@
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Security Considerations for UE-V
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 0bfc613f89..ddd0e4181c 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -2,12 +2,13 @@
title: Sync Methods for UE-V
description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Sync Methods for UE-V
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index a396907df5..6ffa1e76ff 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -2,12 +2,13 @@
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Sync Trigger Events for UE-V
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index 56ff1970cc..20bedf9737 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -2,12 +2,13 @@
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Synchronizing Office with UE-V
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index f5a9059d3e..1050b221b6 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -2,12 +2,13 @@
title: Technical Reference for UE-V
description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Technical Reference for UE-V
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index 3bf804b17d..d5be7f7710 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -2,12 +2,13 @@
title: Troubleshooting UE-V
description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Troubleshooting UE-V
diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
index 226fe3c440..5f5127f7ea 100644
--- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
@@ -2,12 +2,13 @@
title: Upgrade to UE-V for Windows 10
description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Upgrade to UE-V for Windows 10
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index 0396b91e54..951c1b4ff0 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -2,12 +2,13 @@
title: Using UE-V with Application Virtualization applications
description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index a0b47df0de..facd3330f3 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -2,12 +2,13 @@
title: What's New in UE-V for Windows 10, version 1607
description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# What's new in UE-V
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index f857c6ac20..0eaaa0f658 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -2,12 +2,13 @@
title: Working with Custom UE-V Templates and the UE-V Template Generator
description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/19/2017
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index 98aa47fcb1..2e7840f541 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -1,7 +1,7 @@
---
title: AccountManagement (Windows 10)
description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# AccountManagement (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 0186f5e66f..43031314a1 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -1,7 +1,7 @@
---
title: Accounts (Windows 10)
description: This section describes the account settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Accounts (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index 80e83844b0..b393f8b184 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -1,7 +1,7 @@
---
title: ADMXIngestion (Windows 10)
description: This section describes the ADMXIngestion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# ADMXIngestion (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index f7c184e359..be108dc758 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -1,7 +1,7 @@
---
title: AssignedAccess (Windows 10)
description: This section describes the AssignedAccess setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# AssignedAccess (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index df8f60051d..37887f4c3d 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -1,7 +1,7 @@
---
title: Browser (Windows 10)
description: This section describes the Browser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Browser (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index f2f39286c3..af88e9f060 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -1,7 +1,7 @@
---
title: CellCore (Windows 10)
description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# CellCore (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index d0a091f53f..0f7cbab6bd 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -3,11 +3,12 @@ title: Cellular (Windows 10)
ms.reviewer:
manager: dougeby
description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Cellular (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index 02b779a5db..0fac2bb393 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -1,7 +1,7 @@
---
title: Certificates (Windows 10)
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Certificates (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index 7fae1e2c06..b826e3cbbe 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -3,11 +3,12 @@ title: Changes to settings in Windows Configuration Designer (Windows 10)
ms.reviewer:
manager: dougeby
description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Changes to settings in Windows Configuration Designer
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index fdcbf1dd2a..7c9b872efe 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -1,7 +1,7 @@
---
title: CleanPC (Windows 10)
description: This section describes the CleanPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# CleanPC (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index 4468f64eee..e8fb9cfb34 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -1,7 +1,7 @@
---
title: Connections (Windows 10)
description: This section describes the Connections settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Connections (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 21f4e49131..1692de1889 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -1,7 +1,7 @@
---
title: ConnectivityProfiles (Windows 10)
description: This section describes the ConnectivityProfile settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# ConnectivityProfiles (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index 2d326165c7..e008f9285f 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -1,7 +1,7 @@
---
title: CountryAndRegion (Windows 10)
description: This section describes the CountryAndRegion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# CountryAndRegion (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index dccfa2bfd8..4c51c6e3ef 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -1,7 +1,7 @@
---
title: DesktopBackgroundAndColors (Windows 10)
description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/21/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# DesktopBackgroundAndColors (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 62715da105..496b0b07bd 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -1,7 +1,7 @@
---
title: DeveloperSetup (Windows 10)
description: This section describes the DeveloperSetup settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# DeveloperSetup (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index a643a6b0f5..be7bfcda42 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -1,7 +1,7 @@
---
title: DeviceFormFactor (Windows 10)
description: This section describes the DeviceFormFactor setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# DeviceFormFactor (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 0eba4cd0e2..b7f1546197 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -1,7 +1,7 @@
---
title: DeviceManagement (Windows 10)
description: This section describes the DeviceManagement setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# DeviceManagement (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 83bb19007c..716237d02e 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -1,12 +1,13 @@
---
title: DeviceUpdateCenter (Windows 10)
description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-configure
---
# DeviceUpdateCenter (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index 1154e1643c..7c7fe21043 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -1,7 +1,7 @@
---
title: DMClient (Windows 10)
description: This section describes the DMClient setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# DMClient (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 114234aa5d..c2261d1d6c 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -1,7 +1,7 @@
---
title: EditionUpgrade (Windows 10)
description: This section describes the EditionUpgrade settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# EditionUpgrade (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index a31d1cddcb..ed8813b347 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -1,7 +1,7 @@
---
title: FirewallConfiguration (Windows 10)
description: This section describes the FirewallConfiguration setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# FirewallConfiguration (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index 2f607deb18..317e860a92 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -1,7 +1,7 @@
---
title: FirstExperience
description: This section describes the FirstExperience settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 08/08/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# FirstExperience (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index e45a67e31a..d65f38e718 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -1,7 +1,7 @@
---
title: Folders (Windows 10)
description: This section describes the Folders settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Folders (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index db0317ff32..6e0bfbe99c 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -1,7 +1,7 @@
---
title: HotSpot (Windows 10)
description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 12/18/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# HotSpot (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index 0f38069d39..d1904f8a39 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -1,7 +1,7 @@
---
title: KioskBrowser (Windows 10)
description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# KioskBrowser (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index 5e1385d91a..7308c531a1 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -1,7 +1,7 @@
---
title: Licensing (Windows 10)
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Licensing (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index 65d0cf04b9..fe920d9f7c 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -1,13 +1,14 @@
---
title: Location (Windows 10)
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Location (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index fa05e3ac5d..1f30e55191 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -1,13 +1,14 @@
---
title: Maps (Windows 10)
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Maps (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 4d50550dee..92226ac222 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -1,13 +1,14 @@
---
title: NetworkProxy (Windows 10)
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# NetworkProxy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 46d1804745..84d67d3ede 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -1,13 +1,14 @@
---
title: NetworkQoSPolicy (Windows 10)
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# NetworkQoSPolicy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index f885d27c0e..589cf36452 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -3,11 +3,12 @@ title: OOBE (Windows 10)
ms.reviewer:
manager: dougeby
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# OOBE (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index ecd6a488c9..69693eeb45 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -1,13 +1,14 @@
---
title: Personalization (Windows 10)
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Personalization (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 59377ff9bc..c76f9e2459 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -3,11 +3,12 @@ title: Policies (Windows 10)
ms.reviewer:
manager: dougeby
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# Policies (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 827c8bad55..73836d589b 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -1,12 +1,13 @@
---
title: Privacy (Windows 10)
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-configure
---
# Privacy (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index fe6ca80426..1015406211 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -1,7 +1,7 @@
---
title: ProvisioningCommands (Windows 10)
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# ProvisioningCommands (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index c132d4bdc1..f0574a44c2 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -1,7 +1,7 @@
---
title: SharedPC
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 10/16/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# SharedPC (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index c3e15932b1..5f29ebedfd 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -1,7 +1,7 @@
---
title: SMISettings (Windows 10)
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 03/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# SMISettings (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index 04bbf138fd..098c9bbb9c 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -1,7 +1,7 @@
---
title: Start (Windows 10)
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Start (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index ad8220553a..7ebe657816 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -1,7 +1,7 @@
---
title: StartupApp (Windows 10)
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# StartupApp (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index dba45f6c55..0ef9b010e5 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -1,7 +1,7 @@
---
title: StartupBackgroundTasks (Windows 10)
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# StartupBackgroundTasks (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 83269cd2b6..6a133d5a59 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -1,12 +1,13 @@
---
title: StorageD3InModernStandby (Windows 10)
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
manager: dougeby
+ms.technology: itpro-configure
---
# StorageD3InModernStandby (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index 5e2b059925..12bd766d54 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -1,7 +1,7 @@
---
title: SurfaceHubManagement (Windows 10)
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# SurfaceHubManagement (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 7c8c7a37e3..15758077ad 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -1,7 +1,7 @@
---
title: TabletMode (Windows 10)
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# TabletMode (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index b4843fdb7b..1def53b033 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -1,7 +1,7 @@
---
title: TakeATest (Windows 10)
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# TakeATest (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index c2a766d169..f7017ef138 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -1,12 +1,13 @@
---
title: Time (Windows 10)
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-configure
---
# Time
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 8c8c8648db..d402e1ceb6 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -1,13 +1,14 @@
---
title: UnifiedWriteFilter (Windows 10)
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# UnifiedWriteFilter (reference)
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index f62e4299e3..cb622f51e2 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -1,13 +1,14 @@
---
title: UniversalAppInstall (Windows 10)
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# UniversalAppInstall (reference)
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 690bfc3ea4..45e82deba6 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -1,13 +1,14 @@
---
title: UniversalAppUninstall (Windows 10)
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# UniversalAppUninstall (reference)
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 1c9909507e..de2cdfc24b 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -1,13 +1,14 @@
---
title: UsbErrorsOEMOverride (Windows 10)
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# UsbErrorsOEMOverride (reference)
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 676df2efed..dfd1c1ee93 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -1,13 +1,14 @@
---
title: WeakCharger (Windows 10)
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# WeakCharger (reference)
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index f42e48ac49..5abe841a5c 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -1,13 +1,14 @@
---
title: WindowsHelloForBusiness (Windows 10)
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 51e2f55a43..9255158400 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -1,13 +1,14 @@
---
title: WindowsTeamSettings (Windows 10)
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# WindowsTeamSettings (reference)
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 2709497450..c6df66ef0f 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -3,11 +3,12 @@ title: WLAN (Windows 10)
ms.reviewer:
manager: dougeby
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-configure
---
# WLAN (reference)
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index ee8d4e0bc6..2055154e19 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -1,7 +1,7 @@
---
title: Workplace (Windows 10)
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Workplace (reference)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 6fb2f329ca..0cd1afaa90 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -1,13 +1,14 @@
---
title: Windows Configuration Designer provisioning settings (Windows 10)
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.reviewer:
manager: dougeby
+ms.technology: itpro-configure
---
# Windows Configuration Designer provisioning settings (reference)
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 11028a1ef0..eec297b628 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -3,13 +3,14 @@ title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
ms.reviewer:
manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/05/2021
ms.collection: highpri
+ms.technology: itpro-configure
---
# Customize the Start menu and taskbar layout on Windows 10 and later devices
diff --git a/windows/configuration/windows-accessibility-for-ITPros.md b/windows/configuration/windows-accessibility-for-ITPros.md
index cbd0e23756..e019375c50 100644
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-accessibility-for-ITPros.md
@@ -10,9 +10,9 @@ manager: aaroncz
ms.localizationpriority: medium
ms.date: 09/20/2022
ms.topic: reference
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Accessibility information for IT professionals
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index fcf7dec824..b9bfa40f0f 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -3,13 +3,14 @@ title: Configure Windows Spotlight on the lock screen (Windows 10)
description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen.
ms.reviewer:
manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/30/2018
ms.collection: highpri
+ms.technology: itpro-configure
---
# Configure Windows Spotlight on the lock screen
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index be27ffd69f..c89317ccc0 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -276,31 +276,31 @@
- name: Resolve Windows client upgrade errors
href: upgrade/resolve-windows-10-upgrade-errors.md
- name: Quick fixes
- href: upgrade/quick-fixes.md
+ href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: SetupDiag
href: upgrade/setupdiag.md
- name: Troubleshooting upgrade errors
- href: upgrade/troubleshoot-upgrade-errors.md
+ href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows error reporting
href: upgrade/windows-error-reporting.md
- name: Upgrade error codes
- href: upgrade/upgrade-error-codes.md
+ href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Log files
href: upgrade/log-files.md
- name: Resolution procedures
- href: upgrade/resolution-procedures.md
+ href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Submit Windows client upgrade errors
href: upgrade/submit-errors.md
- name: Troubleshoot Windows Update
items:
- name: How to troubleshoot Windows Update
- href: update/windows-update-troubleshooting.md
+ href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Opt out of safeguard holds
href: update/safeguard-opt-out.md
- name: Determine the source of Windows Updates
href: ./update/how-windows-update-works.md
- name: Common Windows Update errors
- href: update/windows-update-errors.md
+ href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
- name: Windows Update error code reference
href: update/windows-update-error-reference.md
- name: Troubleshoot the Windows Update for Business deployment service
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index 1b7ef3ad3b..48390d04f2 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -1,7 +1,7 @@
---
title: Windows Autopilot EULA dismissal – important information
description: A notice about EULA dismissal through Windows Autopilot
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 08/22/2017
author: aczechowski
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index ba83569cc0..390625d732 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -1,7 +1,7 @@
---
title: Add Microsoft Store for Business applications to a Windows 10 image
description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
diff --git a/windows/deployment/breadcrumb/toc.yml b/windows/deployment/breadcrumb/toc.yml
new file mode 100644
index 0000000000..a43252b7e8
--- /dev/null
+++ b/windows/deployment/breadcrumb/toc.yml
@@ -0,0 +1,12 @@
+items:
+- name: Learn
+ tocHref: /
+ topicHref: /
+ items:
+ - name: Windows
+ tocHref: /troubleshoot/windows-client/
+ topicHref: /windows/resources/
+ items:
+ - name: Deployment
+ tocHref: /troubleshoot/windows-client/deployment/
+ topicHref: /windows/deployment/
\ No newline at end of file
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index a4360e4aa4..927d09cf54 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,7 +1,7 @@
---
title: Configure a PXE server to load Windows PE (Windows 10)
-description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
-ms.prod: w10
+description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
manager: dougeby
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index f06c1107d1..30f4d98b48 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -9,9 +9,9 @@ ms.technology: itpro-deploy
ms.localizationpriority: medium
ms.topic: how-to
ms.collection: highpri
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Deploy Windows Enterprise licenses
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index 778cc5f140..0cc0e0574d 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -4,7 +4,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index 55f1a653a6..19b303e0b4 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -4,7 +4,7 @@ manager: dougeby
ms.author: aaroncz
description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
ms.localizationpriority: medium
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index af75531621..6836f336bb 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Operating system images are typically the production image used for
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Add a Windows 10 operating system image using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 1d57288f6f..cc5a8040ad 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to configure the Windows Preinstallation Environment (Win
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index fb7aae6b8e..337c328493 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to create custom Windows Preinstallation Environment (Win
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index f846694f35..7780379c78 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -4,10 +4,11 @@ description: Create a Configuration Manager task sequence with Microsoft Deploym
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Create a task sequence with Configuration Manager and MDT
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 102b3ae2d6..382ccfcfa3 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -5,10 +5,11 @@ ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Create an application to deploy with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 253e63190e..5cae6b7635 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -4,11 +4,12 @@ description: In this topic, you'll learn how to deploy Windows 10 using Microsof
ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Deploy Windows 10 using PXE and Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 3984e65a9b..cd56ad9b66 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: This article provides a walk-through to finalize the configuration
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 02c1c8a43b..54c4a707ea 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -4,10 +4,11 @@ description: Learn how to prepare a Zero Touch Installation of Windows 10 with C
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: how-to
+ms.technology: itpro-deploy
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 41822baf59..d8969c0190 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to use Configuration Manager and Microsoft Deployment Too
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 4d0bcca63b..8dbbb5bb98 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,11 +5,12 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 5d6a936a26..f410e7a5c1 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to perform an in-place upgrade to Windows 10 by automatin
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index 15fb8922d8..a3b15273f2 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -4,10 +4,11 @@ description: This topic will show you how to add applications to a role in the M
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Assign applications using roles in MDT
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index ccf4df0e57..1048b64218 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -5,10 +5,11 @@ ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Build a distributed environment for Windows 10 deployment
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index fe96dcd42b..e9f56b8a9b 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -4,10 +4,11 @@ description: Learn how to configure the MDT rules engine to reach out to other r
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Configure MDT deployment share rules
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 821329ba18..4e16c79434 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -4,10 +4,11 @@ description: In this topic, you will learn how to configure the MDT rules engine
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Configure MDT for UserExit scripts
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index 8c0ba8179d..fd4be32da5 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -5,10 +5,11 @@ ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Configure MDT settings
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 1f482f177d..7c243c3189 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -4,10 +4,11 @@ description: Creating a reference image is important because that image serves a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Create a Windows 10 reference image
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 90deeb5238..676ab64e15 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -4,10 +4,11 @@ description: This topic will show you how to take your reference image for Windo
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Deploy a Windows 10 image using MDT
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index 9667f4a047..262105eb5b 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -4,10 +4,11 @@ description: This topic will help you gain a better understanding of how to use
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Get started with MDT
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index e691b3677b..faeef67282 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -4,10 +4,11 @@ description: This topic will walk you through the steps necessary to create the
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Prepare for deployment with MDT
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index 356ba70dcc..59a8fd98f4 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -4,10 +4,11 @@ description: This topic will show you how to use MDT Lite Touch Installation (LT
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Refresh a Windows 7 computer with Windows 10
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 30ca655b46..9df180c66e 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -5,10 +5,11 @@ ms.custom: seo-marvel-apr2020
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Replace a Windows 7 computer with a Windows 10 computer
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index e2976790e7..c2bac58b70 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -4,11 +4,12 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-mar2020
+ms.technology: itpro-deploy
---
# Set up MDT for BitLocker
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index 3b225896bf..34585abaf6 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -4,10 +4,11 @@ description: This topic will walk you through the process of creating a simulate
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Simulate a Windows 10 deployment in a test environment
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 4f1b8456b8..57e775f8a9 100644
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -4,10 +4,11 @@ description: The simplest path to upgrade PCs that are currently running Windows
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Perform an in-place upgrade to Windows 10 with MDT
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index 12cf171f4d..d705a88376 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -4,10 +4,11 @@ description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Use Orchestrator runbooks with MDT
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 33cc3b4d4b..bb95e708ec 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -4,10 +4,11 @@ description: Learn how to use the MDT database to pre-stage information on your
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Use the MDT database to stage Windows 10 deployment information
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index 2f427ac529..e60ed99985 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -4,10 +4,11 @@ description: Learn how to create a simple web service that generates computer na
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Use web services in MDT
diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md
index 3f3f880cc0..61ec1640e1 100644
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: dougeby
author: aczechowski
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.topic: article
ms.custom: seo-marvel-apr2020
---
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index 8463fd9abd..0f6da37406 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: dougeby
author: aczechowski
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.topic: article
ms.custom: seo-marvel-apr2020
diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index 984e7fd026..98615239e4 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -2,10 +2,10 @@
title: Delivery Optimization and Microsoft Connected Cache content endpoints
description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache.
ms.date: 07/26/2022
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: reference
-ms.localizationpriority: medium
+ms.localizationpriority: medium
author: cmknox
ms.author: carmenf
ms.reviewer: mstewart
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index 15bd6957d3..de59da66d7 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -2,12 +2,13 @@
title: Using a proxy with Delivery Optimization
manager: dansimp
description: Settings to use with various proxy configurations to allow Delivery Optimization to work
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
ms.collection: M365-modern-desktop
ms.topic: article
+ms.technology: itpro-updates
---
# Using a proxy with Delivery Optimization
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index 0edb9f9ba1..e5513df9f2 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -2,12 +2,13 @@
title: Delivery Optimization client-service communication explained
manager: dougeby
description: Details of how Delivery Optimization communicates with the server when content is requested to download.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
ms.collection: M365-modern-desktop
ms.topic: article
+ms.technology: itpro-updates
---
# Delivery Optimization client-service communication explained
diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md
new file mode 100644
index 0000000000..cc068f97a0
--- /dev/null
+++ b/windows/deployment/do/mcc-enterprise.md
@@ -0,0 +1,545 @@
+---
+title: Microsoft Connected Cache for Enterprise and Education (private preview)
+manager: dougeby
+description: Details on Microsoft Connected Cache (MCC) for Enterprise and Education.
+ms.prod: windows-client
+author: carmenf
+ms.localizationpriority: medium
+ms.author: carmenf
+ms.collection: M365-modern-desktop
+ms.topic: article
+ms.technology: itpro-updates
+---
+
+# Microsoft Connected Cache for Enterprise and Education (private preview)
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+## Overview
+
+> [!IMPORTANT]
+> Microsoft Connected Cache is currently a private preview feature. During this phase we invite customers to take part in early access for testing purposes. This phase does not include formal support, and should not be used for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying a client policy using your management tool, such as [Intune](/mem/intune/).
+
+MCC is a hybrid (a mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module; it's a Docker compatible Linux container that is deployed to your Windows devices. IoT Edge for Linux on Windows (EFLOW) was chosen because it's a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS.
+
+Even though your MCC scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container, deployment, and management infrastructure. The Azure IoT Edge runtime sits on your designated MCC device and performs management and communication operations. The runtime performs the following important functions to manage MCC on your edge device:
+
+1. Installs and updates MCC on your edge device.
+2. Maintains Azure IoT Edge security standards on your edge device.
+3. Ensures that MCC is always running.
+4. Reports MCC health and usage to the cloud for remote monitoring.
+
+To deploy a functional MCC to your device, you must obtain the necessary keys that will provision the Connected Cache instance to communicate with Delivery Optimization services and enable the device to cache and deliver content. See [figure 1](#fig1) below for a summary of the architecture of MCC, built using IoT Edge.
+
+For more information about Azure IoT Edge, see [What is Azure IoT Edge](/azure/iot-edge/about-iot-edge).
+
+## How MCC works
+
+The following steps describe how MCC is provisioned and used.
+
+1. The Azure Management Portal is used to create MCC nodes.
+2. The MCC container is deployed and provisioned to a server using the installer provided in the portal.
+3. Client policy is configured in your management solution to point to the IP address or FQDN of the cache server.
+4. Microsoft end-user devices make range requests for content from the MCC node.
+5. An MCC node pulls content from the CDN, seeds its local cache stored on disk, and delivers content to the client.
+6. Subsequent requests from end-user devices for content come from the cache.
+
+If an MCC node is unavailable, the client will pull content from CDN to ensure uninterrupted service for your subscribers.
+
+
+
+
+
+Figure 1: **MCC processes**. Each number in the diagram corresponds to the steps described above.
+
+
+## Enterprise requirements for MCC
+
+1. **Azure subscription**: MCC management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services.
+
+ Your Azure subscription ID is first used to provision MCC services, and enable access to the preview. The MCC server requirement for an Azure subscription will cost you nothing. If you do not have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/).
+
+ The resources used for the preview and in the future when this product is ready for production will be completely free to you, like other caching solutions.
+
+2. **Hardware to host MCC**: The recommended configuration will serve approximately 35000 managed devices, downloading a 2GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
+
+ **EFLOW Requires Hyper-V support**
+ - On Windows client, enable the Hyper-V feature
+ - On Windows Server, install the Hyper-V role and create a default network switch
+
+ Disk recommendations:
+ - Using an SSD is recommended as cache read speed of SSD is superior to HDD
+
+ NIC requirements:
+ - Multiple NICs on a single MCC instance aren't supported.
+ - 1 Gbps NIC is the minimum speed recommended but any NIC is supported.
+ - For best performance, NIC and BIOS should support SR-IOV
+
+ VM networking:
+ - An external virtual switch to support outbound and inbound network communication (created during the installation process)
+
+### Sizing recommendations
+
+| Component | Branch Office / Small Enterprise | Large Enterprise |
+| -- | --- | --- |
+| OS| Windows Server 2019*/2022
Windows 10*/11 (Pro or Enterprise) with Hyper-V Support
* Windows 10 and Windows Server 2019 build 17763 or later | Same |
+|NIC | 1 Gbps | 5 Gbps |
+|Disk | SSD
1 drive
50GB each |SSD
1 drive
200GB each |
+|Memory | 4GB | 8GB |
+|Cores | 4 | 8 |
+
+## Steps to deploy MCC
+
+To deploy MCC to your server:
+
+1. [Provide Microsoft with the Azure subscription ID](#provide-microsoft-with-the-azure-subscription-id)
+2. [Create the MCC Resource in Azure](#create-the-mcc-resource-in-azure)
+3. [Create an MCC Node](#create-an-mcc-node-in-azure)
+4. [Edit Cache Node Information](#edit-cache-node-information)
+5. [Install MCC on a physical server or VM](#install-mcc-on-windows)
+6. [Verify proper functioning MCC server](#verify-proper-functioning-mcc-server)
+7. [Review common Issues](#common-issues) if needed.
+
+For questions regarding these instructions contact [msconnectedcache@microsoft.com](mailto:msconnectedcache@microsoft.com)
+
+### Provide Microsoft with the Azure Subscription ID
+
+As part of the MCC preview onboarding process an Azure subscription ID must be provided to Microsoft.
+
+> [!IMPORTANT]
+> [Take this survey](https://aka.ms/MSConnectedCacheSignup) and provide your Azure subscription ID and contact information to be added to the allowlist for this preview. You will not be able to proceed if you skip this step.
+
+For information about creating or locating your subscription ID, see [Steps to obtain an Azure Subscription ID](#steps-to-obtain-an-azure-subscription-id).
+
+### Create the MCC resource in Azure
+
+The MCC Azure management portal is used to create and manage MCC nodes. An Azure Subscription ID is used to grant access to the preview and to create the MCC resource in Azure and Cache nodes.
+
+Once you take the survey above and the MCC team adds your subscription ID to the allowlist, you will be given a link to the Azure portal where you can create the resource described below.
+
+1. On the Azure portal home page, choose **Create a resource**:
+ 
+
+2. Type **Microsoft Connected Cache** into the search box, and hit **Enter** to show search results.
+
+> [!NOTE]
+> You'll not see Microsoft Connected Cache in the drop-down list. You need to type it and press enter to see the result.
+
+3. Select **Microsoft Connected Cache** and choose **Create** on the next screen to start the process of creating the MCC resource.
+
+ 
+ 
+
+4. Fill in the required fields to create the MCC resource.
+
+ - Choose the subscription that you provided to Microsoft.
+ - Azure resource groups are logical groups of resources. Create a new resource group and choose a name for your resource group.
+ - Choose **(US) West US** for the location of the resource. This choice will not impact MCC if the physical location isn't in the West US, it's just a limitation of the preview.
+
+ > [!NOTE]
+ > Your MCC resource will not be created properly if you do not select **(US) West US**
+
+ - Choose a name for the MCC resource.
+
+ > [!NOTE]
+ > Your MCC resource must not contain the word **Microsoft** in it.
+
+ 
+
+5. Once all the information has been entered, click the **Review + Create** button. Once validation is complete, click the **Create** button to start the
+ resource creation.
+
+ 
+
+#### Error: Validation failed
+
+- If you get a Validation failed error message on your portal, it's likely because you selected the **Location** as **US West 2** or some other location that isn't **(US) West US**.
+- To resolve this error, go to the previous step and choose **(US) West US**.
+
+ 
+
+### Create an MCC node in Azure
+
+Creating an MCC node is a multi-step process and the first step is to access the MCC private preview management portal.
+
+1. After the successful resource creation click on the **Go to resource**.
+2. Under **Cache Node Management** section on the leftmost panel, click on **Cache Nodes**.
+
+ 
+
+3. On the **Cache Nodes** blade, click on the **Create Cache Node** button.
+
+ 
+
+4. Clicking the **Create Cache Node** button will open the **Create Cache Node** page; **Cache Node Name** is the only field required for cache node creation.
+
+| **Field Name** | **Expected Value** | **Description** |
+|---------------------|--------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|
+| **Cache Node Name** | Alphanumeric name that includes no spaces. | The name of the cache node. You may choose names based on location like Seattle-1. This name must be unique and cannot be changed later. |
+
+5. Enter the information for the **Cache Node** and click the **Create** button.
+
+
+
+If there are errors, the form will provide guidance on how to correct the errors.
+
+Once the MCC node has been created, the installer instructions will be exposed. More details on the installer instructions will be addressed later in this article, in the [Install Connected Cache](#install-mcc-on-windows) section.
+
+
+
+#### Edit cache node information
+
+Cache nodes can be deleted here by clicking the check box to the left of a **Cache Node Name** and then clicking the delete toolbar item. Be aware that if a cache node is deleted, there is no way to recover the cache node or any of the information related to the cache node.
+
+
+
+### Install MCC on Windows
+
+Installing MCC on your Windows device is a simple process. A PowerShell script performs the following tasks:
+
+ - Installs the Azure CLI
+ - Downloads, installs, and deploys EFLOW
+ - Enables Microsoft Update so EFLOW can stay up to date
+ - Creates a virtual machine
+ - Enables the firewall and opens ports 80 and 22 for inbound and outbound traffic. Port 80 is used by MCC, and port 22 is used for SSH communications.
+ - Configures Connected Cache tuning settings.
+ - Creates the necessary *FREE* Azure resource - IoT Hub/IoT Edge.
+ - Deploys the MCC container to server.
+
+#### Run the installer
+
+1. Download and unzip mccinstaller.zip from the create cache node page or cache node configuration page which contains the necessary installation files.
+
+ 
+
+Files contained in the mccinstaller.zip file:
+
+ - **installmcc.ps1**: Main installer file.
+ - **installEflow.ps1**: Installs the necessary prerequisites such as the Linux VM, IoT Edge runtime, and Docker, and makes necessary host OS settings to optimize caching performance.
+ - **resourceDeploymentForConnectedCache.ps1**: Creates Azure cloud resources required to support MCC control plane.
+ - **mccdeployment.json**: Deployment manifest used by IoT Edge to deploy the MCC container and configure settings on the container, such as cache drive location sizes.
+ - **updatemcc.ps1**: The update script used to upgrade MCC to a particular version.
+ - **mccupdate.json**: Used as part of the update script
+
+1. Open Windows PowerShell as administrator and navigate to the location of these files.
+
+> [!NOTE]
+> Ensure that Hyper-V is enabled on your device.
+> Do not use PowerShell ISE, PowerShell 6.x, or PowerShell 7.x. Only Windows PowerShell version 5.x is supported.
+
+ **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
+
+ **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
+
+#### If you're installing MCC on a local virtual machine:
+
+1. Enable Nested Virtualization
+
+ ```powershell
+ Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
+ ```
+2. Enable Mac Spoofing
+ ```powershell
+ Get-VMNetworkAdapter -VMName "VM name" | Set-VMNetworkAdapter -MacAddressSpoofing On
+ ```
+ **Virtual machine should be in the OFF state while enabling Nested Virtualization and Mac Spoofing**
+
+3. Set the execution policy
+
+ ```powershell
+ Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
+ ```
+ > [!NOTE]
+ > After setting the execution policy, you'll see a warning asking if you wish to change the execution policy. Choose **[A] Yes to All**.
+
+4. Copy the command from the portal and run it in Windows PowerShell
+
+ 
+
+ > [!NOTE]
+ > After running the command, and multiple times throughout the installation process, you'll receive the following notice. **Please select [R] Run once to proceed**.
+ >
+ >
Security warning
+ >
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\\Users\\mccinstaller\\Eflow\\installmcc.ps1?
+ >
+ >
[D] Do not run **[R] Run once** [S] Suspend [?] Help (default is "D"):
+
+3. Choose whether you would like to create a new virtual switch or select an existing one. Name your switch and select the Net Adapter to use for the switch. A computer restart will be required if you're creating a new switch.
+
+ > [!NOTE]
+ > Restarting your computer after creating a switch is recommended. You'll notice network delays during installation if the computer has not been restarted.
+
+ If you restarted your computer after creating a switch, start from Step 2 above and skip step 5.
+
+ 
+
+4. Re-run the script after the restart. This time, choose **No** when asked to create a new switch. Enter the number corresponding to the switch you previously created.
+
+ 
+
+5. Decide whether you would like to use dynamic or static address for the Eflow VM
+
+ 
+
+ > [!NOTE]
+ > Choosing a dynamic IP address might assign a different IP address when the MCC restarts.
+ >
A static IP address is recommended so you do not have to change this value in your management solution when MCC restarts.
+
+6. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and cores you would like to allocate for the VM. In this example, we chose the default values for all prompts.
+
+7. Follow the Azure Device Login link and sign into the Azure portal.
+
+ 
+
+8. If this is your first MCC deployment, please select **n** so that a new IoT Hub can be created. If you have already configured MCC before, choose **y** so that your MCCs are grouped in the same IoT Hub.
+
+ 1. You'll be shown a list of existing IoT Hubs in your Azure Subscription; Enter the number corresponding to the IoT Hub to select it. **You'll likely have only 1 IoT Hub in your subscription, in which case you want to enter “1”**
+
+ 
+ 
+
+9. Your MCC deployment is now complete.
+
+ 1. If you do not see any errors, please continue to the next section to validate your MCC deployment.
+ 2. After validating your MCC is properly functional, please review your management solution documentation, such as [Intune](/mem/intune/configuration/delivery-optimization-windows), to set the cache host policy to the IP address of your MCC.
+ 3. If you had errors during your deployment, see the [Troubleshooting](#troubleshooting) section in this article.
+
+### Verify proper functioning MCC server
+
+#### Verify Client Side
+
+Connect to the EFLOW VM and check if MCC is properly running:
+
+1. Open PowerShell as an Administrator
+2. Enter the following commands:
+
+```powershell
+Connect-EflowVm
+sudo -s
+iotedge list
+```
+
+
+
+You should see MCC, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not MCC, please try this command in a few minutes. The MCC container can take a few minutes to deploy
+
+#### Verify server side
+
+For a validation of properly functioning MCC, execute the following command in the EFLOW VM or any device in the network. Replace
+ "DOCacheHost"=" "
+
+ From an elevated command prompt:
+
+ ```
+ reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DOCacheHost /t REG_SZ /d "10.137.187.38" /f
+ ```
+
+2. MDM Path in 1809 or higher:
+
+ .Vendor/MSFT/Policy/Config/DeliveryOptimization/DOCacheHost
+
+3. In Windows release version 1809 and later, you can apply the policy via Group Policy Editor. The policy to apply is **DOCacheHost**. To configure the clients to pull content from the MCC using Group Policy, set the Cache Server Hostname (Setting found under Computer Configuration, Administrative Templates, Windows Components, Delivery Optimization) to the IP address of your MCC. For example 10.137.187.38.
+
+ 
+
+**Verify Content using the DO Client**
+
+To verify that the Delivery Optimization client can download content using MCC, you can use the following steps:
+
+1. Download a game or application from the Microsoft Store.
+
+ 
+
+2. Verify downloads came from MCC by one of two methods:
+
+ - Using PowerShell Cmdlet Get-DeliveryOptimizationStatus you should see BytesFromCacheServer test
+
+ 
+
+ - Looking at the Delivery Optimization Activity Monitor
+
+ 
+
+## Also see
+
+[Microsoft Connected Cache for ISPs](mcc-isp.md)
+[Introducing Microsoft Connected Cache](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-microsoft-connected-cache-microsoft-s-cloud-managed/ba-p/963898)
diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md
index 970e762a57..699b40920a 100644
--- a/windows/deployment/do/mcc-isp.md
+++ b/windows/deployment/do/mcc-isp.md
@@ -1,8 +1,8 @@
---
title: Microsoft Connected Cache for Internet Service Providers (ISPs)
description: Details on Microsoft Connected Cache (MCC) for Internet Service Providers (ISPs).
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.localizationpriority: medium
author: amymzhou
ms.author: amyzhou
diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index 77b1f52534..22dff75ed5 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -3,13 +3,14 @@ title: Delivery Optimization reference
ms.reviewer:
manager: dougeby
description: This article provides a summary of references and descriptions for all of the Delivery Optimization settings.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
ms.collection: M365-modern-desktop
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Delivery Optimization reference
diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md
index 928132b662..ff28a0815c 100644
--- a/windows/deployment/do/waas-delivery-optimization-setup.md
+++ b/windows/deployment/do/waas-delivery-optimization-setup.md
@@ -3,13 +3,14 @@ title: Set up Delivery Optimization
ms.reviewer:
manager: dougeby
description: In this article, learn how to set up Delivery Optimization.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
ms.collection: M365-modern-desktop
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Set up Delivery Optimization for Windows
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index c59be068e5..9c019a611b 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -2,16 +2,17 @@
title: What is Delivery Optimization?
manager: dougeby
description: This article provides information about Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
-ms.collection:
-- M365-modern-desktop
-- m365initiative-coredeploy
-- highpri
+ms.collection:
+ - M365-modern-desktop
+ - m365initiative-coredeploy
+ - highpri
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# What is Delivery Optimization?
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index c6dc879a40..8d080959f8 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -2,16 +2,17 @@
title: Microsoft Connected Cache overview
manager: dougeby
description: This article provides information about Microsoft Connected Cache (MCC), a software-only caching solution.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
-ms.collection:
-- M365-modern-desktop
-- m365initiative-coredeploy
-- highpri
+ms.collection:
+ - M365-modern-desktop
+ - m365initiative-coredeploy
+ - highpri
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Microsoft Connected Cache overview
diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md
index 6bf560ab5a..fc5b9d2841 100644
--- a/windows/deployment/do/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/do/waas-optimize-windows-10-updates.md
@@ -1,13 +1,14 @@
---
title: Optimize Windows update delivery
description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aaroncz
ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Optimize Windows update delivery
diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index 3643b5fea8..355b983848 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -2,16 +2,17 @@
title: What's new in Delivery Optimization
manager: dougeby
description: What's new in Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
-ms.collection:
-- M365-modern-desktop
-- m365initiative-coredeploy
-- highpri
+ms.collection:
+ - M365-modern-desktop
+ - m365initiative-coredeploy
+ - highpri
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# What's new in Delivery Optimization
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 112c4d3436..a7c2e3e203 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -1,7 +1,7 @@
---
title: MBR2GPT
description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
ms.date: 02/13/2018
diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md
index 8faeb00aab..49e84cc536 100644
--- a/windows/deployment/planning/act-technical-reference.md
+++ b/windows/deployment/planning/act-technical-reference.md
@@ -4,9 +4,10 @@ description: The Microsoft Application Compatibility Toolkit (ACT) helps you see
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Application Compatibility Toolkit (ACT) Technical Reference
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
index d6cc26188b..4475629792 100644
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@@ -4,10 +4,11 @@ description: Learn how to apply filters to results from the Standard User Analyz
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Applying Filters to Data in the SUA Tool
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
index 1db5157b5e..3a16dfed66 100644
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: The Compatibility Administrator tool provides a way to query your c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Available Data Types and Operators in Compatibility Administrator
diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
index fead1005e4..dcc8f11756 100644
--- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
+++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
@@ -4,9 +4,10 @@ description: Learn about best practice recommendations for using Windows To Go,
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Best practice recommendations for Windows To Go
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
index a3a1f27a04..8ce6413f47 100644
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@@ -4,10 +4,11 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-mar2020
+ms.technology: itpro-deploy
---
# Compatibility Administrator User's Guide
diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
index 6ace821889..e40a09cd6f 100644
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
@@ -4,11 +4,12 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
ms.custom: seo-marvel-mar2020
+ms.technology: itpro-deploy
---
# Compatibility Fix Database Management Strategies and Deployment
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 905b52b295..6305150422 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -4,11 +4,12 @@ description: Find compatibility fixes for all Windows operating systems that hav
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
index fe0d8b09c8..44dd222bf6 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
@@ -4,9 +4,10 @@ description: The Compatibility Administrator tool uses the term fix to describe
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Creating a Custom Compatibility Fix in Compatibility Administrator
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
index 2f0793108b..205f34d0ce 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: Windows® provides several compatibility modes, groups of compatibi
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Creating a Custom Compatibility Mode in Compatibility Administrator
diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
index 55551f08fc..f6cc6a2e5f 100644
--- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: Create an AppHelp text message with Compatibility Administrator; a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Creating an AppHelp Message in Compatibility Administrator
@@ -29,7 +30,7 @@ The Compatibility Administrator tool enables you to create an AppHelp text messa
A blocking AppHelp message prevents the application from starting and displays a message to the user. You can define a specific URL where the user can download an updated driver or other fix to resolve the issue. When using a blocking AppHelp message, you must also define the file-matching information to identify the version of the application and enable the corrected version to continue.
-A non-blocking AppHelp message does not prevent the application from starting, but provides a message to the user including information such as security issues, updates to the application, or changes to the location of network resources.
+A non-blocking AppHelp message doesn't prevent the application from starting, but provides a message to the user that includes information such as security issues, updates to the application, or changes to the location of network resources.
## Searching for Existing Compatibility Fixes
@@ -50,17 +51,17 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
## Creating a New AppHelp Message
-If you are unable to find a preloaded AppHelp message for your application, you can create a new one for use by your custom database.
+If you're unable to find a preloaded AppHelp message for your application, you can create a new one for use by your custom database.
**To create a new AppHelp message**
-1. In the left-side pane of Compatibility Administrator, below the **Custom Databases** heading, right-click the name of the database to which you will apply the AppHelp message, click **Create New**, and then click **AppHelp Message**.
+1. In the left-side pane of Compatibility Administrator, below the **Custom Databases** heading, right-click the name of the database to which you'll apply the AppHelp message, click **Create New**, and then click **AppHelp Message**.
2. Type the name of the application to which this AppHelp message applies, type the name of the application vendor, browse to the location of the application file (.exe) on your computer, and then click **Next**.
The wizard shows the known **Matching Information**, which is used for program identification.
-3. Select any additional criteria to use to match your applications to the AppHelp message, and then click **Next**.
+3. Select any other criteria to use to match your applications to the AppHelp message, and then click **Next**.
By default, Compatibility Administrator selects the basic matching criteria for your application.
@@ -68,9 +69,9 @@ If you are unable to find a preloaded AppHelp message for your application, you
4. Click one of the following options:
- - **Display a message and allow this program to run**. This is a non-blocking message, which means that you can alert the user that there might be a problem, but the application is not prevented from starting.
+ - **Display a message and allow this program to run**. This message is non-blocking, which means that you can alert the user that there might be a problem, but the application isn't prevented from starting.
- - **Display a message and do not allow this program to run**. This is a blocking message, which means that the application will not start. Instead, this message points the user to a location that provides more information about fixing the issue.
+ - **Display a message and do not allow this program to run**. This message is blocking, which means that the application won't start. Instead, this message points the user to a location that provides more information about fixing the issue.
5. Click **Next**.
diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
index 76eadc45f9..add79decef 100644
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@@ -4,10 +4,11 @@ description: Learn about deployment considerations for Windows To Go, such as th
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Deployment considerations for Windows To Go
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index 9e64ab8e0b..5e9da01e3f 100644
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: You can disable and enable individual compatibility fixes in your c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Enabling and Disabling Compatibility Fixes in Compatibility Administrator
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 0bb13ccd0f..be6a881a78 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,13 +1,14 @@
---
title: Windows client features lifecycle
description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
manager: dougeby
ms.author: aaroncz
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-fundamentals
---
# Windows client features lifecycle
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index 54b85fbaa4..2e8d5bfcb7 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -4,10 +4,11 @@ description: On the user interface for the Standard User Analyzer (SUA) tool, yo
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Fixing Applications by Using the SUA Tool
diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md
index 72b7ebe705..3daa880c61 100644
--- a/windows/deployment/planning/index.md
+++ b/windows/deployment/planning/index.md
@@ -1,12 +1,13 @@
---
title: Plan for Windows 10 deployment (Windows 10)
-description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
-ms.prod: w10
+description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-deploy
---
# Plan for Windows 10 deployment
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index cdd078d772..4e9863f473 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: The Compatibility Administrator tool enables the creation and the u
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 9e24aa3ddf..ce88e24a2d 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -4,10 +4,11 @@ description: Learn why you should use compatibility fixes, and how to deploy and
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Managing Application-Compatibility Fixes and Custom Fix Databases
diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
index 78f1404be6..c361e02f2d 100644
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
@@ -1,18 +1,18 @@
---
title: Prepare your organization for Windows To Go (Windows 10)
-description: Though Windows To Go is no longer being developed, you can find info here about the the “what”, “why”, and “when” of deployment.
+description: Though Windows To Go is no longer being developed, you can find info here about the “what”, “why”, and “when” of deployment.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Prepare your organization for Windows To Go
-
**Applies to**
- Windows 10
@@ -24,15 +24,14 @@ The following information is provided to help you plan and design a new deployme
## What is Windows To Go?
-
-Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. Offering a new mobility option, a Windows To Go workspace is not intended to replace desktops or laptops, or supplant other mobility offerings.
+Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. Offering a new mobility option, a Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
- USB boot capable
- Have USB boot enabled in the firmware
- Meet Windows 7 minimum system requirements
-- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM is not a supported processor for Windows To Go.
+- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
- Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
@@ -46,7 +45,7 @@ The following scenarios are examples of situations in which Windows To Go worksp
- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the very first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
-- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker where they can be assisted with any necessary additional user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive and run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
+- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker where they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive and run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
- **Managed free seating.** The employee is issued a Windows To Go drive that is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return they use the same USB flash drive but use a different host computer.
@@ -55,55 +54,45 @@ The following scenarios are examples of situations in which Windows To Go worksp
- **Travel lightly.** In this situation you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
> [!NOTE]
-> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object is not potentially deleted from Active Directory Domain Services (AD DS).
+> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
-
+ ## Infrastructure considerations
-## Infrastructure considerations
-
-
-Because Windows To Go requires no additional software and minimal configuration, the same tools used to deploy images to other PCs can be used by an enterprise to install Windows To Go on a large group of USB devices. Moreover, because Windows To Go is compatible with connectivity and synchronization solutions already in use—such as Remote Desktop, DirectAccess and Folder Redirection—no additional infrastructure or management is necessary for this deployment. A Windows To Go image can be created on a USB drive that is identical to the hard drive inside a desktop. However, you may wish to consider making some modifications to your infrastructure to help make management of Windows To Go drives easier and to be able to identify them as a distinct device group.
+Because Windows To Go requires no other software and minimal configuration, the same tools used to deploy images to other PCs can be used by an enterprise to install Windows To Go on a large group of USB devices. Moreover, because Windows To Go is compatible with connectivity and synchronization solutions already in use—such as Remote Desktop, DirectAccess and Folder Redirection—no other infrastructure or management is necessary for this deployment. A Windows To Go image can be created on a USB drive that is identical to the hard drive inside a desktop. However, you may wish to consider making some modifications to your infrastructure to help make management of Windows To Go drives easier and to be able to identify them as a distinct device group.
## Activation considerations
-
Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
-You should investigate other software manufacturer's licensing requirements to ensure they are compatible with roaming usage before deploying them to a Windows To Go workspace.
+You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
> [!NOTE]
-> Using Multiple Activation Key (MAK) activation is not a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
+> Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
-
-
-See [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)) for more information about these activation methods and how they can be used in your organization.
+ See [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)) for more information about these activation methods and how they can be used in your organization.
## Organizational unit structure and use of Group Policy Objects
+You may find it beneficial to create other Active Directory organizational unit (OU) structures to support your Windows To Go deployment: one for host computer accounts and one for Windows To Go workspace computer accounts. Creating an organizational unit for host computers allows you to enable the Windows To Go Startup Options using Group Policy for only the computers that will be used as Windows To Go hosts. Setting this policy helps to prevent computers from being accidentally configured to automatically boot from USB devices and allows closer monitoring and control of those computers that can boot from a USB device. The organizational unit for Windows To Go workspaces allows you to apply specific policy controls to them, such as the ability to use the Store application, power state controls, and line-of-business application installation.
-You may find it beneficial to create additional Active Directory organizational unit (OU) structures to support your Windows To Go deployment; one for host computer accounts and one for Windows To Go workspace computer accounts. Creating an organizational unit for host computers allows you to enable the Windows To Go Startup Options using Group Policy for only the computers that will be used as Windows To Go hosts. Setting this policy helps to prevent computers from being accidentally configured to automatically boot from USB devices and allows closer monitoring and control of those computers which have the ability to boot from a USB device. The organizational unit for Windows To Go workspaces allows you to apply specific policy controls to them, such as the ability to use the Store application, power state controls, and line-of-business application installation.
-
-If you are deploying Windows To Go workspaces for a scenario in which they are not going to be roaming, but are instead being used on the same host computer, such as with temporary or contract employees, you might wish to enable hibernation or the Windows Store.
+If you're deploying Windows To Go workspaces for a scenario in which they're not going to be roaming, but are instead being used on the same host computer, such as with temporary or contract employees, you might wish to enable hibernation or the Windows Store.
For more information about Group Policy settings that can be used with Windows To Go, see [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
## Computer account management
-
-If you configure Windows To Go drives for scenarios where drives may remain unused for extended period of time such as use in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule or modify any maintenance scripts to not clean up computer accounts in the Windows To Go device organizational unit.
+If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
## User account and data management
-
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to have the ability to get to the data that they work with and to keep it accessible when the workspace is not being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
+People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with and to keep it accessible when the workspace isn't being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
## Remote connectivity
-
If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
## Related topics
@@ -116,6 +105,3 @@ If you want Windows To Go to be able to connect back to organizational resources
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index 53d51c7ea4..d862948938 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -4,10 +4,11 @@ description: Compatibility Administrator can locate specific executable (.exe) f
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Searching for Fixed Applications in Compatibility Administrator
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 496856bf9f..0d5d121f1f 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -4,9 +4,10 @@ description: You can access the Query tool from within Compatibility Administrat
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
index cbb62f87be..262e45f5d2 100644
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
@@ -4,9 +4,10 @@ description: Ensure that the data, content, and resources you work with in the W
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Security and data protection considerations for Windows To Go
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index f6e9d05353..8d24639654 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -4,10 +4,11 @@ description: On the user interface for the Standard User Analyzer (SUA) tool, yo
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Showing Messages Generated by the SUA Tool
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 50bae4c447..780b444b4b 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -5,10 +5,11 @@ ms.custom: seo-marvel-apr2020
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# SUA User's Guide
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index ab6c4e83a7..228c89c471 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -4,10 +4,11 @@ description: The tabs in the Standard User Analyzer (SUA) tool show the User Acc
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Tabs on the SUA Tool Interface
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index 4ab4be6a19..eef79892fa 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -4,10 +4,11 @@ description: Learn how to test your application-mitigation packages, including h
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Testing Your Application Mitigation Packages
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
index d91279a5d5..3b79838534 100644
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
@@ -4,9 +4,10 @@ description: As the Windows operating system evolves to support new technology a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Understanding and Using Compatibility Fixes
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index 2e1dbd9ead..cb42ec980b 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -4,10 +4,11 @@ description: This section provides information about using the Compatibility Adm
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Using the Compatibility Administrator Tool
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index e4196523e8..32f652ea98 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -4,10 +4,11 @@ description: Learn how to deploy customized database (.sdb) files using the Sdbi
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Using the Sdbinst.exe Command-Line Tool
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index f4de4f8ae5..4cd150524a 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -4,10 +4,11 @@ description: The Standard User Analyzer (SUA) tool can test applications and mon
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Using the SUA Tool
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index e0a506b5ca..8eac693142 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -4,10 +4,11 @@ description: The Standard User Analyzer (SUA) wizard, although it doesn't offer
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Using the SUA wizard
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 3d363d0db4..0d290a11fd 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -4,9 +4,10 @@ description: You can use the Events screen to record and view activities in the
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Viewing the Events Screen in Compatibility Administrator
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index 790592964c..5b422fa9df 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -4,10 +4,11 @@ description: Windows 10 will be compatible with most existing PC hardware; most
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows 10 compatibility
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index a9fb6d7c33..7da1eb270e 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -4,10 +4,11 @@ description: There are new deployment options in Windows 10 that help you simpl
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows 10 deployment considerations
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 76c4a0c066..29e51d9d21 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -2,8 +2,8 @@
title: Deprecated features in Windows client
description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
ms.date: 07/21/2022
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-fundamentals
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 4bde7474f4..213666e168 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -4,10 +4,11 @@ description: Review the infrastructure requirements for deployment and managemen
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows 10 infrastructure requirements
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index 4510e72618..5935900ab4 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -1,7 +1,7 @@
---
title: Features and functionality removed in Windows client
description: In this article, learn about the features and functionality that have been removed or replaced in Windows client.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
@@ -9,6 +9,7 @@ manager: dougeby
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
+ms.technology: itpro-fundamentals
---
# Features and functionality removed in Windows client
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
index 483767ebfe..979f9bf643 100644
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@@ -4,9 +4,10 @@ description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows To Go: feature overview
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index 59ec7c3e89..1e89d59f31 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -2,7 +2,7 @@
title: Windows 10 Pro in S mode
description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
ms.localizationpriority: high
-ms.prod: w10
+ms.prod: windows-client
manager: dougeby
author: aczechowski
ms.author: aaroncz
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 60bc7df800..5c1d53cd63 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -1,7 +1,7 @@
---
title: Windows Updates using forward and reverse differentials
description: A technique to produce compact software updates optimized for any origin and destination revision pair
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.reviewer:
manager: dougeby
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Windows Updates using forward and reverse differentials
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
index 3551bd63d5..97cc22efe7 100644
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ b/windows/deployment/update/WIP4Biz-intro.md
@@ -2,12 +2,13 @@
title: Introduction to the Windows Insider Program for Business
description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join.
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.reviewer:
ms.topic: article
+ms.technology: itpro-updates
---
# Introduction to the Windows Insider Program for Business
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index a865459e80..007cd09674 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -7,23 +7,24 @@ author: DocsPreview
manager: jren
ms.reviewer: mstewart
ms.topic: how-to
-ms.prod: w10
+ms.prod: windows-client
localization_priority: medium
ms.custom:
-- Adm_O365
-- 'O365P_ServiceHealthModern'
-- 'O365M_ServiceHealthModern'
-- 'O365E_ViewStatusServices'
-- 'O365E_ServiceHealthModern'
-- 'seo-marvel-apr2020'
-ms.collection:
-- Ent_O365
-- M365-subscription-management
-search.appverid:
-- MET150
-- MOE150
-- BCS160
-- IWA160
+ - Adm_O365
+ - 'O365P_ServiceHealthModern'
+ - 'O365M_ServiceHealthModern'
+ - 'O365E_ViewStatusServices'
+ - 'O365E_ServiceHealthModern'
+ - 'seo-marvel-apr2020'
+ms.collection:
+ - Ent_O365
+ - M365-subscription-management
+search.appverid:
+ - MET150
+ - MOE150
+ - BCS160
+ - IWA160
+ms.technology: itpro-updates
---
# How to check Windows release health
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 03631234e5..17dc7028a8 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -1,13 +1,14 @@
---
title: Create a deployment plan
description: Devise the number of deployment rings you need and how you want to populate them
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.collection: m365initiative-coredeploy
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Create a deployment plan
diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md
index bc3f4c1e0e..9fcf8d8e67 100644
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@@ -1,13 +1,14 @@
---
title: Deploy Windows client updates with Configuration Manager
description: Deploy Windows client updates with Configuration Manager
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.localizationpriority: medium
ms.author: mstewart
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Deploy Windows 10 updates with Configuration Manager
diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md
index d63870c7e0..b52db6211f 100644
--- a/windows/deployment/update/deploy-updates-intune.md
+++ b/windows/deployment/update/deploy-updates-intune.md
@@ -1,13 +1,14 @@
---
title: Deploy updates with Intune
description: Deploy Windows client updates with Intune
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Deploy Windows 10 updates with Intune
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index f8d5a8cd98..fbb54dd2d2 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -2,13 +2,14 @@
title: Windows Update for Business deployment service
description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
-ms.reviewer:
+ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index aa89b4a23a..cf7599e9c8 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -2,13 +2,14 @@
title: Troubleshoot the Windows Update for Business deployment service
description: Solutions to common problems with the service
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
-ms.reviewer:
+ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
@@ -20,7 +21,7 @@ ms.topic: article
- Windows 10
- Windows 11
-This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md).
+This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
## The device isn't receiving an update that I deployed
@@ -29,7 +30,7 @@ This troubleshooting guide addresses the most common issues that IT administrato
- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices.
- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates).
- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors.
-- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`.
+- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`.
## The device is receiving an update that I didn't deploy
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 4ba30f5bc9..29d681f691 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -1,13 +1,14 @@
---
title: Evaluate infrastructure and tools
description: Steps to make sure your infrastructure is ready to deploy updates
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.localizationpriority: medium
ms.topic: article
ms.collection: m365initiative-coredeploy
+ms.technology: itpro-updates
---
# Evaluate infrastructure and tools
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 41810807d7..de573530ce 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,7 +1,7 @@
---
-title: Best practices - deploy feature updates for user-initiated installations
+title: Best practices - deploy feature updates for user-initiated installations
description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -11,6 +11,7 @@ manager: dougeby
ms.collection: M365-modern-desktop
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Deploy feature updates for user-initiated installations (during a fixed service window)
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 01de0f8c92..3d51115d70 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,7 +1,7 @@
---
title: Make FoD and language packs available for WSUS/Configuration Manager
description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager.
-ms.prod: w10
+ms.prod: windows-client
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
@@ -10,6 +10,7 @@ ms.reviewer:
manager: dougeby
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index b7b501f2c4..642a3e17c0 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,13 +1,14 @@
---
title: Windows client updates, channels, and tools
description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-updates
---
# Windows client updates, channels, and tools
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 4d9b31486c..49ebdaa2e4 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,16 +1,17 @@
---
-title: How Windows Update works
+title: How Windows Update works
description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
-ms.collection:
+ms.collection:
- M365-modern-desktop
- highpri
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# How Windows Update works
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index effea4ec16..c2470f7d69 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -1,12 +1,13 @@
---
title: Update Windows client in enterprise deployments
description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
manager: dougeby
ms.localizationpriority: high
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-updates
---
# Update Windows client in enterprise deployments
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index 936f68a628..62d6fa3c07 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -1,15 +1,16 @@
---
title: Update Windows installation media with Dynamic Update
description: Learn how to deploy feature updates to your mission critical devices
-ms.prod: w10
+ms.prod: windows-client
author: SteveDiAcetis
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
-ms.collection:
+ms.collection:
- M365-modern-desktop
- highpri
ms.topic: article
+ms.technology: itpro-updates
---
# Update Windows installation media with Dynamic Update
diff --git a/windows/deployment/update/media/33771278-update-deployment-status-table.png b/windows/deployment/update/media/33771278-update-deployment-status-table.png
index 4ee85fcc56..dd070d8e21 100644
Binary files a/windows/deployment/update/media/33771278-update-deployment-status-table.png and b/windows/deployment/update/media/33771278-update-deployment-status-table.png differ
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index b4fd53631f..a200aba260 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -3,10 +3,11 @@ title: Olympia Corp Retirement
description: Learn about the retirement of Olympia Corp and how to back up your data prior to October 31, 2022.
ms.author: lizlong
ms.topic: article
-ms.prod: w10
+ms.prod: windows-client
author: lizgt2000
ms.reviewer:
manager: aaroncz
+ms.technology: itpro-updates
---
# Olympia Corp
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index ad5d745581..6dc355433f 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -1,13 +1,14 @@
---
title: Migrating and acquiring optional Windows content
description: Keep language resources and Features on Demand during operating system updates
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.collection: M365-modern-desktop
ms.topic: article
+ms.technology: itpro-updates
---
# Migrating and acquiring optional Windows content during updates
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index 3b0180ab07..e0740e7232 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -1,13 +1,14 @@
---
title: Define readiness criteria
description: Identify important roles and figure out how to classify apps
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.localizationpriority: medium
ms.topic: article
ms.collection: m365initiative-coredeploy
+ms.technology: itpro-updates
---
# Define readiness criteria
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index 33c9252297..1b47a96842 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -1,13 +1,14 @@
---
title: Define update strategy
description: Two examples of a calendar-based approach to consistent update installation
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.collection: m365initiative-coredeploy
+ms.technology: itpro-updates
---
# Define update strategy with a calendar
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index ffe6a2795d..d2bbbc7d48 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -2,12 +2,13 @@
title: Determine application readiness
manager: dougeby
description: How to test your apps to know which need attention prior to deploying an update
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.topic: article
ms.collection: m365initiative-coredeploy
ms.author: aaroncz
author: aczechowski
+ms.technology: itpro-updates
---
# Determine application readiness
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index 070a39e360..6e5fbbe148 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -1,7 +1,7 @@
---
title: Prepare to deploy Windows
description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.reviewer:
manager: dougeby
ms.topic: article
ms.collection: m365initiative-coredeploy
+ms.technology: itpro-updates
---
# Prepare to deploy Windows
diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md
index 4bc2d59668..c7c30db293 100644
--- a/windows/deployment/update/quality-updates.md
+++ b/windows/deployment/update/quality-updates.md
@@ -1,13 +1,14 @@
---
title: Monthly quality updates (Windows 10/11)
description: Learn about Windows monthly quality updates to stay productive and protected.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Monthly quality updates
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index bfae10b8e8..81b65f8884 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -1,12 +1,13 @@
---
title: Safeguard holds
description: What are safeguard holds, how can you tell if one is in effect, and what to do about it
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Safeguard holds
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index b217acde9b..b8da300767 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -1,12 +1,13 @@
---
title: Opt out of safeguard holds
description: Steps to install an update even it if has a safeguard hold applied
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Opt out of safeguard holds
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index fe131c3f60..b1549aa4b9 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,16 +1,17 @@
---
title: Servicing stack updates
description: In this article, learn how servicing stack updates improve the code that installs the other updates.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: high
ms.author: aaroncz
manager: dougeby
-ms.collection:
+ms.collection:
- M365-modern-desktop
- highpri
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Servicing stack updates
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index 2c977fd2f0..a943c5f47b 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -1,12 +1,13 @@
---
title: Update Baseline
description: Use an update baseline to optimize user experience and meet monthly update goals
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Update Baseline
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index bc6e8a327e..d030495b3b 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -3,12 +3,13 @@ title: Manually configuring devices for Update Compliance
ms.reviewer:
manager: aczechowski
description: Manually configuring devices for Update Compliance
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# Manually Configuring Devices for Update Compliance
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index 31cc1b5b80..7bc1ee3016 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -3,12 +3,13 @@ title: Configuring Microsoft Endpoint Manager devices for Update Compliance
ms.reviewer:
manager: aczechowski
description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# Configuring Microsoft Endpoint Manager devices for Update Compliance
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index dfc1c5cae2..8b80fe8716 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -3,13 +3,14 @@ title: Update Compliance Configuration Script
ms.reviewer:
manager: aczechowski
description: Downloading and using the Update Compliance Configuration Script
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/16/2022
+ms.technology: itpro-updates
---
# Configuring devices through the Update Compliance Configuration Script
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 34024f43cb..004686f454 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -3,13 +3,14 @@ title: Delivery Optimization in Update Compliance
ms.reviewer:
manager: aczechowski
description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Delivery Optimization in Update Compliance
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 17b63d9e79..ac9e1d6963 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -3,12 +3,13 @@ title: Update Compliance - Feature Update Status report
ms.reviewer:
manager: aczechowski
description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Feature Update Status
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 23d4fb68e8..c8bd25539d 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -1,16 +1,17 @@
---
title: Get started with Update Compliance
manager: aczechowski
-description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance
-ms.prod: w10
+description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
-ms.collection:
+ms.collection:
- M365-analytics
- highpri
ms.topic: article
ms.date: 05/03/2022
+ms.technology: itpro-updates
---
# Get started with Update Compliance
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 0ed598274c..dc6c997629 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -3,13 +3,14 @@ title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance
ms.reviewer:
manager: aczechowski
description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Monitor Windows Updates with Update Compliance
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 680cfffa35..605dac80ba 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -6,7 +6,8 @@ author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
-ms.prod: w10
+ms.prod: windows-client
+ms.technology: itpro-updates
---
# Needs attention!
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
index 08423ff755..d94edc14cb 100644
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -3,11 +3,12 @@ title: Privacy in Update Compliance
ms.reviewer:
manager: aczechowski
description: an overview of the Feature Update Status report
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# Privacy in Update Compliance
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
index f45cd6f50d..7b0585abc2 100644
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ b/windows/deployment/update/update-compliance-safeguard-holds.md
@@ -3,12 +3,13 @@ title: Update Compliance - Safeguard Holds report
ms.reviewer:
manager: aczechowski
description: Learn how the Safeguard Holds report provides information about safeguard holds in your population.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Safeguard Holds
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index 2dc69aadd8..b70b5faa97 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -3,11 +3,12 @@ title: Update Compliance Schema - WaaSDeploymentStatus
ms.reviewer:
manager: aczechowski
description: WaaSDeploymentStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# WaaSDeploymentStatus
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 30667a459e..5bba7c81e5 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -3,11 +3,12 @@ title: Update Compliance Schema - WaaSInsiderStatus
ms.reviewer:
manager: aczechowski
description: WaaSInsiderStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# WaaSInsiderStatus
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index b1cb215ae1..1905d4fc7f 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -3,11 +3,12 @@ title: Update Compliance Schema - WaaSUpdateStatus
ms.reviewer:
manager: aczechowski
description: WaaSUpdateStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# WaaSUpdateStatus
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
index c38fe10c37..5adc3a632d 100644
--- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
@@ -3,11 +3,12 @@ title: Update Compliance Schema - WUDOAggregatedStatus
ms.reviewer:
manager: aczechowski
description: WUDOAggregatedStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# WUDOAggregatedStatus
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
index 7635fd97e7..1a53d374d6 100644
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@@ -3,11 +3,12 @@ title: Update Compliance Schema - WUDOStatus
ms.reviewer:
manager: aczechowski
description: WUDOStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# WUDOStatus
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
index 3f5325e847..8e9f98413b 100644
--- a/windows/deployment/update/update-compliance-schema.md
+++ b/windows/deployment/update/update-compliance-schema.md
@@ -3,11 +3,12 @@ title: Update Compliance Data Schema
ms.reviewer:
manager: aczechowski
description: an overview of Update Compliance data schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
+ms.technology: itpro-updates
---
# Update Compliance Schema
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index 3fcd47f35f..e5a93b0a32 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -3,12 +3,13 @@ title: Update Compliance - Security Update Status report
ms.reviewer:
manager: aczechowski
description: Learn how the Security Update Status section provides information about security updates across all devices.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Security Update Status
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 717bfa6599..78966cf0b4 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -3,13 +3,14 @@ title: Using Update Compliance
ms.reviewer:
manager: aczechowski
description: Learn how to use Update Compliance to monitor your device's Windows updates.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Use Update Compliance
diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md
index 07c449792b..17d22404cd 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md
@@ -3,13 +3,14 @@ title: Manually configuring devices for Update Compliance (preview)
ms.reviewer:
manager: dougeby
description: Manually configuring devices for Update Compliance (preview)
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# Manually Configuring Devices for Update Compliance (preview)
diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md
index 2589190da8..a5285184bd 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md
@@ -3,13 +3,14 @@ title: Configuring Microsoft Endpoint Manager devices for Update Compliance (pre
ms.reviewer:
manager: dougeby
description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance (preview)
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.date: 08/24/2022
+ms.technology: itpro-updates
---
# Configuring Microsoft Endpoint Manager devices for Update Compliance (preview)
diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md
index ce8b8ff96b..5cde468cfc 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-script.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-script.md
@@ -3,13 +3,14 @@ title: Update Compliance (preview) Configuration Script
ms.reviewer:
manager: dougeby
description: Downloading and using the Update Compliance (preview) Configuration Script
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/16/2022
+ms.technology: itpro-updates
---
# Configuring devices through the Update Compliance (preview) Configuration Script
diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md
index 2125392ab8..5cfd3e874b 100644
--- a/windows/deployment/update/update-compliance-v2-enable.md
+++ b/windows/deployment/update/update-compliance-v2-enable.md
@@ -3,12 +3,13 @@ title: Enable the Update Compliance solution
ms.reviewer:
manager: dougeby
description: How to enable the Update Compliance through the Azure portal
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# Enable Update Compliance
diff --git a/windows/deployment/update/update-compliance-v2-help.md b/windows/deployment/update/update-compliance-v2-help.md
index cbdbab10e9..313f95aa04 100644
--- a/windows/deployment/update/update-compliance-v2-help.md
+++ b/windows/deployment/update/update-compliance-v2-help.md
@@ -3,12 +3,13 @@ title: Update Compliance (preview) feedback, support, and troubleshooting
ms.reviewer:
manager: dougeby
description: Update Compliance (preview) support information.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.date: 08/10/2022
+ms.technology: itpro-updates
---
# Update Compliance (preview) feedback, support, and troubleshooting
diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md
index ee51d8c204..62fd39dd31 100644
--- a/windows/deployment/update/update-compliance-v2-overview.md
+++ b/windows/deployment/update/update-compliance-v2-overview.md
@@ -2,13 +2,14 @@
title: Update Compliance overview
ms.reviewer:
manager: dougeby
-description: Overview of Update Compliance to explain what it's used for and the cloud services it relies on.
-ms.prod: w10
+description: Overview of Update Compliance to explain what it's used for and the cloud services it relies on.
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.date: 08/09/2022
+ms.technology: itpro-updates
---
# Update Compliance overview
diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md
index 31c046a6b0..eb116f4caf 100644
--- a/windows/deployment/update/update-compliance-v2-prerequisites.md
+++ b/windows/deployment/update/update-compliance-v2-prerequisites.md
@@ -3,12 +3,13 @@ title: Update Compliance prerequisites
ms.reviewer:
manager: dougeby
description: Prerequisites for Update Compliance
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/30/2022
+ms.technology: itpro-updates
---
# Update Compliance prerequisites
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/update-compliance-v2-schema-ucclient.md
index 6756a30807..c7ab446d06 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucclient.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCClient
ms.reviewer:
manager: dougeby
description: UCClient schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCClient
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md
index ae2850180a..83087d18b4 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCClientReadinessStatus
ms.reviewer:
manager: dougeby
description: UCClientReadinessStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCClientReadinessStatus
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md
index 3db77ec9fd..68e1809d2f 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCClientUpdateStatus
ms.reviewer:
manager: dougeby
description: UCClientUpdateStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCClientUpdateStatus
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md
index b908d5f26b..18c9676b72 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCDeviceAlert
ms.reviewer:
manager: dougeby
description: UCDeviceAlert schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCDeviceAlert
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md
index 8ddfb1000d..401602f0b0 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCServiceUpdateStatus
ms.reviewer:
manager: dougeby
description: UCServiceUpdateStatus schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCServiceUpdateStatus
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md
index ca7af0d50a..85a29368e8 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md
+++ b/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md
@@ -3,12 +3,13 @@ title: Update Compliance Data Schema - UCUpdateAlert
ms.reviewer:
manager: dougeby
description: UCUpdateAlert schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# UCUpdateAlert
diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md
index add12d9e62..d66c88eced 100644
--- a/windows/deployment/update/update-compliance-v2-schema.md
+++ b/windows/deployment/update/update-compliance-v2-schema.md
@@ -3,12 +3,13 @@ title: Update Compliance (preview) data schema
ms.reviewer:
manager: dougeby
description: An overview of Update Compliance (preview) data schema
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: reference
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# Update Compliance version 2 schema
diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md
index 9326548d4f..99eb436b52 100644
--- a/windows/deployment/update/update-compliance-v2-use.md
+++ b/windows/deployment/update/update-compliance-v2-use.md
@@ -3,12 +3,13 @@ title: Use the Update Compliance (preview) data
ms.reviewer:
manager: dougeby
description: How to use the Update Compliance (preview) data.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
ms.date: 06/06/2022
+ms.technology: itpro-updates
---
# Use Update Compliance (preview)
diff --git a/windows/deployment/update/update-compliance-v2-workbook.md b/windows/deployment/update/update-compliance-v2-workbook.md
index a781782920..3c93a2310c 100644
--- a/windows/deployment/update/update-compliance-v2-workbook.md
+++ b/windows/deployment/update/update-compliance-v2-workbook.md
@@ -3,12 +3,13 @@ title: Use the workbook for Update Compliance (preview)
ms.reviewer:
manager: dougeby
description: How to use the Update Compliance (preview) workbook.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
-ms.date: 08/10/2022
+ms.date: 10/24/2022
+ms.technology: itpro-updates
---
# Update Compliance (preview) workbook
@@ -67,10 +68,13 @@ The charts displayed in the **Summary** tab give you a general idea of the overa
The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information:
-- **Devices count**: Count of devices that have reported at least one security update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
-- **Latest security update**: Count of devices that have installed the latest security update.
-- **Security update status**: Count of devices that haven't installed a security update released within the last 60 days.
-- **Total alerts**: Count of active alerts that are for quality updates.
+- **Latest security update**: Count of devices that have reported successful installation of the latest security update.
+- **Missing one security update**: Count of devices that haven't installed the latest security update.
+- **Missing multiple security updates**: Count of devices that are missing two or more security updates.
+- **Active alerts**: Count of active update and device alerts for quality updates.
+
+Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+
Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end-users are impacted.
@@ -79,7 +83,6 @@ Below the tiles, the **Quality updates** tab is subdivided into **Update status*
The **Update status** group for quality updates contains the following items:
- **Update states for all security releases**: Chart containing the number of devices in a specific state, such as installing, for security updates.
-- **Update states for the latest security releases**: Chart containing the number of devices in a specific state for the most recent security update.
- **Update alerts for all security releases**: Chart containing the count of active errors and warnings for security updates.
:::image type="content" source="media/33771278-update-deployment-status-table.png" alt-text="Screenshot of the charts and table in the workbook's quality updates tab" lightbox="media/33771278-update-deployment-status-table.png":::
@@ -98,6 +101,7 @@ The **Device status** group for quality updates contains the following items:
- **OS build number**: Chart containing a count of devices by OS build that are getting security updates.
- **Target version**: Chart containing how many devices by operating system version that are getting security updates.
+- **Device alerts**: Chart containing the count of active device errors and warnings for quality updates.
- **Device compliance status**: Table containing a list of devices getting security updates and update installation information including active alerts for the devices.
- This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
@@ -105,13 +109,12 @@ The **Device status** group for quality updates contains the following items:
The **Feature updates** tab displays generalized data at the top by using tiles. The feature update data becomes more specific as you navigate lower in this tab. The top of the **Feature updates** tab contains tiles with the following information:
-- **Devices count**: Count of devices that have reported a feature update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
-- **Feature update status**: Count of the devices that installed a feature update in the past 30 days.
-- **End Of Service**: Count of devices running an operating system version that no longer receives feature updates. For more information, see the [Windows lifecycle FAQ](/lifecycle/faq/windows).
+- **In service feature update**: Count of devices that are installed with a supported version of a Windows feature update.
+- **End of service feature update**: Count of devices that don't have a supported version of a Windows feature update installed. For more information, see the [Windows lifecycle FAQ](/lifecycle/faq/windows).
- **Nearing EOS** Count of devices that are within 18 months of their end of service date.
-- **Total alerts**: Count of active alerts that are for feature updates.
+- **Active alerts**: Count of active update and device alerts for feature updates.
-Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles.
+Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
### Update status group for feature updates
@@ -134,7 +137,7 @@ The **Update status** group for feature updates contains the following items:
The **Device status** group for feature updates contains the following items:
- **Windows 11 readiness status**: Chart containing how many devices that have a status of capable, not capable, or unknown for Windows 11 readiness.
-- **Device alerts**: Count of active alerts for feature updates in each alert classification.
+- **Device alerts**: Count of active device alerts for feature updates in each alert classification.
- **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
- This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index 9d860f73b8..fd4fdeacb6 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -2,13 +2,14 @@
title: Policies for update compliance, activity, and user experience
ms.reviewer:
description: Explanation and recommendations for settings
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.localizationpriority: medium
ms.topic: article
ms.collection: M365-modern-desktop
+ms.technology: itpro-updates
---
# Policies for update compliance, activity, and user experience
diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md
index 08f6787ea7..70378e4006 100644
--- a/windows/deployment/update/update-status-admin-center.md
+++ b/windows/deployment/update/update-status-admin-center.md
@@ -2,15 +2,16 @@
title: Microsoft admin center software updates (preview) page
manager: dougeby
description: Microsoft admin center populates Update Compliance data into the software updates page.
-ms.prod: w10
+ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.localizationpriority: medium
-ms.collection:
+ms.collection:
- M365-analytics
- highpri
ms.topic: article
ms.date: 06/20/2022
+ms.technology: itpro-updates
---
# Microsoft admin center software updates (preview) page
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 4e01cdd3ec..4440295877 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -1,7 +1,7 @@
---
title: Configure BranchCache for Windows client updates
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.reviewer:
manager: dougeby
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Configure BranchCache for Windows client updates
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 52c86e776b..a305dbf8fa 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -2,14 +2,15 @@
title: Configure Windows Update for Business
manager: dougeby
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
-ms.prod: w10
-ms.collection:
+ms.prod: windows-client
+ms.collection:
- m365initiative-coredeploy
- highpri
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-updates
---
# Configure Windows Update for Business
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index d35f0cfa52..b7708a85de 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,13 +1,14 @@
---
title: Integrate Windows Update for Business
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.collection: m365initiative-coredeploy
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Integrate Windows Update for Business with management solutions
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 7c573b20dc..5ae4fcf47b 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,13 +1,14 @@
---
title: Deploy Windows client updates using Windows Server Update Services
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-updates
---
# Deploy Windows client updates using Windows Server Update Services (WSUS)
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 2c2acee4e5..2737ca60d1 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -2,13 +2,14 @@
title: Windows Update for Business
manager: dougeby
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
+ms.technology: itpro-updates
---
# What is Windows Update for Business?
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
index 0e7cf67a8b..f9e1a3a00d 100644
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@@ -1,7 +1,7 @@
---
title: Windows as a service news & resources
description: The latest news for Windows as a service with resources to help you learn more about them.
-ms.prod: w10
+ms.prod: windows-client
ms.topic: article
ms.manager: elizapo
author: aczechowski
@@ -9,6 +9,7 @@ ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.localizationpriority: high
+ms.technology: itpro-updates
---
# Windows as a service - More news
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 63c12060d0..a8c8b81afd 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -1,13 +1,14 @@
---
title: Overview of Windows as a service
description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-updates
---
# Overview of Windows as a service
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index 80f6a1dbfa..8f11d387a2 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,13 +1,14 @@
---
title: Quick guide to Windows as a service (Windows 10)
description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: high
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-updates
---
# Quick guide to Windows as a service
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 46d0719b49..41ea13a0b3 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,16 +1,17 @@
---
title: Manage device restarts after updates (Windows 10)
description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows 10 update is installed.
-ms.prod: w10
+ms.prod: windows-client
author: carmenf
ms.localizationpriority: medium
ms.author: carmenf
manager: dougeby
ms.topic: article
-ms.custom:
-- seo-marvel-apr2020
+ms.custom:
+ - seo-marvel-apr2020
ms.collection: highpri
date: 09/22/2022
+ms.technology: itpro-updates
---
# Manage device restarts after updates
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 9fcb3d398e..c5bc2f6f23 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -1,15 +1,16 @@
---
title: Assign devices to servicing channels for Windows client updates
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.topic: article
-ms.custom:
-- seo-marvel-apr2020
+ms.custom:
+ - seo-marvel-apr2020
+ms.technology: itpro-updates
---
# Assign devices to servicing channels for Windows 10 updates
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index bac3d71a3a..043aeee54a 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,7 +1,7 @@
---
title: Prepare servicing strategy for Windows client updates
-description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
-ms.prod: w10
+description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
@@ -9,6 +9,7 @@ ms.reviewer:
manager: dougeby
ms.topic: article
ms.collection: m365initiative-coredeploy
+ms.technology: itpro-updates
---
# Prepare servicing strategy for Windows client updates
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index cfe3f8800a..35f4f7a60a 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,7 +1,7 @@
---
title: Manage additional Windows Update settings
description: In this article, learn about additional settings to control the behavior of Windows Update.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: mestew
ms.author: mstewart
@@ -9,6 +9,7 @@ manager: aaroncz
ms.topic: article
ms.collection: highpri
date: 09/22/2022
+ms.technology: itpro-updates
---
# Manage additional Windows Update settings
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index 9c3384d50d..5841a5e312 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -1,13 +1,14 @@
---
title: Configure Windows Update for Business by using CSPs and MDM
description: Walk-through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index e5027dfc14..a3167e3d42 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -1,15 +1,16 @@
---
title: Configure Windows Update for Business via Group Policy
description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
-ms.collection:
+ms.collection:
- m365initiative-coredeploy
- highpri
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Walkthrough: Use Group Policy to configure Windows Update for Business
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index ab6cf4079f..f8248744ec 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -1,15 +1,16 @@
---
title: Windows as a service
-ms.prod: w10
+ms.prod: windows-client
ms.topic: landing-page
ms.manager: dougeby
author: aczechowski
ms.author: aaroncz
-description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization.
+description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization.
ms.reviewer:
manager: dougeby
ms.localizationpriority: high
ms.collection: M365-modern-desktop
+ms.technology: itpro-updates
---
# Windows as a service
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index abbfea815f..2ad9f97e62 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -1,7 +1,7 @@
---
-title: Windows Update error code list by component
+title: Windows Update error code list by component
description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
@@ -10,6 +10,7 @@ ms.date: 09/18/2018
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
+ms.technology: itpro-updates
---
# Windows Update error codes by component
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
deleted file mode 100644
index cf390b0f9a..0000000000
--- a/windows/deployment/update/windows-update-errors.md
+++ /dev/null
@@ -1,218 +0,0 @@
----
-title: Windows Update common errors and mitigation
-description: In this article, learn about some common issues you might experience with Windows Update, as well as steps to resolve them.
-ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
-ms.reviewer: kaushika
-ms.topic: troubleshooting
-ms.collection: highpri
----
-
-# Windows Update common errors and mitigation
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
-
-## 0x80242006
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again:
Rename the following folders to \*.BAK:
- %systemroot%\system32\catroot2
Type the following commands at a command prompt. Press ENTER after you type each command.
- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
- Ren %systemroot%\SoftwareDistribution\Download \*.bak
- Ren %systemroot%\system32\catroot2 \*.bak |
-
-## 0x80070BC9
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
-
-## 0x80200053
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.|
-
-## 0x80072EFD or 0x80072EFE or 0x80D02002
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs.
Take a network monitor trace to understand better. \
For more information to resolve the issue, review [KB920659](/troubleshoot/windows-server/deployment/wsus-selfupdate-not-send-automatic-updates). |
-
-## 0x80244007
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of `WU_E_PT_SOAP_*` error codes. | This issue occurs because Windows can't renew the cookies for Windows Update.
For more information to resolve the issue, see [0x80244007 error when Windows tries to scan for updates on a WSUS server](https://support.microsoft.com/topic/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-server-6af342d9-9af6-f3bb-b6ad-2be56bf7826e). |
-
-## 0x80070422
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running. |
-
-## 0x800f0821
-
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
-
-## 0x800f0825
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. |
-
-## 0x800F0920
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
-
-## 0x800f081f
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. |
-
-## 0x800f0831
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component Store. | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. |
-
-## 0x80070005
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.
Go to %Windir%\logs\CBS, open the last CBS.log and search for ", error" and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be access denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
-
-## 0x80070570
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device.|
-
-
-## 0x80070003
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for `, error`. Then match the results with the timestamp. |
-
-
-## 0x80070020
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus.
1. [Perform a clean boot and retry the installation](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd)
2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon).
3. Run Procmon.exe. It will start data capture automatically.
4. Install the update package again
5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture.
6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file
7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error
8. In Process Monitor, filter for path and insert the file name (it should be something like "path" "contains" "filename from CBS").
9. Try to stop it or uninstall the process causing the error. |
-
-## 0x80073701
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. |
-
-## 0x8007371b
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. |
-
-## 0x80072EFE
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.
From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE*
Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure you're using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
-
-## 0x80072F8F
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392).
-
-## 0x80072EE2
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/troubleshoot/mem/configmgr/troubleshoot-software-update-scan-failures).
If you're using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
`http://windowsupdate.microsoft.com`
`https://*.windowsupdate.microsoft.com`
`https://update.microsoft.com`
`https://*.update.microsoft.com`
`https://windowsupdate.com`
`https://*.windowsupdate.com`
`https://download.windowsupdate.com`
`https://*.download.windowsupdate.com`
`https://download.microsoft.com`
`https://*.download.windowsupdate.com`
`https://wustat.windows.com`
`https://*.wustat.windows.com`
`https://ntservicepack.microsoft.com` |
-
-## 0x80240022
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
-
-## 0x8024401B
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error.
Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN.
Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
-
-
-## 0x80244022
-
-| Message | Description | Mitigation |
-|---------|-------------|------------|
-| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 1bb5ed3c64..b6b6d5fe17 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,13 +1,14 @@
---
-title: Windows Update log files
+title: Windows Update log files
description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.topic: article
ms.custom: seo-marvel-apr2020
ms.collection: highpri
+ms.technology: itpro-updates
---
# Windows Update log files
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index e29fa96bf5..223d10783e 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -1,12 +1,13 @@
---
-title: Get started with Windows Update
+title: Get started with Windows Update
description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.date: 09/18/2018
ms.topic: article
+ms.technology: itpro-updates
---
# Get started with Windows Update
@@ -20,9 +21,9 @@ Use the following information to get started with Windows Update:
- Understand the UUP architecture
- Understand [how Windows Update works](how-windows-update-works.md)
- Find [Windows Update log files](windows-update-logs.md)
-- Learn how to [troubleshoot Windows Update](windows-update-troubleshooting.md)
-- Review [common Windows Update errors](windows-update-errors.md) and check out the [error code reference](windows-update-error-reference.md)
-- Review [other resources](windows-update-resources.md) to help you use Windows Update
+- Learn how to [troubleshoot Windows Update](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json)
+- Review [common Windows Update errors](/troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) and check out the [error code reference](windows-update-error-reference.md)
+- Review [other resources](/troubleshoot/windows-client/deployment/additional-resources-for-windows-update) to help you use Windows Update
- Review [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) section of Microsoft Blogs.
## Unified Update Platform (UUP) architecture
diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md
deleted file mode 100644
index 27de13d4fa..0000000000
--- a/windows/deployment/update/windows-update-resources.md
+++ /dev/null
@@ -1,153 +0,0 @@
----
-title: Windows Update - Additional resources
-description: In this article, learn details about to troubleshooting WSUS and resetting Windows Update components manually.
-ms.prod: w10
-ms.localizationpriority: medium
-manager: dougeby
-ms.topic: article
-ms.author: aaroncz
-author: aczechowski
-ms.collection: highpri
----
-
-# Windows Update - additional resources
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
-> [!NOTE]
-> Windows Server 2016 supports policies available in Windows 10, version 1607. Windows Server 2019 supports policies available in Windows 10, version 1809.
-
-
-The following resources provide additional information about using Windows Update.
-
-## WSUS Troubleshooting
-
-[Troubleshooting issues with WSUS client agents](/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents)
-
-[How to troubleshoot WSUS](/troubleshoot/mem/configmgr/troubleshoot-wsus-connection-failures)
-
-[Error 80244007 when WSUS client scans for updates](/troubleshoot/mem/configmgr/error-80244007-when-wsus-client-scans-updates)
-
-[Updates may not be installed with Fast Startup in Windows 10](/troubleshoot/windows-client/deployment/updates-not-install-with-fast-startup)
-
-## How do I reset Windows Update components?
-
-- Try using the [Windows Update Troubleshooter](https://support.microsoft.com/windows/windows-update-troubleshooter-for-windows-10-19bc41ca-ad72-ae67-af3c-89ce169755dd), which will analyze the situation and reset any components that need it.
-- Try the steps in [Troubleshoot problems updating Windows 10](https://support.microsoft.com/windows/troubleshoot-problems-updating-windows-10-188c2b0f-10a7-d72f-65b8-32d177eb136c).
-- Try the steps in [Fix Windows Update](https://support.microsoft.com/sbs/windows/fix-windows-update-errors-18b693b5-7818-5825-8a7e-2a4a37d6d787) errors.
-
-If all else fails, try resetting the Windows Update Agent by running these commands from an elevated command prompt:
-
- ``` console
- net stop wuauserv
- rd /s /q %systemroot%\SoftwareDistribution
- net start wuauserv
- ```
-
-
-## Reset Windows Update components manually
-
-1. Open a Windows command prompt. To open a command prompt, click **Start > Run**. Copy and paste (or type) the following command and then press ENTER:
- ``` console
- cmd
- ```
-2. Stop the **BITS service**, the **Windows Update service** and the **Cryptographic service**. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- ``` console
- net stop bits
- net stop wuauserv
- net stop cryptsvc
- ```
-3. Delete the **qmgr\*.dat** files. To do this, type the following command at a command prompt, and then press ENTER:
- ``` console
- Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
- ```
-4. If this is your first attempt at resolving your Windows Update issues by using the steps in this article, go to step 5 without carrying out the steps in step 4. The steps in step 4 should only be performed at this point in the troubleshooting if you cannot resolve your Windows Update issues after following all steps but step 4. The steps in step 4 are also performed by the "Aggressive" mode of the Fix it Solution above.
- 1. Rename the following folders to *.BAK:
- ``` console
- %Systemroot%\SoftwareDistribution\DataStore
- %Systemroot%\SoftwareDistribution\Download
- %Systemroot%\System32\catroot2
- ```
- To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- ``` console
- Ren %Systemroot%\SoftwareDistribution\DataStore DataStore.bak
- Ren %Systemroot%\SoftwareDistribution\Download Download.bak
- Ren %Systemroot%\System32\catroot2 catroot2.bak
- ```
-
- > [!IMPORTANT]
- > The **reset** step below using sc.exe will **overwrite** your existing security ACLs on the BITS and Windows Update service and set them to default. Skip this step unless the other steps to reset Windows Update components have not resolved the issue.
-
- 2. Reset the **BITS service** and the **Windows Update service** to the default security descriptor. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- ``` console
- sc.exe sdset bits D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
- sc.exe sdset wuauserv D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
- ```
-5. Type the following command at a command prompt, and then press ENTER:
- ``` console
- cd /d %windir%\system32
- ```
-6. Reregister the **BITS** files and the **Windows Update** files. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
-
- ``` console
- regsvr32.exe atl.dll
- regsvr32.exe urlmon.dll
- regsvr32.exe mshtml.dll
- regsvr32.exe shdocvw.dll
- regsvr32.exe browseui.dll
- regsvr32.exe jscript.dll
- regsvr32.exe vbscript.dll
- regsvr32.exe scrrun.dll
- regsvr32.exe msxml.dll
- regsvr32.exe msxml3.dll
- regsvr32.exe msxml6.dll
- regsvr32.exe actxprxy.dll
- regsvr32.exe softpub.dll
- regsvr32.exe wintrust.dll
- regsvr32.exe dssenh.dll
- regsvr32.exe rsaenh.dll
- regsvr32.exe gpkcsp.dll
- regsvr32.exe sccbase.dll
- regsvr32.exe slbcsp.dll
- regsvr32.exe cryptdlg.dll
- regsvr32.exe oleaut32.dll
- regsvr32.exe ole32.dll
- regsvr32.exe shell32.dll
- regsvr32.exe initpki.dll
- regsvr32.exe wuapi.dll
- regsvr32.exe wuaueng.dll
- regsvr32.exe wuaueng1.dll
- regsvr32.exe wucltui.dll
- regsvr32.exe wups.dll
- regsvr32.exe wups2.dll
- regsvr32.exe wuweb.dll
- regsvr32.exe qmgr.dll
- regsvr32.exe qmgrprxy.dll
- regsvr32.exe wucltux.dll
- regsvr32.exe muweb.dll
- regsvr32.exe wuwebv.dll
- ```
-
-7. Reset **Winsock**. To do this, type the following command at a command prompt, and then press ENTER:
- ``` console
- netsh winsock reset
- ```
-8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:
- ``` console
- proxycfg.exe -d
- ```
-9. Restart the **BITS service**, the **Windows Update service** and the **Cryptographic service**. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- ``` console
- net start bits
- net start wuauserv
- net start cryptsvc
- ```
-10. If you are running Windows Vista or Windows Server 2008, clear the **BITS** queue. To do this, type the following command at a command prompt, and then press ENTER:
- ``` console
- bitsadmin.exe /reset /allusers
- ```
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
deleted file mode 100644
index ae44dc478a..0000000000
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ /dev/null
@@ -1,248 +0,0 @@
----
-title: Windows Update troubleshooting
-description: Learn about troubleshooting Windows Update, issues related to HTTP/Proxy, and why some features are offered and others aren't.
-ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
-ms.topic: article
-ms.custom: seo-marvel-apr2020
-ms.collection: highpri
----
-
-# Windows Update troubleshooting
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
Also, verify that the package that you are installing matches the processor architecture of the Windows version that you are using. For example, an x86-based update cannot be installed on x64-based installations of Windows. |
-|Missing prerequisite update|Some updates require a prerequisite update before they can be applied to a system. If you are missing a prerequisite update, you may encounter this error message. For example, KB 2919355 must be installed on Windows 8.1 and Windows Server 2012 R2 computers before many of the updates that were released after April 2014 can be installed.|Check the related articles about the package in the Microsoft Knowledge Base (KB) to make sure that you have the prerequisite updates installed. For example, if you encounter the error message on Windows 8.1 or Windows Server 2012 R2, you may have to install the April 2014 update 2919355 as a prerequisite and one or more pre-requisite servicing updates (KB 2919442 and KB 3173424).
To determine if these prerequisite updates are installed, run the following PowerShell command:
`get-hotfix KB3173424,KB2919355, KB2919442`.
If the updates are installed, the command will return the installed date in the `InstalledOn` section of the output.
-
-## Issues related to firewall configuration
-Error that you might see in Windows Update logs:
-```console
-DownloadManager Error 0x800706d9 occurred while downloading update; notifying dependent calls.
-```
-Or
-```console
-[DownloadManager] BITS job {A4AC06DD-D6E6-4420-8720-7407734FDAF2} hit a transient error, updateId = {D053C08A-6250-4C43-A111-56C5198FE142}.200
-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.
- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) |
-|- Name: DCat Flighting Prod
- OffersWindowsUpdates: True |- Starting with Windows 10, version 1709, feature updates are always delivered through the DCAT service.
- Indicates that the client is configured to receive feature updates from Windows Update. |
-|- Name: Windows Store (DCat Prod)
- OffersWindowsUpdates: False |-The update source is Insider Updates for Store Apps.
- Indicates that the client will not receive or is not configured to receive these updates.|
-|- Name: Windows Server Update Service
- OffersWindowsUpdates: True |- The source is a Windows Server Updates Services server.
- The client is configured to receive updates from WSUS. |
-|- Name: Windows Update
- OffersWindowsUpdates: True|- The source is Windows Update.
- The client is configured to receive updates from Windows Update Online.|
-
-## You have a bad setup in the environment
-In this example, per the Group Policy set through registry, the system is configured to use WSUS to download updates (note the second line):
-
-```console
-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
-"UseWUServer"=dword:00000001
-```
-
-From Windows Update logs:
-```console
-2018-08-06 09:33:31:085 480 1118 Agent ** START ** Agent: Finding updates [CallerId = OperationalInsight Id = 49]
-2018-08-06 09:33:31:085 480 1118 Agent *********
-2018-08-06 09:33:31:085 480 1118 Agent * Include potentially superseded updates
-2018-08-06 09:33:31:085 480 1118 Agent * Online = No; Ignore download priority = No
-2018-08-06 09:33:31:085 480 1118 Agent * Criteria = "IsHidden = 0 AND DeploymentAction=*"
-2018-08-06 09:33:31:085 480 1118 Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
-2018-08-06 09:33:31:085 480 1118 Agent * Search Scope = {Machine}
-2018-08-06 09:33:32:554 480 1118 Agent * Found 83 updates and 83 categories in search; evaluated appl. rules of 517 out of 1473 deployed entities
-2018-08-06 09:33:32:554 480 1118 Agent *********
-2018-08-06 09:33:32:554 480 1118 Agent ** END ** Agent: Finding updates [CallerId = OperationalInsight Id = 49]
-```
-
-In the above log snippet, we see that the `Criteria = "IsHidden = 0 AND DeploymentAction=*"`. "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
-
-As shown in the following logs, automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.
-
-```console
-2018-08-06 10:58:45:992 480 5d8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]
-2018-08-06 10:58:45:992 480 5d8 Agent *********
-2018-08-06 10:58:45:992 480 5d8 Agent * Online = Yes; Ignore download priority = No
-2018-08-06 10:58:45:992 480 5d8 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
-
-2018-08-06 10:58:46:617 480 5d8 PT + SyncUpdates round trips: 2
-2018-08-06 10:58:47:383 480 5d8 Agent * Found 0 updates and 83 categories in search; evaluated appl. rules of 617 out of 1473 deployed entities
-2018-08-06 10:58:47:383 480 5d8 Agent Reporting status event with 0 installable, 83 installed, 0 installed pending, 0 failed and 0 downloaded updates
-2018-08-06 10:58:47:383 480 5d8 Agent *********
-2018-08-06 10:58:47:383 480 5d8 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]
-```
-
-## High bandwidth usage on Windows client by Windows Update
-Users might see that Windows is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components.
-
-The following group policies can help mitigate this situation:
-
-- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](https://gpsearch.azurewebsites.net/#4728) (Set to enabled)
-- Driver search: [Policy Specify search order for device driver source locations](https://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update")
-- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](https://gpsearch.azurewebsites.net/#10876) (Set to enabled)
-
-Other components that connect to the internet:
-
-- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](https://gpsearch.azurewebsites.net/#13362) (Set to disabled)
-- Consumer experiences: [Policy Turn off Microsoft consumer experiences](https://gpsearch.azurewebsites.net/#13329) (Set to enabled)
-- Background traffic from Windows apps: [Policy Let Windows apps run in the background](https://gpsearch.azurewebsites.net/#13571)
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 7fbbd8cecc..1d5e88dec2 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -2,13 +2,14 @@
title: Enforce compliance deadlines with policies in Windows Update for Business (Windows 10)
description: This article contains information on how to enforce compliance deadlines using Windows Update for Business.
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz
-ms.reviewer:
+ms.reviewer:
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Enforcing compliance deadlines for updates
diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
index 18627b1a76..90d20c5c8b 100644
--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@@ -1,15 +1,16 @@
---
title: Use Windows Update for Business and Windows Server Update Services (WSUS) together
-description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy.
-ms.prod: w10
+description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy.
+ms.prod: windows-client
author: arcarley
ms.localizationpriority: medium
ms.author: arcarley
-ms.collection:
+ms.collection:
- m365initiative-coredeploy
- highpri
manager: dougeby
ms.topic: article
+ms.technology: itpro-updates
---
# Use Windows Update for Business and WSUS together
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index 9571e99601..fd1e49a901 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -2,13 +2,14 @@
title: Log files and resolving upgrade errors
manager: dougeby
ms.author: aaroncz
-description: Learn how to interpret and analyze the log files that are generated during the Windows 10 upgrade process.
+description: Learn how to interpret and analyze the log files that are generated during the Windows 10 upgrade process.
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Log files
@@ -63,17 +64,17 @@ See the following example:
## Analyze log files
-The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
+The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to familiarize yourself with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes).
To analyze Windows Setup log files:
1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
-2. Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
+2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
3. Open the log file in a text editor, such as notepad.
-4. Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
5. To find the last occurrence of the result code:
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
deleted file mode 100644
index efd7119b31..0000000000
--- a/windows/deployment/upgrade/quick-fixes.md
+++ /dev/null
@@ -1,251 +0,0 @@
----
-title: Quick fixes - Windows IT Pro
-ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
-description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade.
-ms.custom: seo-marvel-apr2020
-ms.prod: w10
-author: aczechowski
-ms.localizationpriority: medium
-ms.topic: article
----
-
-# Quick fixes
-
-**Applies to**
-- Windows 10
-
->[!NOTE]
->This is a 100 level topic (basic).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10).
-
-The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times.
-
-> [!TIP]
-> You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis.
-
-## List of fixes
-
-1. Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware).
-
-2. Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive).
-
-3. Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter).
-
-4. Attempt to restore and repair system files. [More information](#repair-system-files).
-
-5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows).
-
-6. Temporarily uninstall non-Microsoft antivirus software. [More information](#uninstall-non-microsoft-antivirus-software).
-
-7. Uninstall all nonessential software. [More information](#uninstall-non-essential-software).
-
-8. Update firmware and drivers. [More information](#update-firmware-and-drivers).
-
-9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected).
-
-10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space).
-
-## Step by step instructions
-
-### Remove external hardware
-
-If the computer is portable and it is currently in a docking station, [undock the computer](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)).
-
-Unplug nonessential external hardware devices from the computer, such as:
-- Headphones
-- Joysticks
-- Printers
-- Plotters
-- Projectors
-- Scanners
-- Speakers
-- USB flash drives
-- Portable hard drives
-- Portable CD/DVD/Blu-ray drives
-- Microphones
-- Media card readers
-- Cameras/Webcams
-- Smart phones
-- Secondary monitors, keyboards, mice
-
-For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/help/4051300/windows-10-safely-remove-hardware)
-
-### Repair the system drive
-
-The system drive is the drive that contains the [system partition](/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive.
-
-To check and repair errors on the system drive:
-
-1. Click **Start**.
-
-2. Type **command**.
-
-3. Right-click **Command Prompt** and then left-click **Run as administrator**.
-
-4. If you are prompted by UAC, click **Yes**.
-
-5. Type **chkdsk /F** and press ENTER.
-
-6. When you are prompted to schedule a check the next time the system restarts, type **Y**.
-
-7. See the following example.
-
- ```console
- C:\WINDOWS\system32>chkdsk /F
- The type of the file system is NTFS.
- Cannot lock current drive.
-
- Chkdsk cannot run because the volume is in use by another
- process. Would you like to schedule this volume to be
- checked the next time the system restarts? (Y/N) Y
-
- This volume will be checked the next time the system restarts.
- ```
-
-8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive.
-
-### Windows Update Troubleshooter
-
-The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating.
-
-[Download the tool for Windows 10](https://aka.ms/wudiag).
-
-To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems.
-
-You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?"
-
-If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links.
-
-### Repair system files
-
-This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93).
-
-To check and repair system files:
-
-1. Click **Start**.
-
-2. Type **command**.
-
-3. Right-click **Command Prompt** and then left-click **Run as administrator**.
-
-4. If you are prompted by UAC, click **Yes**.
-
-5. Type **sfc /scannow** and press ENTER. See the following example:
-
- ```console
- C:\>sfc /scannow
-
- Beginning system scan. This process will take some time.
-
- Beginning verification phase of system scan.
- Verification 100% complete.
-
- Windows Resource Protection did not find any integrity violations.
- ```
-6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
-
- ```console
- C:\>DISM.exe /Online /Cleanup-image /Restorehealth
-
- Deployment Image Servicing and Management tool
- Version: 10.0.16299.15
-
- Image Version: 10.0.16299.309
-
- [==========================100.0%==========================] The restore operation completed successfully.
- The operation completed successfully.
-
- ```
- > [!NOTE]
- > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](/windows-hardware/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
-
-### Update Windows
-
-You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.
-
-The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated.
-
-Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows."
-
-Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above.
-
-Click **Start**, click power options, and then restart the computer.
-
-### Uninstall non-Microsoft antivirus software
-
-Use Windows Defender for protection during the upgrade.
-
-Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program.
-
-To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal.
-
-For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10).
-
-### Uninstall non-essential software
-
-Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help.
-
-If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it.
-
-To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software.
-
-### Update firmware and drivers
-
-Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed.
-
-Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](/surface/manage-surface-driver-and-firmware-updates).
-
-To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions.
-
-### Ensure that "Download and install updates" is selected
-
-When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example:
-
-
-
-### Verify disk space
-
-You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
-
-To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer.
-
-In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon.
-
-The amount of space available on the system drive will be displayed under the drive. See the following example:
-
-
-
-In the previous example, there is 703 GB of available free space on the system drive (C:).
-
-To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example:
-
-:::image type="content" alt-text="Disk cleanup." source="../images/cleanup.png":::
-
-For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space).
-
-When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version.
-
-### Open an elevated command prompt
-
-> [!TIP]
-> It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool.
-
-To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then click **Yes** to confirm the elevation prompt. Screenshots and other steps to open an elevated command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7).
-
-Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a directory in your PATH variable. These directories are automatically searched. Type **echo %PATH%** to see the directories in your PATH variable.
-
-Another option is to use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder.
-
-If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem.
-
-## Related topics
-
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
deleted file mode 100644
index a78d48368a..0000000000
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ /dev/null
@@ -1,188 +0,0 @@
----
-title: Resolution procedures - Windows IT Pro
-manager: dougeby
-ms.author: aaroncz
-description: Discover general troubleshooting procedures for dealing with 0xC1900101, the generic rollback code thrown when something goes wrong during a Windows 10 upgrade.
-ms.prod: w10
-author: aczechowski
-ms.localizationpriority: medium
-ms.topic: article
-ms.collection: highpri
----
-
-# Resolution procedures
-
-**Applies to**
-- Windows 10
-
-> [!NOTE]
-> This is a 200 level topic (moderate).
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-This topic provides some common causes and solutions that are associated with specific upgrade error codes. If a Windows 10 upgrade fails, you can write down the error code that is displayed, or find the error code in the Windows [Event Log](windows-error-reporting.md) or in the Windows Setup [log files](log-files.md) (ex: **setuperr.log**) and review the cause and solutions provided here. You should also try running the free [SetupDiag](setupdiag.md) tool provided by Microsoft, which can automatically find the reason for an upgrade failure.
-
-## 0xC1900101
-
-A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
-
-- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp,
-- Event logs: $Windows.~bt\Sources\Rollback\*.evtx
-- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log
-
-The device install log is helpful if rollback occurs during the sysprep operation (extend code 0x30018).
-
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.
-
-See the following general troubleshooting procedures associated with a result code of 0xC1900101:
-
-
-| Code | Mitigation | Cause |
-| :--- | :--- | :--- |
-| 0xC1900101 - 0x20004 | Uninstall antivirus applications.
Remove all unused SATA devices.
Remove all unused devices and drivers.
Update drivers and BIOS. | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation.
This is caused by out-of-date drivers. |
-| 0xC1900101 - 0x2000c | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
This is caused by out-of-date drivers |
-| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).
Update or uninstall the problem drivers. | A driver has caused an illegal operation.
Windows wasn't able to migrate the driver, resulting in a rollback of the operating system.
This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software.
This can also be caused by a hardware failure. |
-| 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
-| 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. |
-| 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example isn't representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Can't recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
Typically, there's a dump file for the crash to analyze. If you aren't equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. |
-| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)."
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade can't complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you can't uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. |
-
-## 0x800xxxxx
-
-Result codes that start with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and aren't unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
-
-See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
-
-| Code | Mitigation | Cause |
-| :--- | :--- | :--- |
-| 80040005 - 0x20007 | This error has more than one possible cause. Attempt [quick fixes](quick-fixes.md), and if not successful, [analyze log files](log-files.md#analyze-log-files) in order to determine the problem and solution. | An unspecified error occurred with a driver during the SafeOS phase. |
-| 0x80073BC3 - 0x20009
0x80070002 - 0x20009
0x80073B92 - 0x20009 | These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition. | The requested system device can't be found, there's a sharing violation, or there are multiple devices matching the identification criteria. |
-| 800704B8 - 0x3001A | Disable or uninstall non-Microsoft antivirus applications, disconnect all unnecessary devices, and perform a [clean boot](https://support.microsoft.com/kb/929135). | An extended error has occurred during the first boot phase. |
-| 8007042B - 0x4000D | [Analyze log files](log-files.md#analyze-log-files) in order to determine the file, application, or driver that isn't able to be migrated. Disconnect, update, remove, or replace the device or object. | The installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This issue can occur due to file system, application, or driver issues. |
-| 8007001F - 0x3000D | [Analyze log files](log-files.md#analyze-log-files) in order to determine the files or registry entries that are blocking data migration.
This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory.
**Note**: If a previous upgrade didn't complete, invalid profiles might exist in the **Windows.old\\Users** directory.
To repair this error, ensure that deleted accounts aren't still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.| The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation. |
-| 8007001F - 0x4000D | [Analyze log files](log-files.md#analyze-log-files) in order to determine the device that isn't functioning properly. Disconnect, update, or replace the device. | General failure, a device attached to the system isn't functioning. |
-| 8007042B - 0x4001E | This error has more than one possible cause. Attempt [quick fixes](quick-fixes.md), and if not successful, [analyze log files](log-files.md#analyze-log-files) in order to determine the problem and solution. | The installation failed during the second boot phase while attempting the PRE_OOBE operation. |
-
-## Other result codes
-
-|Error code|Cause|Mitigation|
-|--- |--- |--- |
-|0xC1800118|WSUS has downloaded content that it can't use due to a missing decryption key.|See [Steps to resolve error 0xC1800118](/archive/blogs/wsus/resolving-error-0xc1800118) for information.|
-|0xC1900200|Setup.exe has detected that the machine doesn't meet the minimum system requirements.|Ensure the system you're trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications) for information.|
-|0x80090011|A device driver error occurred during user data migration.|Contact your hardware vendor and get all the device drivers updated. It's recommended to have an active internet connection during upgrade process.
Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.|
-|0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.
0x80070070 - 0x50011
0x80070070 - 0x50012
0x80070070 - 0x60000|These errors indicate the computer doesn't have enough free space available to install the upgrade.|To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there isn't enough space, attempt to [free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
See the following topics in this article:
-- [Quick fixes](quick-fixes.md): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
+- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure.
-- [Troubleshooting upgrade errors](troubleshoot-upgrade-errors.md): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.
+- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.
- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows 10 upgrade.
-- [Upgrade error codes](upgrade-error-codes.md): \Level 400\ The components of an error code are explained.
- - [Result codes](upgrade-error-codes.md#result-codes): Information about result codes.
- - [Extend codes](upgrade-error-codes.md#extend-codes): Information about extend codes.
+- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
+ - [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.
+ - [Extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes): Information about extend codes.
- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting.
- [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described.
- [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example.
-- [Resolution procedures](resolution-procedures.md): \Level 200\ Causes and mitigation procedures associated with specific error codes.
- - [0xC1900101](resolution-procedures.md#0xc1900101): Information about the 0xC1900101 result code.
- - [0x800xxxxx](resolution-procedures.md#0x800xxxxx): Information about result codes that start with 0x800.
- - [Other result codes](resolution-procedures.md#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
- - [Other error codes](resolution-procedures.md#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
+- [Resolution procedures](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 200\ Causes and mitigation procedures associated with specific error codes.
+ - [0xC1900101](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0xc1900101): Information about the 0xC1900101 result code.
+ - [0x800xxxxx](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#0x800xxxxx): Information about result codes that start with 0x800.
+ - [Other result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
+ - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
- [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
## Related topics
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 641438bdd0..7dfd09f33f 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -4,11 +4,12 @@ manager: dougeby
ms.author: aaroncz
description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors.
ms.custom: seo-marvel-apr2020
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# SetupDiag
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md
index 78530d857f..93500ebda6 100644
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@@ -4,10 +4,11 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Download the Feedback Hub app, and then submit Windows 10 upgrade errors for diagnosis using feedback hub.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
+ms.technology: itpro-deploy
---
# Submit Windows 10 upgrade errors using Feedback Hub
diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
deleted file mode 100644
index 3498ee23fe..0000000000
--- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro
-manager: dougeby
-ms.author: aaroncz
-description: Understanding the Windows 10 upgrade process can help you troubleshoot errors when something goes wrong. Find out more with this guide.
-ms.prod: w10
-author: aczechowski
-ms.localizationpriority: medium
-ms.topic: article
----
-
-# Troubleshooting upgrade errors
-
-**Applies to**
-- Windows 10
-
-> [!NOTE]
-> This is a 300 level topic (moderately advanced).
-> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-
-OOBE = Out of box experience.
-WIM = Windows image (Microsoft)
-
-## Related topics
-
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-
[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
-
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md
deleted file mode 100644
index 6d09c5829a..0000000000
--- a/windows/deployment/upgrade/upgrade-error-codes.md
+++ /dev/null
@@ -1,146 +0,0 @@
----
-title: Upgrade error codes - Windows IT Pro
-manager: dougeby
-ms.author: aaroncz
-description: Understand the error codes that may come up if something goes wrong during the Windows 10 upgrade process.
-ms.prod: w10
-author: aczechowski
-ms.localizationpriority: medium
-ms.topic: article
-ms.collection: highpri
----
-
-# Upgrade error codes
-
-**Applies to**
-- Windows 10
-
->[!NOTE]
->This is a 400 level topic (advanced).
->
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
-
-If the upgrade process is not successful, Windows Setup will return two codes:
-
-1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error.
-2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.
-
-For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**.
-
-Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/kb/3159635) then only a result code might be returned.
-
->[!TIP]
->If you are unable to locate the result and extend error codes, you can attempt to find these codes using Event Viewer. For more information, see [Windows Error Reporting](windows-error-reporting.md).
-
-## Result codes
-
-A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article.
-
-The following set of result codes are associated with [Windows Setup](/windows-hardware/manufacture/desktop/windows-setup-command-line-options) compatibility warnings:
-
-| Result code | Message | Description |
-| --- | --- | --- |
-| 0xC1900210 | MOSETUP_E_COMPAT_SCANONLY | Setup did not find any compat issue |
-| 0xC1900208 | MOSETUP_E_COMPAT_INSTALLREQ_BLOCK | Setup found an actionable compat issue, such as an incompatible app |
-| 0xC1900204 | MOSETUP_E_COMPAT_MIGCHOICE_BLOCK | The migration choice selected is not available (ex: Enterprise to Home) |
-| 0xC1900200 | MOSETUP_E_COMPAT_SYSREQ_BLOCK | The computer is not eligible for Windows 10 |
-| 0xC190020E | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The computer does not have enough free space to install |
-
-A list of modern setup (mosetup) errors with descriptions in the range is available in the [Resolution procedures](resolution-procedures.md#modern-setup-errors) topic in this article.
-
-Other result codes can be matched to the specific type of error encountered. To match a result code to an error:
-
-1. Identify the error code type as either Win32 or NTSTATUS using the first hexadecimal digit:
-
**8** = Win32 error code (ex: 0x**8**0070070)
-
**C** = NTSTATUS value (ex: 0x**C**1900107)
-2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](/openspecs/windows_protocols/ms-erref/0642cb2f-2075-4469-918c-4441e69c548a) or the [NTSTATUS](/openspecs/windows_protocols/ms-erref/87fba13e-bf06-450e-83b1-9241dc81e781) structure. Other digits in the code identify things such as the device type that produced the error.
-3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links:
- - [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d)
- - [NTSTATUS value](/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55)
-
-Examples:
-- 0x80070070
- - Based on the "8" this is a Win32 error code
- - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) table
- - The error is: **ERROR_DISK_FULL**
-- 0xC1900107
- - Based on the "C" this is an NTSTATUS error code
- - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55) table
- - The error is: **STATUS_SOME_NOT_MAPPED**
-
-Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot.
-
-## Extend codes
-
->[!IMPORTANT]
->Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update.
-
-Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation:
-
-1. Use the first digit to identify the phase (ex: 0x4000D = 4).
-2. Use the last two digits to identify the operation (ex: 0x4000D = 0D).
-3. Match the phase and operation to values in the tables provided below.
-
-The following tables provide the corresponding phase and operation for values of an extend code:
-
-### Extend code: phase
-
-|Hex|Phase|
-|--- |--- |
-|0|SP_EXECUTION_UNKNOWN|
-|1|SP_EXECUTION_DOWNLEVEL|
-|2|SP_EXECUTION_SAFE_OS|
-|3|SP_EXECUTION_FIRST_BOOT|
-|4|SP_EXECUTION_OOBE_BOOT|
-|5|SP_EXECUTION_UNINSTALL|
-
-### Extend code: Operation
-
-|Hex|Operation|
-|--- |--- |
-|0|SP_EXECUTION_OP_UNKNOWN|
-|1|SP_EXECUTION_OP_COPY_PAYLOAD|
-|2|SP_EXECUTION_OP_DOWNLOAD_UPDATES|
-|3|SP_EXECUTION_OP_INSTALL_UPDATES|
-|4|SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT|
-|5|SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE|
-|6|SP_EXECUTION_OP_REPLICATE_OC|
-|7|SP_EXECUTION_OP_INSTALL_DRIVERS|
-|8|SP_EXECUTION_OP_PREPARE_SAFE_OS|
-|9|SP_EXECUTION_OP_PREPARE_ROLLBACK|
-|A|SP_EXECUTION_OP_PREPARE_FIRST_BOOT|
-|B|SP_EXECUTION_OP_PREPARE_OOBE_BOOT|
-|C|SP_EXECUTION_OP_APPLY_IMAGE|
-|D|SP_EXECUTION_OP_MIGRATE_DATA|
-|E|SP_EXECUTION_OP_SET_PRODUCT_KEY|
-|F|SP_EXECUTION_OP_ADD_UNATTEND|
-
-|Hex|Operation|
-|--- |--- |
-|10|SP_EXECUTION_OP_ADD_DRIVER|
-|11|SP_EXECUTION_OP_ENABLE_FEATURE|
-|12|SP_EXECUTION_OP_DISABLE_FEATURE|
-|13|SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS|
-|14|SP_EXECUTION_OP_REGISTER_SYNC_PROCESS|
-|15|SP_EXECUTION_OP_CREATE_FILE|
-|16|SP_EXECUTION_OP_CREATE_REGISTRY|
-|17|SP_EXECUTION_OP_BOOT|
-|18|SP_EXECUTION_OP_SYSPREP|
-|19|SP_EXECUTION_OP_OOBE|
-|1A|SP_EXECUTION_OP_BEGIN_FIRST_BOOT|
-|1B|SP_EXECUTION_OP_END_FIRST_BOOT|
-|1C|SP_EXECUTION_OP_BEGIN_OOBE_BOOT|
-|1D|SP_EXECUTION_OP_END_OOBE_BOOT|
-|1E|SP_EXECUTION_OP_PRE_OOBE|
-|1F|SP_EXECUTION_OP_POST_OOBE|
-|20|SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE|
-
-For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**).
-
-## Related topics
-
-[Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
-[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
-[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
-[Microsoft Windows Q & A](/answers/products/windows)
-[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 4ade882a85..b037fecf6c 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -3,11 +3,12 @@ title: Windows 10 edition upgrade (Windows 10)
description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Windows 10 edition upgrade
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 9bf1d82280..0123bb3b1e 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -3,11 +3,12 @@ title: Windows 10 upgrade paths (Windows 10)
manager: dougeby
ms.author: aaroncz
description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Windows 10 upgrade paths
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index c8f3986ed2..c5762be55a 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -4,10 +4,11 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows Error Reporting
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index d07d93a95c..72fded4619 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -4,9 +4,10 @@ description: Discover the Microsoft tools you can use to move files and settings
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Windows upgrade and migration considerations
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index bd09b57aab..816ce09308 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -4,9 +4,10 @@ description: Plan, collect, and prepare your source computer for migration using
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Getting Started with the User State Migration Tool (USMT)
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 1f3b261ab9..5814c465d8 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -4,10 +4,11 @@ description: Learn how to author a custom migration .xml file that migrates the
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Migrate Application Settings
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index 4ad81de369..aec69b1dd2 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -4,10 +4,11 @@ description: Learn about the migration store types and how to determine which mi
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Migration Store Types Overview
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 00215fe853..4e6416a3c3 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -4,10 +4,11 @@ description: Offline migration enables the ScanState tool to run inside a differ
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Offline Migration Reference
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index 01aac53236..a8500e179f 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -4,10 +4,11 @@ description: Learn how to modify the behavior of a basic User State Migration To
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Understanding Migration XML Files
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index ec06b1b5ab..20736f2108 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -5,10 +5,11 @@ ms.custom: seo-marvel-apr2020
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# USMT Best Practices
diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md
index 9b20c0385e..fb9d196086 100644
--- a/windows/deployment/usmt/usmt-choose-migration-store-type.md
+++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md
@@ -4,10 +4,11 @@ description: Learn how to choose a migration store type and estimate the amount
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Choose a Migration Store Type
diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md
index 95be767505..4ee45cbdca 100644
--- a/windows/deployment/usmt/usmt-command-line-syntax.md
+++ b/windows/deployment/usmt/usmt-command-line-syntax.md
@@ -4,10 +4,11 @@ description: Learn about the User State Migration Tool (USMT) command-line synta
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) Command-line Syntax
diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md
index ade22cbde7..32ab6268e2 100644
--- a/windows/deployment/usmt/usmt-common-issues.md
+++ b/windows/deployment/usmt/usmt-common-issues.md
@@ -4,10 +4,11 @@ description: Learn about common issues that you might see when you run the User
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.date: 09/19/2017
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Common Issues
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index 854bc6b73f..a7c5b2d143 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -4,10 +4,11 @@ description: See how the User State Migration Tool (USMT) 10.0 is used when pla
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Common Migration Scenarios
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index 63388ac85d..55ce65391a 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -4,10 +4,11 @@ description: Learn how the Config.xml file is an optional User State Migration T
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Config.xml File
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
index 2af6d73993..c14de7c5c9 100644
--- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md
+++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
@@ -4,10 +4,11 @@ description: In this article, learn how User State Migration Tool (USMT) 10.0 d
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Conflicts and Precedence
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index 1d0f8da736..5531154de7 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -4,9 +4,10 @@ description: Use custom XML examples to learn how to migrate an unsupported appl
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Custom XML Examples
diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md
index cc06b5e0ea..9092cef4af 100644
--- a/windows/deployment/usmt/usmt-customize-xml-files.md
+++ b/windows/deployment/usmt/usmt-customize-xml-files.md
@@ -4,10 +4,11 @@ description: Learn how to customize USMT XML files. Also, learn about the migrat
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Customize USMT XML Files
diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
index 19d8cf1875..5f9cda4b77 100644
--- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md
+++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
@@ -4,10 +4,11 @@ description: Determine migration settings for standard or customized for the Use
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Determine What to Migrate
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index 16457cd210..28acdba266 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -4,10 +4,11 @@ description: Estimate the disk space requirement for a migration so that you can
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Estimate Migration Store Size
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index d3db14a398..22b7169df1 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -4,10 +4,11 @@ description: In this article, learn how to exclude files and settings when creat
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Exclude Files and Settings
diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
index 5d06760857..7d5909b79a 100644
--- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
@@ -4,10 +4,11 @@ description: In this article, learn how to extract files from a compressed User
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Extract Files from a Compressed USMT Migration Store
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 824ca75074..6ccaaa68cf 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -4,10 +4,11 @@ description: Learn about general XML guidelines and how to use XML helper functi
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# General Conventions
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index 8bcb20e216..5b98c857bf 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -4,10 +4,11 @@ description: Use of a hard-link migration store for a computer-refresh scenario
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Hard-Link Migration Store
diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md
index a2a9939439..37ea9bd0bc 100644
--- a/windows/deployment/usmt/usmt-how-it-works.md
+++ b/windows/deployment/usmt/usmt-how-it-works.md
@@ -4,9 +4,10 @@ description: Learn how USMT works and how it includes two tools that migrate set
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# How USMT Works
diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md
index c22457f303..673ccff26e 100644
--- a/windows/deployment/usmt/usmt-how-to.md
+++ b/windows/deployment/usmt/usmt-how-to.md
@@ -4,10 +4,11 @@ description: Reference the topics in this article to learn how to use User State
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) How-to topics
diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md
index d6287b456f..586733f45e 100644
--- a/windows/deployment/usmt/usmt-identify-application-settings.md
+++ b/windows/deployment/usmt/usmt-identify-application-settings.md
@@ -4,10 +4,11 @@ description: Identify which applications and settings you want to migrate before
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Identify Applications Settings
diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
index d3f89466ee..86e1f15aa7 100644
--- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
@@ -4,10 +4,11 @@ description: Learn how to identify the file types, files, folders, and settings
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Identify File Types, Files, and Folders
diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
index afea6979e6..71a553ad8f 100644
--- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md
+++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
@@ -4,10 +4,11 @@ description: Identify which system settings you want to migrate, then use the Us
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Identify Operating System Settings
diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md
index 294142210c..59be0df0d4 100644
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@@ -4,10 +4,11 @@ description: Learn how to identify users you plan to migrate, as well as how to
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.topic: article
ms.localizationpriority: medium
+ms.technology: itpro-deploy
---
# Identify Users
diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md
index 1ff3740fc6..c6ef4174e5 100644
--- a/windows/deployment/usmt/usmt-include-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-include-files-and-settings.md
@@ -4,10 +4,11 @@ description: Specify the migration .xml files you want, then use the User State
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Include Files and Settings
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index d019f64f93..ebd2d4e5ed 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -4,10 +4,11 @@ description: Learn about the syntax and usage of the command-line options availa
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# LoadState Syntax
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 37530b9f6c..86e3f5ec0b 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -4,10 +4,11 @@ description: Learn how to use User State Migration Tool (USMT) 10.0 logs to mon
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Log Files
diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
index 557a608926..f0a495a6f9 100644
--- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
@@ -4,10 +4,11 @@ description: Learn how to migrate Encrypting File System (EFS) certificates. Als
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Migrate EFS Files and Certificates
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index c5adc7c133..206ef57db5 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -4,10 +4,11 @@ description: Learn how to migrate user accounts and how to specify which users t
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Migrate User Accounts
diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md
index baff6e26b1..a5721b75b6 100644
--- a/windows/deployment/usmt/usmt-migration-store-encryption.md
+++ b/windows/deployment/usmt/usmt-migration-store-encryption.md
@@ -1,13 +1,14 @@
---
title: Migration Store Encryption (Windows 10)
-description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES).
+description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES).
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Migration Store Encryption
diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md
index 3b9eb9b707..ddecca1043 100644
--- a/windows/deployment/usmt/usmt-overview.md
+++ b/windows/deployment/usmt/usmt-overview.md
@@ -3,11 +3,12 @@ title: User State Migration Tool (USMT) Overview (Windows 10)
description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems.
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 10/16/2017
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) Overview
diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md
index 248b3645e1..d66afb281e 100644
--- a/windows/deployment/usmt/usmt-plan-your-migration.md
+++ b/windows/deployment/usmt/usmt-plan-your-migration.md
@@ -4,10 +4,11 @@ description: Learn how to your plan your migration carefully so your migration c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Plan Your Migration
diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md
index 621d54116b..bab5c90ed1 100644
--- a/windows/deployment/usmt/usmt-recognized-environment-variables.md
+++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md
@@ -3,11 +3,12 @@ title: Recognized Environment Variables (Windows 10)
description: Learn how to use environment variables to identify folders that may be different on different computers.
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Recognized Environment Variables
diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md
index 44228df5ef..f7a3cc1d14 100644
--- a/windows/deployment/usmt/usmt-reference.md
+++ b/windows/deployment/usmt/usmt-reference.md
@@ -4,10 +4,11 @@ description: Use this User State Migration Toolkit (USMT) article to learn detai
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# User State Migration Toolkit (USMT) Reference
diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md
index 36394f875a..d0cc3d2e50 100644
--- a/windows/deployment/usmt/usmt-requirements.md
+++ b/windows/deployment/usmt/usmt-requirements.md
@@ -4,10 +4,11 @@ description: While the User State Migration Tool (USMT) doesn't have many requir
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 05/03/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# USMT Requirements
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index 526e988ace..c059c077b9 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -4,10 +4,11 @@ description: Learn how to create a custom .xml file and specify this file name o
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Reroute Files and Settings
diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md
index c0384baa68..4ce47e1590 100644
--- a/windows/deployment/usmt/usmt-resources.md
+++ b/windows/deployment/usmt/usmt-resources.md
@@ -4,10 +4,11 @@ description: Learn about User State Migration Tool (USMT) online resources, incl
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# USMT Resources
diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md
index 108dc532c1..551ed21158 100644
--- a/windows/deployment/usmt/usmt-return-codes.md
+++ b/windows/deployment/usmt/usmt-return-codes.md
@@ -4,10 +4,11 @@ description: Learn about User State Migration Tool (USMT) 10.0 return codes and
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Return Codes
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index 816652d904..88a99b7a43 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -4,10 +4,11 @@ description: The ScanState command is used with the User State Migration Tool (U
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# ScanState Syntax
diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md
index eb4cd7306c..e28e3bc9ca 100644
--- a/windows/deployment/usmt/usmt-technical-reference.md
+++ b/windows/deployment/usmt/usmt-technical-reference.md
@@ -4,11 +4,12 @@ description: The User State Migration Tool (USMT) provides a highly customizable
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) Technical Reference
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index 928a7307d9..6406cfc2c4 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -1,13 +1,14 @@
---
title: Test Your Migration (Windows 10)
-description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization.
+description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Test Your Migration
diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md
index 65146dd2ac..e3a456a033 100644
--- a/windows/deployment/usmt/usmt-topics.md
+++ b/windows/deployment/usmt/usmt-topics.md
@@ -4,10 +4,11 @@ description: Learn about User State Migration Tool (USMT) overview topics that d
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) Overview Topics
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index 78dbd791cf..e3b1162419 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -4,10 +4,11 @@ description: Learn about topics that address common User State Migration Tool (U
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# User State Migration Tool (USMT) Troubleshooting
diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md
index 158700b4ee..feac03f881 100644
--- a/windows/deployment/usmt/usmt-utilities.md
+++ b/windows/deployment/usmt/usmt-utilities.md
@@ -4,10 +4,11 @@ description: Learn about the syntax for the utilities available in User State Mi
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# UsmtUtils Syntax
diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
index f61a77dc08..92b200dc38 100644
--- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
+++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
@@ -4,10 +4,11 @@ description: Learn how User State Migration Tool (USMT) 10.0 is designed so tha
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 09/12/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# What does USMT migrate?
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index 8a5c5bd2f7..5537ec22e6 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -4,10 +4,11 @@ description: Learn about the XML elements and helper functions that you can empl
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# XML Elements Library
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index eaad60c807..aed31c7e9a 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -4,10 +4,11 @@ description: Learn about working with and customizing the migration XML files us
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# USMT XML Reference
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index a6ad05ad42..cac669786b 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -4,10 +4,11 @@ description: Use these tips and tricks to verify the condition of a compressed m
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# Verify the Condition of a Compressed Migration Store
diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md
index 9fa7659525..b080e87c2b 100644
--- a/windows/deployment/usmt/xml-file-requirements.md
+++ b/windows/deployment/usmt/xml-file-requirements.md
@@ -4,10 +4,11 @@ description: Learn about the XML file requirements for creating custom .xml file
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/19/2017
ms.topic: article
+ms.technology: itpro-deploy
---
# XML File Requirements
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
index 8b4201322d..5b7165a017 100644
--- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
@@ -4,10 +4,11 @@ description: Learn how to use the Volume Activation Management Tool (VAMT) Activ
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Activate by Proxy an Active Directory Forest
diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md
index 3cbecb7694..c390b22fe3 100644
--- a/windows/deployment/volume-activation/activate-forest-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-vamt.md
@@ -4,10 +4,11 @@ description: Use the Volume Activation Management Tool (VAMT) Active Directory-B
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Activate an Active Directory Forest Online
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 8dc4f7f75d..2c413491c3 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -5,7 +5,7 @@ manager: dougeby
author: aczechowski
ms.author: aaroncz
ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.technology: itpro-fundamentals
ms.localizationpriority: medium
ms.date: 09/16/2022
ms.topic: how-to
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index 8c64ff18da..6fdacc0acb 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -3,12 +3,13 @@ title: Activate using Key Management Service (Windows 10)
manager: dougeby
ms.author: aaroncz
description: How to activate using Key Management Service in Windows 10.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 10/16/2017
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-fundamentals
---
# Activate using Key Management Service
diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
index 4c3a45ae2e..36d3961a3f 100644
--- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
@@ -4,11 +4,12 @@ description: After you have configured Key Management Service (KMS) or Active Di
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Activate clients running Windows 10
diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
index 9e64bfc93f..3b0a290815 100644
--- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md
+++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
@@ -4,10 +4,11 @@ description: Enable your enterprise to activate its computers through a connecti
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 12/07/2018
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Active Directory-Based Activation overview
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d177646453..5250a833f9 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -4,10 +4,11 @@ description: Add client computers into the Volume Activation Management Tool (VA
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Add and Manage Products
diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md
index b5ddea11f7..66868c46dd 100644
--- a/windows/deployment/volume-activation/add-remove-computers-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md
@@ -4,10 +4,11 @@ description: The Discover products function on the Volume Activation Management
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Add and Remove Computers
diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
index c628b7e30b..d096546643 100644
--- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
@@ -4,10 +4,11 @@ description: Add a product key to the Volume Activation Management Tool (VAMT) d
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Add and Remove a Product Key
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index e47aaec9e7..d478a5e6fc 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
author: aczechowski
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-fundamentals
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index 6893932b20..a1335da901 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -5,9 +5,10 @@ ms.reviewer:
manager: dougeby
author: aczechowski
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/30/2020
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Configure Client Computers
diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md
index 1e89cb087d..8f83af6335 100644
--- a/windows/deployment/volume-activation/import-export-vamt-data.md
+++ b/windows/deployment/volume-activation/import-export-vamt-data.md
@@ -4,8 +4,8 @@ description: Learn how to use the VAMT to import product-activation data from a
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-fundamentals
author: aczechowski
ms.date: 05/02/2022
ms.topic: how-to
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index 2a0db88665..4b1b5ca520 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -4,11 +4,12 @@ description: Learn how to install and configure the Volume Activation Management
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Install and Configure VAMT
diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
index e00654d103..2039634198 100644
--- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md
+++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
@@ -4,11 +4,12 @@ description: Learn to use the Volume Activation Management Tool (VAMT) to instal
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Install a KMS Client Key
diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md
index 1c7b394ef5..c96c711355 100644
--- a/windows/deployment/volume-activation/install-product-key-vamt.md
+++ b/windows/deployment/volume-activation/install-product-key-vamt.md
@@ -4,11 +4,12 @@ description: Learn to use the Volume Activation Management Tool (VAMT) to instal
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Install a Product Key
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 18f56fb621..178c901b4e 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -3,12 +3,13 @@ title: Install VAMT (Windows 10)
description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 03/11/2019
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-fundamentals
---
# Install VAMT
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index e8e03b1772..35011f3cea 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.technology: itpro-fundamentals
author: aczechowski
ms.date: 09/16/2022
ms.topic: overview
diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md
index e3ae850a19..c6c284ccb9 100644
--- a/windows/deployment/volume-activation/kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/kms-activation-vamt.md
@@ -1,13 +1,14 @@
---
title: Perform KMS Activation (Windows 10)
-description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
+description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Perform KMS Activation
diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md
index 10efe983e0..64aa4ddfb2 100644
--- a/windows/deployment/volume-activation/local-reactivation-vamt.md
+++ b/windows/deployment/volume-activation/local-reactivation-vamt.md
@@ -4,10 +4,11 @@ description: An initially activated a computer using scenarios like MAK, retail,
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Perform Local Reactivation
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index e70082002b..ce146804af 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -4,10 +4,11 @@ description: Learn how to manage activations and how to activate a client comput
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Manage Activations
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index c39474fcff..474f83d10d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -4,10 +4,11 @@ description: In this article, learn how to add and remove a product key from the
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Manage Product Keys
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 298f4300e6..39a1737116 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -4,10 +4,11 @@ description: Learn how to save, import, export, and merge a Computer Information
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Manage VAMT Data
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 7f73814284..94cdf4e1e9 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -4,10 +4,11 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: Understand the most common methods to monitor the success of the activation process for a computer running Windows.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Monitor activation
diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md
index 27b477d92d..18ded873b5 100644
--- a/windows/deployment/volume-activation/online-activation-vamt.md
+++ b/windows/deployment/volume-activation/online-activation-vamt.md
@@ -4,10 +4,11 @@ description: Learn how to use the Volume Activation Management Tool (VAMT) to en
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Perform Online Activation
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index 899939d263..5fe9d182fa 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -4,10 +4,11 @@ description: Product activation is the process of validating software with the m
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Plan for volume activation
diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md
index fd612a7f9b..587efce773 100644
--- a/windows/deployment/volume-activation/proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/proxy-activation-vamt.md
@@ -4,10 +4,11 @@ description: Perform proxy activation by using the Volume Activation Management
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Perform Proxy Activation
diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md
index fb4282d3ac..e0fa9fe778 100644
--- a/windows/deployment/volume-activation/remove-products-vamt.md
+++ b/windows/deployment/volume-activation/remove-products-vamt.md
@@ -4,10 +4,11 @@ description: Learn how you must delete products from the product list view so yo
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Remove Products
diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
index d7635a95d0..6f92b8bdbb 100644
--- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
@@ -4,10 +4,11 @@ description: Learn how to use the Volume Activation Management Tool (VAMT) to ac
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Scenario 3: KMS Client Activation
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 93960a399c..0456ed2993 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -4,10 +4,11 @@ description: Achieve network access by deploying the Volume Activation Managemen
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Scenario 1: Online Activation
diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
index 0bf79390db..d66678367b 100644
--- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
@@ -4,10 +4,11 @@ description: Use the Volume Activation Management Tool (VAMT) to activate produc
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Scenario 2: Proxy Activation
diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md
index 69fd4f603b..dfd7e456e7 100644
--- a/windows/deployment/volume-activation/update-product-status-vamt.md
+++ b/windows/deployment/volume-activation/update-product-status-vamt.md
@@ -4,10 +4,11 @@ description: Learn how to use the Update license status function to add the prod
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Update Product Status
diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
index d330d9c58c..96270a5500 100644
--- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
+++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
@@ -4,11 +4,12 @@ description: The Volume Activation Management Tool (VAMT) provides several usefu
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Use the Volume Activation Management Tool
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 1bb0fe7458..ce68f48784 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -4,10 +4,11 @@ description: Learn how to use Volume Activation Management Tool (VAMT) PowerShel
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Use VAMT in Windows PowerShell
diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md
index 3b40e5ba6c..1e02f26440 100644
--- a/windows/deployment/volume-activation/vamt-known-issues.md
+++ b/windows/deployment/volume-activation/vamt-known-issues.md
@@ -4,13 +4,14 @@ description: Find out the current known issues with the Volume Activation Manage
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 12/17/2019
ms.topic: article
ms.custom:
-- CI 111496
-- CSSTroubleshooting
+ - CI 111496
+ - CSSTroubleshooting
+ms.technology: itpro-fundamentals
---
# VAMT known issues
diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md
index 7866a50e98..736a7d6b84 100644
--- a/windows/deployment/volume-activation/vamt-requirements.md
+++ b/windows/deployment/volume-activation/vamt-requirements.md
@@ -4,10 +4,11 @@ description: In this article, learn about the product key and system requieremen
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# VAMT Requirements
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index 96e2238db0..1c161bf9b5 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -4,10 +4,11 @@ description: Learn step-by-step instructions on implementing the Volume Activati
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.date: 04/25/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# VAMT Step-by-Step Scenarios
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index fd360dd5f2..ea4128093d 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -4,7 +4,7 @@ description: The Volume Activation Management Tool (VAMT) enables network admini
manager: dougeby
ms.author: aaroncz
ms.prod: windows-client
-ms.technology: itpro-deploy
+ms.technology: itpro-fundamentals
author: aczechowski
ms.date: 09/16/2022
ms.topic: overview
diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md
index c255592df6..c97a874ef7 100644
--- a/windows/deployment/volume-activation/volume-activation-windows-10.md
+++ b/windows/deployment/volume-activation/volume-activation-windows-10.md
@@ -4,11 +4,12 @@ description: Learn how to use volume activation to deploy & activate Windows 10.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
+ms.technology: itpro-fundamentals
---
# Volume Activation for Windows 10
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 3476d250c5..253bb60fb0 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -1,7 +1,7 @@
---
title: Windows Deployment Services (WDS) boot.wim support
description: This article provides details on the support capabilities of WDS for end to end operating system deployment.
-ms.prod: w11
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index 654f40c28a..b207bbdc1c 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -4,7 +4,7 @@ description: Understand the different ways Windows 10 operating system can be de
manager: dougeby
ms.author: aaroncz
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
index e135d2415d..851a06f37f 100644
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ b/windows/deployment/windows-10-deployment-tools-reference.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/12/2017
ms.topic: article
---
diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md
index a37d1cd3d0..c9c6ba633a 100644
--- a/windows/deployment/windows-10-deployment-tools.md
+++ b/windows/deployment/windows-10-deployment-tools.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 10/16/2017
ms.topic: article
---
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 69e99173d4..a9e3f18aab 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,13 +1,13 @@
---
title: Windows 10/11 Enterprise E3 in CSP
description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 09/28/2021
author: aczechowski
ms.author: aaroncz
manager: dougeby
-ms.collection:
+ms.collection:
- M365-modern-desktop
- highpri
ms.topic: article
diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md
index 7740f7c09f..d38bff330b 100644
--- a/windows/deployment/windows-10-media.md
+++ b/windows/deployment/windows-10-media.md
@@ -1,7 +1,7 @@
---
title: Windows 10 volume license media
description: Learn about volume license media in Windows 10, and channels such as the Volume License Service Center (VLSC).
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 10/20/2017
ms.reviewer:
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 920d673e67..0690f6af03 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -1,7 +1,7 @@
---
title: How to install fonts missing after upgrading to Windows client
description: Some of the fonts are missing from the system after you upgrade to Windows client.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
@@ -15,11 +15,11 @@ ms.topic: article
- Windows 10
- Windows 11
-When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10 or Windows 11, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows client. If you install a fresh instance of Windows client, or upgrade an older version of Windows to Windows client, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
+When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10 or Windows 11, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows client. If you install a fresh instance of Windows client, or upgrade an older version of Windows to Windows client, these optional features aren't enabled by default. As a result, these fonts appear to be missing from the system.
If you have documents created using the missing fonts, these documents might display differently on Windows client.
-For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
+For example, if you've an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
- Gautami
- Meiryo
@@ -36,7 +36,7 @@ If you want to use these fonts, you can enable the optional feature to add them
## Installing language-associated features via language settings:
-If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. Use the Settings app.
+If you want to use the fonts from the optional feature and you know that you'll want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. Use the Settings app.
For example, here are the steps to install the fonts associated with the Hebrew language:
@@ -44,11 +44,11 @@ For example, here are the steps to install the fonts associated with the Hebrew
2. In **Settings**, select **Time & language**, and then select **Region & language**.
-3. If Hebrew is not included in the list of languages, select the plus sign (**+**) to add a language.
+3. If Hebrew isn't included in the list of languages, select the plus sign (**+**) to add a language.
4. Find **Hebrew**, and then select it to add it to your language list.
-Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This process should only take a few minutes.
+Once you've added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This process should only take a few minutes.
> [!NOTE]
> The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
@@ -72,7 +72,7 @@ For example, here are the steps to install the fonts associated with the Hebrew
## Fonts included in optional font features
-Here is a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles.
+Here's a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles.
- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting
- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index fda363bfff..142696d943 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -1,7 +1,7 @@
---
title: Step by step - Deploy Windows 10 in a test lab using MDT
description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT).
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 10/11/2017
ms.reviewer:
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index 5e58c2a014..fcea96b6fa 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,8 +1,8 @@
---
title: Steps to deploy Windows 10 with Configuration Manager
description: Learn how to deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager.
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-deploy
ms.localizationpriority: medium
ms.reviewer:
manager: dougeby
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index f69d28d3bf..7b1a9e7024 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
author: aczechowski
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-deploy
ms.localizationpriority: medium
ms.topic: tutorial
ms.date: 05/12/2022
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
index 8b30ea5825..46a6d090b9 100644
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ b/windows/deployment/windows-10-pro-in-s-mode.md
@@ -5,8 +5,8 @@ author: aczechowski
ms.author: aaroncz
manager: dougeby
ms.localizationpriority: medium
-ms.prod: w10
-ms.collection:
+ms.prod: windows-client
+ms.collection:
- M365-modern-desktop
- highpri
ms.topic: article
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index e59eefbb34..05ff88d8e8 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -7,16 +7,16 @@ ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: dougeby
-ms.collection:
+ms.collection:
- M365-modern-desktop
- highpri
-search.appverid:
-- MET150
+search.appverid:
+ - MET150
ms.topic: conceptual
ms.date: 07/12/2022
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Windows subscription activation
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index a95ebcecdc..f2730a6d87 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -4,7 +4,7 @@ description: The Windows Assessment and Deployment Kit (Windows ADK) contains to
author: aczechowski
ms.author: aaroncz
manager: dougeby
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
diff --git a/windows/deployment/windows-autopatch/deploy/index.md b/windows/deployment/windows-autopatch/deploy/index.md
index b91c6a7098..00fc06d01d 100644
--- a/windows/deployment/windows-autopatch/deploy/index.md
+++ b/windows/deployment/windows-autopatch/deploy/index.md
@@ -2,8 +2,8 @@
title: Deploying with Windows Autopatch
description: Landing page for the deploy section
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
index 7793b6cb5d..4e13034d35 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@@ -1,9 +1,9 @@
---
title: Add and verify admin contacts
-description: This article explains how to add and verify admin contacts
+description: This article explains how to add and verify admin contacts
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index a8ae09138a..10d9c81172 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,9 +1,9 @@
---
title: Device registration overview
-description: This article provides an overview on how to register devices in Autopatch
-ms.date: 09/07/2022
-ms.prod: w11
-ms.technology: windows
+description: This article provides an overview on how to register devices in Autopatch
+ms.date: 10/5/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
@@ -22,7 +22,8 @@ The overall device registration process is:
:::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
-1. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
+1. IT admin reviews [Windows Autopatch device registration pre-requisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch.
+2. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
1. Windows Autopatch then:
1. Performs device readiness prior registration (prerequisite checks).
1. Calculates the deployment ring distribution.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
index ad127f56ad..e5c4617772 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
@@ -1,9 +1,9 @@
---
title: Post-device registration readiness checks
-description: This article details how post-device registration readiness checks are performed in Windows Autopatch
+description: This article details how post-device registration readiness checks are performed in Windows Autopatch
ms.date: 09/16/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
index ddd32f7d97..4d7fb522a0 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@@ -1,9 +1,9 @@
---
title: Register your devices
-description: This article details how to register devices in Autopatch
+description: This article details how to register devices in Autopatch
ms.date: 09/07/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
@@ -30,9 +30,9 @@ Windows Autopatch can take over software update management control of devices th
You must choose what devices to manage with Windows Autopatch by adding them to the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can be added using the following methods:
-- Direct membership
+- Direct membership
- Nesting other Azure AD dynamic/assigned groups
-- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members)
+- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members)
Windows Autopatch automatically runs its discover devices function every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices.
@@ -72,8 +72,8 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
- Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
- Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
- Managed by Microsoft Endpoint Manager.
- - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
- - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
+ - [Already enrolled into Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) and/or [Configuration Manager co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
+ - Must switch the following Microsoft Endpoint Manager-Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
- Windows updates policies
- Device configuration
- Office Click-to-run
@@ -100,7 +100,7 @@ See all possible device readiness statuses in Windows Autopatch:
| Readiness status | Description | Device blade tab |
| ----- | ----- | ----- |
-| Active | Devices with this status successfully passed all prerequisite checks and subsequently successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. | Ready |
+| Active | Devices with this status successfully passed all prerequisite checks and then successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. | Ready |
| Readiness failed | Devices with this status haven't passed one or more post-device registration readiness checks. These devices aren't ready to have one or more software update workloads managed by Windows Autopatch. | Not ready |
| Inactive | Devices with this status haven't communicated with Microsoft Endpoint Manager-Intune in the last 28 days. | Not ready |
| Pre-requisites failed | Devices with this status haven't passed one or more pre-requisite checks and haven't successfully registered with Windows Autopatch | Not registered |
@@ -161,17 +161,48 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
1. Provide a policy name and select **Join Type**. For more information, see [Device join types](/windows-365/enterprise/identity-authentication#device-join-types).
1. Select **Next**.
1. Choose the desired image and select **Next**.
-1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) cannot manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
+1. Under the **Microsoft managed services** section, select **Windows Autopatch**. Then, select **Next**. If the *Windows Autopatch (preview) can't manage your Cloud PCs until a Global Admin has finished setting it up.* message appears, you must [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) to continue.
1. Assign your policy accordingly and select **Next**.
1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
For more information, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
+### Windows Autopatch on Azure Virtual Desktop workloads
+
+Windows Autopatch is available for your Azure Virtual Desktop workloads. Enterprise admins can provision their Azure Virtual Desktop workloads to be managed by Windows Autopatch using the existing [device registration process](#steps-to-register-devices).
+
+Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#steps-to-register-devices). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
+
+#### Prerequisites
+
+Windows Autopatch for Azure Virtual Desktop follows the same [prerequisites](../prepare/windows-autopatch-prerequisites.md) as Windows Autopatch, and the [Azure Virtual Desktop prerequisites](/azure/virtual-desktop/prerequisites).
+
+The service supports:
+
+- Personal persistent virtual machines
+
+The following Azure Virtual Desktop features aren’t supported:
+
+- Multi-session hosts
+- Pooled non persistent virtual machines
+- Remote app streaming
+
+#### Deploy Autopatch on Azure Virtual Desktop
+
+Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#steps-to-register-devices). For more information, see [Register your devices](#steps-to-register-devices).
+
+For ease of deployment, we recommend nesting a dynamic device group in your Autopatch device registration group. The dynamic device group would target the **Name** prefix defined in your session host, but **exclude** any Multi-Session Session Hosts. For example:
+
+| Group name | Dynamic membership name |
+| ----- | ----- |
+| Windows Autopatch - Host Pool Session Hosts |
|
+
### Contact support for device registration-related incidents
Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
-- For Windows 365 support, see [Get support](/mem/get-support).
+- For Windows 365 support, see [Get support](/mem/get-support).
+- For Azure Virtual Desktop support, see [Get support](https://azure.microsoft.com/support/create-ticket/).
- For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).
## Device management lifecycle scenarios
diff --git a/windows/deployment/windows-autopatch/operate/index.md b/windows/deployment/windows-autopatch/operate/index.md
index 88dfceb72d..125ddc43b1 100644
--- a/windows/deployment/windows-autopatch/operate/index.md
+++ b/windows/deployment/windows-autopatch/operate/index.md
@@ -2,8 +2,8 @@
title: Operating with Windows Autopatch
description: Landing page for the operate section
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
index 4fe92e457d..52448ca4c5 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
@@ -1,9 +1,9 @@
---
title: Deregister a device
-description: This article explains how to deregister devices
+description: This article explains how to deregister devices
ms.date: 06/15/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
index 988fb95d21..bc8fc2e428 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
@@ -1,9 +1,9 @@
---
title: Microsoft Edge
-description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
+description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
index 50e4fd586e..610298bbb9 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
@@ -1,9 +1,9 @@
---
title: Windows feature update end user experience
-description: This article explains the Windows feature update end user experience
+description: This article explains the Windows feature update end user experience
ms.date: 07/11/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
index 1f19a0fd64..244d0ad114 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
@@ -1,9 +1,9 @@
---
title: Windows feature updates
-description: This article explains how Windows feature updates are managed in Autopatch
+description: This article explains how Windows feature updates are managed in Autopatch
ms.date: 07/11/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
index dc4f572c12..c5a7514fc4 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md
@@ -1,9 +1,9 @@
---
title: Maintain the Windows Autopatch environment
-description: This article details how to maintain the Windows Autopatch environment
+description: This article details how to maintain the Windows Autopatch environment
ms.date: 07/11/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
index d3ef9e518e..628de1a67f 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
@@ -1,9 +1,9 @@
---
title: Microsoft 365 Apps for enterprise
-description: This article explains how Microsoft 365 Apps for enterprise updates are managed in Windows Autopatch
+description: This article explains how Microsoft 365 Apps for enterprise updates are managed in Windows Autopatch
ms.date: 08/08/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
index dbb8cdf6e1..a6b6ffc78b 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
@@ -1,9 +1,9 @@
---
title: Submit a support request
-description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
+description: Details how to contact the Windows Autopatch Service Engineering Team and submit support requests
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
index 8cf360c310..3a14dd0be0 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
@@ -1,9 +1,9 @@
---
title: Microsoft Teams
-description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
+description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
index 9d1f37b506..a92c0fbdef 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
@@ -1,9 +1,9 @@
---
title: Unenroll your tenant
-description: This article explains what unenrollment means for your organization and what actions you must take.
+description: This article explains what unenrollment means for your organization and what actions you must take.
ms.date: 07/27/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
index 3169d13cff..c3548183a3 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
@@ -1,9 +1,9 @@
---
title: Software update management
-description: This article provides an overview of how updates are handled in Autopatch
+description: This article provides an overview of how updates are handled in Autopatch
ms.date: 08/08/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: overview
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
index 783558abe7..5633916a46 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
@@ -1,9 +1,9 @@
---
title: Windows quality and feature update communications
-description: This article explains Windows quality update communications
+description: This article explains Windows quality update communications
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
@@ -22,7 +22,7 @@ There are three categories of communication that are sent out during a Windows q
Communications are posted to Message center, Service health dashboard, and the Windows Autopatch messages section of the Microsoft Endpoint Manager admin center as appropriate for the type of communication.
-:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline":::
+:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline" lightbox="../media/update-communications.png":::
## Standard communications
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
index b83dc059df..cb11459161 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
@@ -1,9 +1,9 @@
---
title: Windows quality update end user experience
-description: This article explains the Windows quality update end user experience
+description: This article explains the Windows quality update end user experience
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
index a8da5aeb86..b4fc0d3673 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
@@ -1,9 +1,9 @@
---
title: Windows quality updates
-description: This article explains how Windows quality updates are managed in Autopatch
+description: This article explains how Windows quality updates are managed in Autopatch
ms.date: 08/08/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
index d8b16b880a..be5becc700 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md
@@ -1,9 +1,9 @@
---
title: Windows quality update signals
-description: This article explains the Windows quality update signals
+description: This article explains the Windows quality update signals
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
index 1ee72bdfda..667c755524 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
@@ -1,9 +1,9 @@
---
title: Windows update policies
-description: This article explains Windows update policies in Windows Autopatch
+description: This article explains Windows update policies in Windows Autopatch
ms.date: 07/07/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
index 107f37c50e..32d727dc5e 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@@ -1,9 +1,9 @@
---
title: What is Windows Autopatch?
-description: Details what the service is and shortcuts to articles
+description: Details what the service is and shortcuts to articles
ms.date: 07/11/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/prepare/index.md b/windows/deployment/windows-autopatch/prepare/index.md
index 903d732865..49198d3b87 100644
--- a/windows/deployment/windows-autopatch/prepare/index.md
+++ b/windows/deployment/windows-autopatch/prepare/index.md
@@ -2,8 +2,8 @@
title: Preparing for Windows Autopatch
description: Landing page for the prepare section
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
index 93a0fbe3bd..b48a7a2a5f 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@@ -1,9 +1,9 @@
---
title: Configure your network
-description: This article details the network configurations needed for Windows Autopatch
+description: This article details the network configurations needed for Windows Autopatch
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
index cb7b64d172..140d728afa 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@@ -1,9 +1,9 @@
---
title: Enroll your tenant
-description: This article details how to enroll your tenant
+description: This article details how to enroll your tenant
ms.date: 07/11/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
index ae202548a6..77a8ae20a5 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
@@ -1,9 +1,9 @@
---
title: Fix issues found by the Readiness assessment tool
-description: This article details how to fix issues found by the Readiness assessment tool
+description: This article details how to fix issues found by the Readiness assessment tool
ms.date: 05/30/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index 0b64d2adfa..5008b76d7a 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -1,9 +1,9 @@
---
title: Prerequisites
-description: This article details the prerequisites needed for Windows Autopatch
+description: This article details the prerequisites needed for Windows Autopatch
ms.date: 09/16/2022
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
@@ -24,7 +24,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl
| Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).
|
-| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.
oca.microsoft.com
kmwatsonc.events.data.microsoft.com
*-kmwatsonc.events.data.microsoft.com |
|Settings | settings-win.data.microsoft.com
IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. |
+### Proxy server authentication
+
+If your organization uses proxy server authentication for internet access, make sure that it doesn't block the diagnostic data because of authentication.
+
+#### Bypass (recommended)
+
+Configure your proxy servers to not require proxy authentication for traffic to the diagnostic data endpoints. This option is the most comprehensive solution. It works for all versions of Windows 10 and Windows 11.
+
+#### User proxy authentication
+
+Configure devices to use the signed-in user's context for proxy authentication. This method requires the following configurations:
+
+- Devices have the current quality update for a supported version of Windows
+
+- Configure user-level proxy (WinINET proxy) in **Proxy settings** in the Network & Internet group of Windows Settings. You can also use the legacy Internet Options control panel.
+
+- Make sure that the users have proxy permission to reach the diagnostic data endpoints. This option requires that the devices have console users with proxy permissions, so you can't use this method with headless devices.
+
+> [!IMPORTANT]
+> The user proxy authentication approach is incompatible with the use of Microsoft Defender for Endpoint. This behavior is because this authentication relies on the **DisableEnterpriseAuthProxy** registry key set to `0`, while Microsoft Defender for Endpoint requires it to be set to `1`. For more information, see [Configure machine proxy and internet connectivity settings in Microsoft Defender for Endpoint](/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection).
+
+#### Device proxy authentication
+
+This approach supports the following scenarios:
+
+- Headless devices, where no user signs in, or users of the device don't have internet access
+
+- Authenticated proxies that don't use Windows Integrated Authentication
+
+- If you also use Microsoft Defender for Endpoint
+
+This approach is the most complex because it requires the following configurations:
+
+- Make sure devices can reach the proxy server through WinHTTP in local system context. Use one of the following options to configure this behavior:
+
+ - The command line `netsh winhttp set proxy`
+
+ - Web proxy autodiscovery (WPAD) protocol
+
+ - Transparent proxy
+
+ - Configure device-wide WinINET proxy using the following group policy setting: **Make proxy settings per-machine (rather than per-user)** (ProxySettingsPerUser = `1`)
+
+ - Routed connection, or that uses network address translation (NAT)
+
+- Configure proxy servers to allow the computer accounts in Active Directory to access the diagnostic data endpoints. This configuration requires proxy servers to support Windows Integrated Authentication.
+
### Data access
The principle of least privileged access guides access to Windows diagnostic data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement). Microsoft may share business reports with hardware manufacturers and third-party partners that include aggregated and deidentified diagnostic data information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md
index ccc46b0a6d..122f0717a3 100644
--- a/windows/privacy/diagnostic-data-viewer-overview.md
+++ b/windows/privacy/diagnostic-data-viewer-overview.md
@@ -1,25 +1,22 @@
---
title: Diagnostic Data Viewer Overview (Windows 10 and Windows 11)
description: Use this article to use the Diagnostic Data Viewer application to review the diagnostic data sent to Microsoft by your device.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection:
- - M365-security-compliance
- - highpri
-ms.topic: article
-ms.date: 11/29/2021
-ms.reviewer:
-ms.technology: privacy
+ms.collection: highpri
+ms.topic: how-to
---
# Diagnostic Data Viewer Overview
**Applies to**
-- Windows 10, version 1803 and later and Windows 11
+- Windows 11, version 21H2 and later
+- Windows 10, version 1803 and later
## Introduction
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
index 4bac4f9032..e4880b26b9 100644
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@@ -1,16 +1,13 @@
---
title: Enhanced diagnostic data required by Windows Analytics (Windows 10)
description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.reviewer:
-ms.technology: privacy
+ms.topic: reference
---
diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index a4f4601c25..cac24b1acb 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -1,22 +1,21 @@
---
title: Essential services and connected experiences for Windows
description: Explains what the essential services and connected experiences are for Windows
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.technology: privacy
-ms.date: 11/24/2021
ms.collection: highpri
-
+ms.topic: reference
---
# Essential services and connected experiences for Windows
**Applies to**
-- Windows 11
+- Windows 11, version 21H2 and later
- Windows 10, version 1903 and later
Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure.
@@ -36,37 +35,38 @@ Although enterprise admins can turn off most essential services, we recommend, w
| **Essential service** | **Description** |
| --- | --- |
-|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.
To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
-| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.
To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
-| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications.
To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
-| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity.
To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
-| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.
To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
-| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.
To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
-| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date.
To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
-| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.
To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
+|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.
To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).|
+|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).|
+| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.
To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).|
+| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications.
To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).|
+| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity.
To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).|
+| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.
To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).|
+| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality won't be available to Microsoft.
To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
+| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users to download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date.
To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
+| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.
To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
+|Device Management |Device management includes Mobile Device Management (MDM), which helps IT pros manage company security policies and business applications. A built-in management component can communicate with the management server. If this is turned off, the device may no longer be compliant with company policy and the user might lose access to company resources.
[Learn more about Mobile Device Management](../client-management/mdm-overview) |
## Windows connected experiences
| **Connected experience** | **Description** |
| --- | --- |
-|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.
To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
-|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.
To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
-| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.
To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
-| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.
If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network.
To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
-| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11.
To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinput). |
-| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab.
To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
-| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.
To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
-| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
-| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.
To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
-| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.
To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
-| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience.
To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
-| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology.
To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
-| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account.
To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
+|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.
To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). |
+|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.
To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). |
+| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.
To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). |
+| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.
If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network.
To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). |
+| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11.
To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinput). |
+| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab.
To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). |
+| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.
To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). |
+| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). |
+| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you can't block a website or warn users they may be accessing a malicious site.
To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). |
+| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.
To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). |
+| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience.
To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). |
+| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology.
To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). |
+| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account.
To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). |
| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows users personalized content like news, weather, their calendar and to-do list, and recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. |
-| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/).
To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
-| Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet.
To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
-| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.
Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.
To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
+| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/).
To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). |
+| Windows Search | Windows Search lets users use the search box on the taskbar to find what they're looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet.
To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). |
+| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.
Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.
To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). |
## Microsoft Edge essential services and connected experiences
@@ -81,11 +81,11 @@ Internet Explorer shares many of the Windows essential services listed above. Th
| **Connected experience** | **Description** |
| --- | --- |
-|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission. ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.
Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
+|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission. ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps, which can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.
Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. |
|Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.|
| Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. |
| Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. |
-| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
+| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It's disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. |
| Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. |
| Flip ahead | Flip ahead enables users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. |
| Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. |
diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml
index dee456d738..ae7788c4a1 100644
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@@ -7,12 +7,9 @@ brand: m365
metadata:
title: Windows Privacy
description: Learn about how privacy is managed in Windows.
- services: windows
- ms.prod: windows
+ ms.prod: windows-client
ms.topic: hub-page # Required
- ms.collection:
- - M365-security-compliance
- - highpri
+ ms.collection: highpri
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index 4cf92acefc..d3e9576785 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -1,13 +1,13 @@
---
title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: conceptual
---
# Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services using Microsoft Intune MDM Server
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 7fcd6fb74b..f1c14f475f 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1,18 +1,14 @@
---
title: Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services
description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections.
-ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection:
- - M365-security-compliance
- - highpri
-ms.topic: article
-ms.date: 12/14/2021
-ms.technology: privacy
+ms.collection: highpri
+ms.topic: conceptual
---
# Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services
diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md
index 3e7ac5829b..9de85e40cf 100644
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 11 Enterprise
description: Explains what Windows 11 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 11.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 11 Enterprise
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index eb95151983..0bd15bbb50 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -1,17 +1,13 @@
---
title: Connection endpoints for Windows 10, version 1809
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.reviewer:
-ms.technology: privacy
-
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 1809
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index 40b10d7787..20e9fec7fb 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 1903
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 1903
diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index cfdf8bdd5d..bfbd385697 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 1909
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1909.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 1909
diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index fbdb65cb57..a95f038a8d 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 2004
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 2004.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 2004
diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md
index 1aca2568d3..c292c6f1ed 100644
--- a/windows/privacy/manage-windows-20H2-endpoints.md
+++ b/windows/privacy/manage-windows-20H2-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 20H2
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 20H2.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 20H2
diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md
index 844afb43a7..0e47b473b6 100644
--- a/windows/privacy/manage-windows-21H1-endpoints.md
+++ b/windows/privacy/manage-windows-21H1-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 21H1
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H1.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 21H1
diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md
index 23f5dcb20a..49eb5a3b58 100644
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@@ -1,15 +1,13 @@
---
title: Connection endpoints for Windows 10 Enterprise, version 21H2
description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 21H2.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.topic: reference
---
# Manage connection endpoints for Windows 10 Enterprise, version 21H2
diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
index aa6f04328c..1665c4605a 100644
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
@@ -2,15 +2,13 @@
description: Learn more about the Windows 11, version 22H2 diagnostic data gathered.
title: Required diagnostic events and fields for Windows 11, version 22H2
keywords: privacy, telemetry
-ms.prod: w10
+ms.prod: windows-client
+ms.technology: itpro-privacy
localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-audience: ITPro
-ms.date: 09/20/2022
+ms.topic: reference
---
@@ -29,7 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
-- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 basic diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -40,6 +38,7 @@ You can learn more about Windows functional and diagnostic data through these ar
+
## Appraiser events
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@@ -187,7 +186,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove
@@ -210,7 +208,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
@@ -222,7 +219,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the Appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3.
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
@@ -966,9 +962,9 @@ The following fields are available:
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
### Census.Memory
@@ -1039,7 +1035,7 @@ The following fields are available:
- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy.
- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
- **ServiceProductKeyID** Retrieves the License key of the KMS
-- **SharedPCMode** Returns Boolean for education devices used as shared cart
+- **SharedPCMode** Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
- **SLICStatus** Whether a SLIC table exists on the device.
- **SLICVersion** Returns OS type/version from SLIC table.
@@ -1108,6 +1104,12 @@ The following fields are available:
- **Language** String containing the incompatible language pack detected.
+### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
+
+This event fires when HVCI is already enabled so no need to continue auto-enablement.
+
+
+
## Common data extensions
### Common Data Extensions.app
@@ -1270,6 +1272,7 @@ The following fields are available:
- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
- **xid** A list of base10-encoded XBOX User IDs.
+
## Common data fields
### Ms.Device.DeviceInventoryChange
@@ -1283,6 +1286,7 @@ The following fields are available:
- **objectInstanceId** Object identity which is unique within the device scope.
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
## Component-based servicing events
@@ -2151,6 +2155,22 @@ The following fields are available:
- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
+### Microsoft.Edge.Crashpad.HangEvent
+
+This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
+
+The following fields are available:
+
+- **app_name** The name of the hanging process.
+- **app_session_guid** Encodes the boot session, process, and process start time.
+- **app_version** The version of the hanging process.
+- **client_id_hash** Hash of the browser client id to help identify the installation.
+- **etag** Identifier to help identify running browser experiments.
+- **hang_source** Identifies how the hang was detected.
+- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
+- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
+
+
## OneSettings events
### Microsoft.Windows.OneSettingsClient.Status
@@ -2175,122 +2195,6 @@ The following fields are available:
- **resultCode** HR result of the cancellation.
-## Other events
-
-### Microsoft.Edge.Crashpad.HangEvent
-
-This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
-
-The following fields are available:
-
-- **app_name** The name of the hanging process.
-- **app_session_guid** Encodes the boot session, process, and process start time.
-- **app_version** The version of the hanging process.
-- **client_id_hash** Hash of the browser client id to help identify the installation.
-- **etag** Identifier to help identify running browser experiments.
-- **hang_source** Identifies how the hang was detected.
-- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
-- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
-
-
-### Microsoft.Gaming.Critical.Error
-
-Common error event used by the Gaming Telemetry Library to provide centralized monitoring for critical errors logged by callers using the library.
-
-The following fields are available:
-
-- **callStack** List of active subroutines running during error occurrence.
-- **componentName** Friendly name meant to represent what feature area this error should be attributed to. Used for aggregations and pivots of data.
-- **customAttributes** List of custom attributes.
-- **errorCode** Error code.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **featureName** Friendly name meant to represent which feature this should be attributed to.
-- **identifier** Error identifier.
-- **message** Error message.
-- **properties** List of properties attributed to the error.
-
-
-### Microsoft.Gaming.Critical.ProviderRegistered
-
-Indicates that a telemetry provider has been registered with the Gaming Telemetry Library.
-
-The following fields are available:
-
-- **providerNamespace** The telemetry Namespace for the registered provider.
-
-
-### Microsoft.Gaming.OOBE.HDDBackup
-
-This event describes whether an External HDD back up has been found.
-
-The following fields are available:
-
-- **backupVersion** version number of backup.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **hasConsoleSettings** Indicates whether the console settings stored.
-- **hasUserSettings** Indicates whether the user settings stored.
-- **hasWirelessProfile** Indicates whether the wireless profile stored.
-- **hddBackupFound** Indicates whether hdd backup is found.
-- **osVersion** Operating system version.
-
-
-### Microsoft.Gaming.OOBE.OobeComplete
-
-This event is triggered when OOBE activation is complete.
-
-The following fields are available:
-
-- **allowAutoUpdate** Allows auto update.
-- **allowAutoUpdateApps** Allows auto update for apps.
-- **appliedTransferToken** Applied transfer token.
-- **connectionType** Connection type.
-- **curSessionId** Current session id.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **instantOn** Instant on.
-- **moobeAcceptedState** Moobe accepted state.
-- **phaseOneElapsedTimeMs** Total elapsed time in milliseconds for phase 1.
-- **phaseOneVersion** Version of phase 1.
-- **phaseTwoElapsedTimeMs** Total elapsed time in milliseconds for phase 2.
-- **phaseTwoVersion** Version of phase 2.
-- **systemUpdateRequired** Indicates whether a system update required.
-- **totalElapsedTimeMs** Total elapsed time in milliseconds of all phases.
-- **usedCloudBackup** Indicates whether cloud backup is used.
-- **usedHDDBackup** Indicates whether HDD backup is used.
-- **usedOffConsole** Indicates whether off console is used.
-
-
-### Microsoft.Gaming.OOBE.SessionStarted
-
-This event is sent at the start of OOBE session.
-
-The following fields are available:
-
-- **customAttributes** customAttributes.
-- **extendedData** extendedData.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
-
-This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantStateDownloading** True at the start Downloading.
-- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
-- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
-- **UpdateAssistantStateInstalling** True at the start of Installing.
-- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-
-
-### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
-
-This event fires when HVCI is already enabled so no need to continue auto-enablement.
-
-
-
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@@ -2480,6 +2384,24 @@ The following fields are available:
- **UpdateAttempted** Indicates if installation of the current update has been attempted before.
+## Update Assistant events
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantStateDownloading** True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling** True at the start of Installing.
+- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
## Update events
### Update360Telemetry.UpdateAgentDownloadRequest
@@ -3400,7 +3322,6 @@ The following fields are available:
This event is derived event results for the LaunchPageDuration scenario.
-
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -3454,6 +3375,3 @@ The following fields are available:
- **SessionId** The UpdateAgent “SessionId” value.
- **UpdateId** Unique identifier for the Update.
- **WuId** Unique identifier for the Windows Update client.
-
-
-
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
index c5f8c39e62..3deb6ead41 100644
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -1,26 +1,19 @@
---
description: Learn more about the Windows 11 diagnostic data gathered at the basic level.
title: Required diagnostic events and fields for Windows 11, version 21H2
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection:
- - M365-security-compliance
- - highpri
-ms.topic: article
-ms.date: 11/29/2021
-ms.technology: privacy
+ms.collection: highpri
+ms.topic: reference
---
# Required diagnostic events and fields for Windows 11, version 21H2
-> [!IMPORTANT]
-> Windows is moving to classifying the data collected from customer’s devices as either Required or Optional.
-
-
**Applies to**
- Windows 11, version 21H2
@@ -35,7 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
-- [Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -44,8 +37,6 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
-
## AppPlatform events
### AppPlatform.InstallActivity
@@ -91,98 +82,34 @@ This event lists the types of objects and how many of each exist on the client d
The following fields are available:
-- **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device.
-- **DatasourceApplicationFile_21H1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceApplicationFile_RS2** The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS3** The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceDevicePnp_21H1** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceDevicePnp_RS2** The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS3** The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device.
- **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
- **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceDriverPackage_21H1** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceDriverPackage_RS2** The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS3** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_21H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_21H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_21H1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
-- **DataSourceMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
-- **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device.
- **DatasourceSystemBios_19H1Setup** The total number of objects of this type present on this device.
- **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_21H1** The total number of objects of this type present on this device.
- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
-- **DatasourceSystemBios_RS2** The total number of objects of this type present on this device.
-- **DatasourceSystemBios_RS3** The total number of objects of this type present on this device.
-- **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_21H1** The total number of objects of this type present on this device.
- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionApplicationFile_RS2** The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS3** The total number of objects of this type present on this device.
-- **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_21H1** The total number of objects of this type present on this device.
- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionDevicePnp_RS2** The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS3** The total number of objects of this type present on this device.
-- **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_21H1** The total number of objects of this type present on this device.
- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionDriverPackage_RS2** The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS3** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_21H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_21H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_21H1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
-- **DecisionMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
-- **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_21H1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionMediaCenter_RS2** The total number of objects of this type present on this device.
-- **DecisionMediaCenter_RS3** The total number of objects of this type present on this device.
-- **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device.
- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device.
-- **DecisionSystemBios_21H1** The total number of objects of this type present on this device.
- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device.
-- **DecisionSystemBios_RS2** The total number of objects of this type present on this device.
-- **DecisionSystemBios_RS3** The total number of objects of this type present on this device.
-- **DecisionTest_19H1** The total number of objects of this type present on this device.
-- **DecisionTest_21H1** The total number of objects of this type present on this device.
- **DecisionTest_21H1Setup** The total number of objects of this type present on this device.
-- **DecisionTest_RS2** The total number of objects of this type present on this device.
-- **DecisionTest_RS3** The total number of objects of this type present on this device.
- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
@@ -200,11 +127,7 @@ The following fields are available:
- **SystemWim** The total number of objects of this type present on this device.
- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
- **SystemWlan** The total number of objects of this type present on this device.
-- **Wmdrm_19H1** The count of the number of this particular object type present on this device.
-- **Wmdrm_21H1** The total number of objects of this type present on this device.
- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device.
-- **Wmdrm_RS2** The total number of objects of this type present on this device.
-- **Wmdrm_RS3** The total number of objects of this type present on this device.
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@@ -389,29 +312,6 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
-
-This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser file generating the events.
-- **SdbEntries** Deprecated in RS3.
-
-
-### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove
-
-This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -435,17 +335,6 @@ The following fields are available:
- **SdbEntries** Deprecated in RS3.
-### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove
-
-This event indicates that the DatasourceSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -484,7 +373,7 @@ The following fields are available:
- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
-- **SoftBlock** The file is soft blocked in the SDB and has a warning.
+- **SoftBlock** The file is softblocked in the SDB and has a warning.
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
@@ -674,32 +563,6 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
-
-This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app?
-- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade?
-- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app?
-- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
-
-
-### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove
-
-This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -728,17 +591,6 @@ The following fields are available:
- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center?
-### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove
-
-This event indicates that the DecisionMediaCenter object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
This event indicates that a new set of DecisionMediaCenterAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -760,21 +612,9 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
- **Blocking** Appraiser decision about eligibility to upgrade.
-- **HostOsSku** The SKU of the Host OS.
- **LockdownMode** S mode lockdown mode.
-### Microsoft.Windows.Appraiser.General.DecisionSModeStateRemove
-
-This event indicates that the DecisionTpmVersion object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSModeStateStartSync
The DecisionSModeStateStartSync event indicates that a new set of DecisionSModeStateAdd events will be sent. This event is used to make compatibility decisions about the S mode state. Microsoft uses this information to understand and address problems regarding the S mode state for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
@@ -800,17 +640,6 @@ The following fields are available:
- **HasBiosBlock** Does the device have a BIOS block?
-### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove
-
-This event indicates that the DecisionSystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
This event indicates that a new set of DecisionSystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -835,17 +664,6 @@ The following fields are available:
- **TotalSize** Total disk size in Mb.
-### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeRemove
-
-This event indicates that the DecisionSystemDiskSize object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemDiskSizeStartSync
Start sync event for physical disk size data. The data collected with this event is used to help keep Windows up to date.
@@ -870,17 +688,6 @@ The following fields are available:
- **ramKB** Memory information in KB.
-### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryRemove
-
-This event indicates that the DecisionSystemMemory object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemMemoryStartSync
The DecisionSystemMemoryStartSync event indicates that a new set of DecisionSystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -905,17 +712,6 @@ The following fields are available:
- **CpuCores** Number of CPU Cores.
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresRemove
-
-This event indicates that the DecisionSystemProcessorCpuCores object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuCoresStartSync
This event signals the start of telemetry collection for CPU cores in Appraiser. The data collected with this event is used to help keep Windows up to date.
@@ -944,17 +740,6 @@ The following fields are available:
- **CpuVendor** Cpu vendor.
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelRemove
-
-This event indicates that the DecisionSystemProcessorCpuModel object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuModelStartSync
The DecisionSystemProcessorCpuModelStartSync event indicates that a new set of DecisionSystemProcessorCpuModelAdd events will be sent. This event is used to make compatibility decisions about the CPU. Microsoft uses this information to understand and address problems regarding the CPU for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
@@ -979,17 +764,6 @@ The following fields are available:
- **Mhz** CPU speed in MHz.
-### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedRemove
-
-This event indicates that the DecisionSystemProcessorCpuSpeed object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionSystemProcessorCpuSpeedStartSync
This event collects data for CPU speed in MHz. The data collected with this event is used to help keep Windows up to date.
@@ -1001,41 +775,6 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
-### Microsoft.Windows.Appraiser.General.DecisionTestAdd
-
-This event provides diagnostic data for testing decision add events. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser binary generating the events.
-- **TestDecisionDataPoint1** Test data point 1.
-- **TestDecisionDataPoint2** Test data point 2.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTestRemove
-
-This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.DecisionTestStartSync
-
-This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionTpmVersionAdd
This event collects data about the Trusted Platform Module (TPM) in the device. TPM technology is designed to provide hardware-based, security-related functions. The data collected with this event is used to help keep Windows up to date.
@@ -1049,17 +788,6 @@ The following fields are available:
- **TpmVersionInfo** The version of Trusted Platform Module (TPM) technology in the device.
-### Microsoft.Windows.Appraiser.General.DecisionTpmVersionRemove
-
-This event indicates that the DecisionTpmVersion object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionTpmVersionStartSync
The DecisionTpmVersionStartSync event indicates that a new set of DecisionTpmVersionAdd events will be sent. This event is used to make compatibility decisions about the TPM. Microsoft uses this information to understand and address problems regarding the TPM for computers receiving updates. The data collected with this event is used to help keep Windows up to date.
@@ -1085,17 +813,6 @@ The following fields are available:
- **SecureBootEnabled** Is UEFI enabled?
-### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootRemove
-
-This event indicates that the DecisionUefiSecureBoot object represented by the objectInstanceId is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.DecisionUefiSecureBootStartSync
Start sync event data for UEFI Secure boot. UEFI is a verification mechanism for ensuring that code launched by firmware is trusted. The data collected with this event is used to help keep Windows up to date.
@@ -1138,14 +855,14 @@ The following fields are available:
- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
- **CompanyName** The company name of the vendor who developed this file.
- **FileId** A hash that uniquely identifies a file.
-- **FileVersion** The File version field from the file metadata under Properties -> Details.
+- **FileVersion** The File version field from the file metadata under Properties -> Details.
- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file.
- **IsAv** Indicates whether the file an antivirus reporting EXE.
- **LinkDate** The date and time that this file was linked on.
- **LowerCaseLongPath** The full file path to the file that was inventoried on the device.
- **Name** The name of the file that was inventoried.
-- **ProductName** The Product name field from the file metadata under Properties -> Details.
-- **ProductVersion** The Product version field from the file metadata under Properties -> Details.
+- **ProductName** The Product name field from the file metadata under Properties -> Details.
+- **ProductVersion** The Product version field from the file metadata under Properties -> Details.
- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it.
- **Size** The size of the file (in hexadecimal bytes).
@@ -1266,17 +983,6 @@ The following fields are available:
- **Model** The model field from Win32_ComputerSystem.
-### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove
-
-This event indicates that the InventorySystemBios object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
This event indicates that a new set of InventorySystemBiosAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1288,41 +994,6 @@ The following fields are available:
- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events.
-### Microsoft.Windows.Appraiser.General.InventoryTestAdd
-
-This event provides diagnostic data for testing event adds to help keep windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the component sending the data.
-- **TestInvDataPoint1** Test inventory data point 1.
-- **TestInvDataPoint2** Test inventory data point 2.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryTestRemove
-
-This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
-
-
-### Microsoft.Windows.Appraiser.General.InventoryTestStartSync
-
-This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
-
-
### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
This event runs only during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. It is critical in understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. The data collected with this event is used to help keep Windows up to date.
@@ -1403,17 +1074,6 @@ The following fields are available:
- **virtualKB** The amount of virtual memory (in KB).
-### Microsoft.Windows.Appraiser.General.SystemMemoryRemove
-
-This event that the SystemMemory object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
This event indicates that a new set of SystemMemoryAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1438,17 +1098,6 @@ The following fields are available:
- **CompareExchange128Support** Does the CPU support CompareExchange128?
-### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove
-
-This event indicates that the SystemProcessorCompareExchange object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1473,17 +1122,6 @@ The following fields are available:
- **LahfSahfSupport** Does the CPU support LAHF/SAHF?
-### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove
-
-This event indicates that the SystemProcessorLahfSahf object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1509,17 +1147,6 @@ The following fields are available:
- **NXProcessorSupport** Does the processor support NX?
-### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove
-
-This event indicates that the SystemProcessorNx object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
This event indicates that a new set of SystemProcessorNxAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1544,17 +1171,6 @@ The following fields are available:
- **PrefetchWSupport** Does the processor support PrefetchW?
-### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove
-
-This event indicates that the SystemProcessorPrefetchW object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1579,17 +1195,6 @@ The following fields are available:
- **SSE2ProcessorSupport** Does the processor support SSE2?
-### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove
-
-This event indicates that the SystemProcessorSse2 object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
This event indicates that a new set of SystemProcessorSse2Add events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1649,17 +1254,6 @@ The following fields are available:
- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM.
-### Microsoft.Windows.Appraiser.General.SystemWimRemove
-
-This event indicates that the SystemWim object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemWimStartSync
This event indicates that a new set of SystemWimAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1723,17 +1317,6 @@ The following fields are available:
- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
-### Microsoft.Windows.Appraiser.General.SystemWlanRemove
-
-This event indicates that the SystemWlan object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
This event indicates that a new set of SystemWlanAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
@@ -1802,17 +1385,6 @@ The following fields are available:
- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
-### Microsoft.Windows.Appraiser.General.WmdrmRemove
-
-This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AppraiserVersion** The version of the Appraiser file that is generating the events.
-
-
### Microsoft.Windows.Appraiser.General.WmdrmStartSync
The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
@@ -1881,8 +1453,8 @@ The following fields are available:
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
-- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
+- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@@ -1911,7 +1483,6 @@ The following fields are available:
- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
-- **SSRK** Retrieves the mobile targeting settings.
### Census.Hardware
@@ -2021,7 +1592,7 @@ The following fields are available:
- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy.
- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
- **ServiceProductKeyID** Retrieves the License key of the KMS
-- **SharedPCMode** Returns Boolean for education devices used as shared cart
+- **SharedPCMode** Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
- **SLICStatus** Whether a SLIC table exists on the device.
- **SLICVersion** Returns OS type/version from SLIC table.
@@ -2291,7 +1862,7 @@ The following fields are available:
- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
- **WULCUVersion** Version of the LCU Installed on the machine.
- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused.
+- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused.
- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
@@ -2318,20 +1889,70 @@ The following fields are available:
- **appResult** The AppResult for the CXH OOBE scenario, e.g. "success" or "fail". This is logged on scenario completion, i.e. with the stop event.
- **experience** A JSON blob containing properties pertinent for the CXH scenario launch, with PII removed. Examples: host, port, protocol, surface. Logged on the start event.
- **source** The scenario for which CXH was launched. Since this event is restricted to OOBE timeframe, this will be FRXINCLUSIVE or FRXOOBELITE. Logged with the start event.
-- **wilActivity** Common data logged with all Wil activities. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Shell.CloudExperienceHost.ExpectedReboot
-
-This event fires during OOBE when an expected reboot occurs- for example, as a result of language change or autopilot. The event doesn't fire if the user forcibly initiates a reboot/shutdown. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
- **wilActivity** Common data logged with all Wil activities.
## Code Integrity events
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked
+
+Indicates if OEM attempted to block autoenablement via regkey.
+
+The following fields are available:
+
+- **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
+
+Fires when auto-enablement is successful and HVCI is being enabled on the device.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity
+
+Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
+
+The following fields are available:
+
+- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
+
+Fires when driver scanning fails to get results.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError
+
+Fires when there is an error checking the SDB for a particular driver.
+
+The following fields are available:
+
+- **DriverPath** Path to the driver that was being checked in the SDB when checking encountered an error.
+- **Error** Error encountered during checking the SDB.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverNonCompliantError
+
+Fires when a driver is discovered that is non-compliant with HVCI.
+
+The following fields are available:
+
+- **DriverPath** Path to driver.
+- **NonComplianceMask** Error code indicating driver violation.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage
+
+Fires when an incompatible language pack is detected.
+
+The following fields are available:
+
+- **Language** String containing the incompatible language pack detected.
+
+
### Microsoft.Windows.Security.CodeIntegrity.State.Current
This event indicates the overall CodeIntegrity Policy state and count of policies, fired on reboot and when policy changes rebootlessly. The data collected with this event is used to help keep Windows secure.
@@ -2706,18 +2327,6 @@ This event reports the results of deferring Windows Content to keep Windows up t
-### Microsoft.Windows.CbsLite.CbsLiteFinalizeCommit
-
-The event reports basic information about the end of the last phase of updates. The data collected with this event is used to keep windows up to date.
-
-The following fields are available:
-
-- **bootAvailable** Indicates if storage pool version supports Oneshot Boot functionality.
-- **cbsLiteSessionID** An ID to associate other cbs events related to this update session.
-- **duration** The number of milliseconds taken to complete the operation.
-- **result** The return code of the operation.
-
-
### Microsoft.Windows.CbsLite.CbsLiteUpdateReserve
This event updates the size of the update reserve on WCOS devices. The data collected with this event is used to help keep Windows up to date and secure.
@@ -2731,150 +2340,8 @@ The following fields are available:
- **Result** The return code for the operation.
-## Deployment events
-
-### Microsoft.Windows.Deployment.Imaging.AppExit
-
-This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **hr** HResult returned from app exit.
-- **totalTimeInMs** Total time taken in Ms.
-
-
-### Microsoft.Windows.Deployment.Imaging.AppInvoked
-
-This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **branch** Corresponding branch for the image.
-- **isInDbg** Whether the app is in debug mode or not.
-- **isWSK** Whether the app is building images using WSK or not.
-
-
-### Microsoft.Windows.Deployment.Imaging.Failed
-
-This failure event is sent when imaging fails. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **cs** Line that failed.
-- **ec** Execution status.
-- **hr** HResult returned.
-- **msg** Message returned.
-- **stack** Stack information.
-
-
-### Microsoft.Windows.Deployment.Imaging.ImagingCompleted
-
-This event is sent when imaging is done. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **appExecTimeInMs** Execution time in milliseconds.
-- **buildInfo** Information of the build.
-- **compDbPrepTimeInMs** Preparation time in milliseconds for the CompDBs.
-- **executeUpdateTimeInMs** Update execution time in milliseconds.
-- **fileStageTimeInMs** File staging time in milliseconds.
-- **hr** HResult returned from imaging.
-- **imgSizeInMB** Image size in MB.
-- **mutexWaitTimeInMs** Mutex wait time in milliseconds.
-- **prepareUpdateTimeInMs** Update preparation time in milliseconds.
-- **totalRunTimeInMs** Total running time in milliseconds.
-- **updateOsTimeInMs** Time in milliseconds spent in update OS.
-
-
-### Microsoft.Windows.Deployment.Imaging.ImagingStarted
-
-This event is sent when an imaging session starts. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **arch** Architecture of the image.
-- **device** Device type for which the image is built.
-- **imgFormat** Format of the image.
-- **imgSkip** Parameter for skipping certain image types when building.
-- **imgType** The type of image being built.
-- **lang** Language of the image being built.
-- **prod** Image product type.
-
-
## Diagnostic data events
-### TelClientSynthetic.AbnormalShutdown_0
-
-This event sends data about boot IDs for which a normal clean shutdown was not observed. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event.
-- **AbsCausedbyAutoChk** This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
-- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in.
-- **BatteryLevelAtLastShutdown** The last recorded battery level.
-- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown.
-- **CrashDumpEnabled** Are crash dumps enabled?
-- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
-- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
-- **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware.
-- **Firmwaredata->ResetReasonEmbeddedControllerAdditional** Additional data related to reset reason provided by the firmware.
-- **Firmwaredata->ResetReasonPch** The reset reason that was supplied by the hardware.
-- **Firmwaredata->ResetReasonPchAdditional** Additional data related to the reset reason supplied by the hardware.
-- **Firmwaredata->ResetReasonSupplied** Indicates whether the firmware supplied any reset reason or not.
-- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
-- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
-- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
-- **InvalidBootStat** This is a sanity check flag that ensures the validity of the bootstat file.
-- **LastBugCheckBootId** bootId of the last captured crash.
-- **LastBugCheckCode** Code that indicates the type of error.
-- **LastBugCheckContextFlags** Additional crash dump settings.
-- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
-- **LastBugCheckOtherSettings** Other crash dump settings.
-- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
-- **LastBugCheckProgress** Progress towards writing out the last crash dump.
-- **LastBugCheckVersion** The version of the information struct written during the crash.
-- **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown.
-- **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button.
-- **LongPowerButtonPressInstanceGuid** The Instance GUID for the user state of pressing and holding the power button.
-- **OOBEInProgress** Identifies if OOBE is running.
-- **OSSetupInProgress** Identifies if the operating system setup is running.
-- **PowerButtonCumulativePressCount** How many times has the power button been pressed?
-- **PowerButtonCumulativeReleaseCount** How many times has the power button been released?
-- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record power button metrics.
-- **PowerButtonLastPressBootId** BootId of the last time the power button was pressed.
-- **PowerButtonLastPressTime** Date and time of the last time the power button was pressed.
-- **PowerButtonLastReleaseBootId** BootId of the last time the power button was released.
-- **PowerButtonLastReleaseTime** Date and time of the last time the power button was released.
-- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
-- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed.
-- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on.
-- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
-- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
-- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition.
-- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file.
-- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid.
-- **StaleBootStatData** Identifies if the data from bootstat is stale.
-- **TransitionInfoBootId** BootId of the captured transition info.
-- **TransitionInfoCSCount** l number of times the system transitioned from Connected Standby mode.
-- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode.
-- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode.
-- **TransitionInfoCSInProgress** At the time the last marker was saved, the system was in or entering Connected Standby mode.
-- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp,
-- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
-- **TransitionInfoLidState** Describes the state of the laptop lid.
-- **TransitionInfoPowerButtonTimestamp** The date and time of the last time the power button was pressed.
-- **TransitionInfoSleepInProgress** At the time the last marker was saved, the system was in or entering sleep mode.
-- **TransitionInfoSleepTranstionsToOn** Total number of times the device transitioned from sleep mode.
-- **TransitionInfoSystemRunning** At the time the last marker was saved, the device was running.
-- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
-- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
-- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
-- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
-- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
-- **VirtualMachineId** If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
-
-
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event is fired by UTC at state transitions to signal what data we are allowed to collect. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
@@ -2929,7 +2396,7 @@ This event sends data about the connectivity status of the Connected User Experi
The following fields are available:
-- **CensusExitCode** Returns last execution codes from census client run.
+- **CensusExitCode** Last exit code of Census task
- **CensusStartTime** Returns timestamp corresponding to last successful census run.
- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine.
- **LastConnectivityLossTime** The FILETIME at which the last free network loss occurred.
@@ -3037,15 +2504,6 @@ The following fields are available:
- **errorCode** The result code returned by the event.
-### Microsoft.Windows.StartRepairCore.DISMUninstallLCU
-
-The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **errorCode** The result code returned by the event.
-
-
### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd
The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
@@ -3131,7 +2589,6 @@ The following fields are available:
- **InstallDate** The date the driver was installed.
- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description.
- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing.
-- **LegacyInstallReasonError** The error code for the legacy installation.
- **LowerFilters** The list of lower filter drivers.
- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance.
- **NeedReboot** Indicates whether the driver requires a reboot.
@@ -3343,7 +2800,7 @@ This event indicates that the uninstall was properly configured and that a syste
### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
The following fields are available:
@@ -3415,7 +2872,7 @@ The following fields are available:
- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion.
- **PackageVersion** Windows Mixed Reality Portal app package version.
- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state.
-- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity).
+- **wilActivity** Windows Mixed Reality Portal app wilActivity ID.
### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
@@ -3463,7 +2920,6 @@ The following fields are available:
- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version.
- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number.
- **DeviceInfoFlags** Windows Mixed Reality device info flags.
-- **DeviceName** Windows Mixed Reality device Name. This event is also used to count WMR device.
- **DeviceReleaseNumber** Windows Mixed Reality device release number.
- **FirmwareMajorVer** Windows Mixed Reality device firmware major version.
- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version.
@@ -3494,26 +2950,9 @@ This event captures basic checksum data about the device inventory items stored
The following fields are available:
-- **DriverPackageExtended** A count of driverpackageextended objects in cache.
- **InventoryApplication** A count of application objects in cache.
-- **InventoryApplicationDriver** A count of application driver objects in cache
- **InventoryApplicationFramework** A count of application framework objects in cache
-- **InventoryDeviceContainer** A count of device container objects in cache.
-- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache.
-- **InventoryDeviceMediaClass** A count of device media objects in cache.
-- **InventoryDevicePnp** A count of device Plug and Play objects in cache.
-- **InventoryDeviceUsbHubClass** A count of device usb objects in cache
-- **InventoryDriverBinary** A count of driver binary objects in cache.
-- **InventoryDriverPackage** A count of device objects in cache.
-- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache
-- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache
-- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache
-- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache
-- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache
-- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache
-- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache
-- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache
-- **InventoryVersion** The version of the inventory binary generating the events.
+- **InventoryVersion** test
### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd
@@ -3582,7 +3021,6 @@ The following fields are available:
- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
- **MsiProductCode** A GUID that describe the MSI Product.
- **Name** The name of the application.
-- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install.
- **PackageFullName** The package full name for a Store application.
- **ProgramInstanceId** A hash of the file IDs in an app.
- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field.
@@ -3593,17 +3031,15 @@ The following fields are available:
- **Version** The version number of the program.
-### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
-This event provides the basic metadata about the frameworks an application may depend on. The data collected with this event is used to keep Windows performing properly.
+The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
-- **FileId** A hash that uniquely identifies a file.
-- **Frameworks** The list of frameworks this file depends on.
-- **InventoryVersion** The version of the inventory file generating the events.
+- **InventoryVersion** The version of the inventory component.
### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
@@ -3788,7 +3224,7 @@ The following fields are available:
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
- **InstallDate** The date of the most recent installation of the device on the machine.
-- **InstallState** The device installation state. For a list of values, see [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx).
+- **InstallState** The device installation state. One of these values: [DEVICE_INSTALL_STATE enumeration](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** The identifiers of the Lower filters installed for the device.
@@ -3898,7 +3334,7 @@ The following fields are available:
- **DriverIsKernelMode** Is it a kernel mode driver?
- **DriverName** The file name of the driver.
- **DriverPackageStrongName** The strong name of the driver package
-- **DriverSigned** The strong name of the driver package
+- **DriverSigned** Is the driver signed?
- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file.
- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
- **DriverVersion** The version of the driver file.
@@ -4022,59 +3458,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
-
-This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AddinCLSID** The class identifier key for the Microsoft Office add-in.
-- **AddInId** The identifier for the Microsoft Office add-in.
-- **AddinType** The type of the Microsoft Office add-in.
-- **BinFileTimestamp** The timestamp of the Office add-in.
-- **BinFileVersion** The version of the Microsoft Office add-in.
-- **Description** Description of the Microsoft Office add-in.
-- **FileId** The file identifier of the Microsoft Office add-in.
-- **FileSize** The file size of the Microsoft Office add-in.
-- **FriendlyName** The friendly name for the Microsoft Office add-in.
-- **FullPath** The full path to the Microsoft Office add-in.
-- **InventoryVersion** The version of the inventory binary generating the events.
-- **LoadBehavior** Integer that describes the load behavior.
-- **OfficeApplication** The Microsoft Office application associated with the add-in.
-- **OfficeArchitecture** The architecture of the add-in.
-- **OfficeVersion** The Microsoft Office version for this add-in.
-- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in.
-- **ProductCompany** The name of the company associated with the Office add-in.
-- **ProductName** The product name associated with the Microsoft Office add-in.
-- **ProductVersion** The version associated with the Office add-in.
-- **ProgramId** The unique program identifier of the Microsoft Office add-in.
-- **Provider** Name of the provider for this add-in.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
-
-This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion** The version of the inventory binary generating the events.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
-
-This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion** The version of the inventory binary generating the events.
-
-
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
@@ -4127,14 +3510,6 @@ The following fields are available:
- **IndicatorValue** The indicator value.
-### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
-
-This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-
-
### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
This event indicates that this particular data object represented by the objectInstanceId is no longer present. This event is used to understand the OS indicators installed on the system. The data collected with this event helps ensure the device is current and Windows is up to date and performing properly.
@@ -4231,151 +3606,8 @@ The following fields are available:
- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits.
-## Manufacturing events
-
-### ManufacturingPlatformTel.ManufacturingPlatformActivityEvent
-
-These is the Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **BootOptionDescription** This field describes the boot option that is retrieved using EFI protocols from the DUT side.
-- **BootOptionDevicePath** The device path for the boot option.
-- **ChunkSizeInBytes** Indicates the chunk size, in bytes, of an FFU image.
-- **CurrentDUTTime** Indicates the time on the DUT (or target device), using EFI protocols, when the event was logged.
-- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved via SMBIOS on the DUT (target device).
-- **DUTActivityGuid** The activity guid, from TraceLoggingActivity, that is associated with that operation on the DUT (target device).
-- **DUTDeviceUniqueId** A GUID that uniquely identifies a target device.
-- **DUTSessionGuid** A GUID that uniquely identifies a section on the DUT (target device).
-- **EventName** Indicates the specific event from ManufacturingPlatform. A list of all possible events can be found in ufptelemetryevents.h. An example is: "GetFlashingImageData" or "GetFlashingStatus".
-- **FFUFilePath** Describes to the name of the FFU file that we are flashing.
-- **FFUHeaderSize** Refers to the size of the header in an FFU image.
-- **FFUPayloadSize** Refers to the payload size of an FFU image.
-- **FieldName** Provides a description of the value field. If relevant, it also includes the unit. Example: "ErrorMessage" or "TimeInSec".
-- **HeaderFileOffset** Indicates the header file offset in an FFU image.
-- **HostStartTime** Refers to the UTC system time on the host that is recorded when the host starts a telemetry logging session on the DUT (target device).
-- **Identifier** Identifies the phase in ManufacturingPlatform we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
-- **ImageDeviceTargetInfo** Describes the device target information that has been included in the FFU image. These values can be found in the image header.
-- **ImageHeaderData** Describes critical data in the image header of an FFU image.
-- **OperationName** The name of the operation the host is triggering a logging session on the DUT (target device) for.
-- **PayloadFileOffset** Indicates the header file offset in an FFU image.
-- **SectorSize** Indicates the sector size of the FFU image.
-- **StoreHeaderData** Describes critical data of important fields found in the store header of an FFU image.
-- **UFPImplementationVersionMajor** Implementation major version for the UFP binaries on the DUT (target device) side.
-- **UFPImplementationVersionMinor** Implementation minor version for the UFP binaries on the DUT (target device) side.
-- **UFPProtocolVersionMajor** Protocol major version for the UFP binaries on the DUT (target device) side.
-- **UFPProtocolVersionMinor** Protocol minor version for the UFP binaries on the DUT (target device) side.
-- **ValueStr** The value to be logged. Described by field name and relevant to the event name.
-- **ValueUInt64** The value to be logged. Described by field name and relevant to the event name.
-- **ValueWideStr** The value to log. Described by field name and relevant to the event name.
-
-
-### ManufacturingPlatformTel.ManufacturingPlatformActivityEventStart
-
-This is the Event Start Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved using SMBIOS on the DUT (target device).
-- **m_Identifier** Indicates the phase in ManufacturingPlatform that we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
-
-
-### ManufacturingPlatformTel.ManufacturingPlatformActivityEventStop
-
-This is the Event Stop Activity event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **DeviceTargetInfo** Describes general manufacturing and product information about the device, retrieved using SMBIOS on the DUT (target device).
-- **m_Identifier** Indicates the phase in ManufacturingPlatform that we are in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
-
-
-### ManufacturingPlatformTel.ManufacturingPlatformEvent
-
-This is the manufacturing event coming from the Manufacturing Platform. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CurrentDUTTime** Indicates the time on the DUT (or target device) using EFI protocols when the event was logged.
-- **DeviceFriendlyName** Friendly name of the device as retrieved from SMBIOS on the DUT (target device).
-- **DeviceTargetInfo** Describes general manufacturing and product information about the device and is retrieved using SMBIOS on the DUT (target device).
-- **DUTActivityGuid** The activity GUID that comes from TraceLoggingActivity associated with that operation on the DUT (target device).
-- **DUTDeviceUniqueId** A GUID to uniquely describes a target device.
-- **DUTSessionGuid** The session GUID given to the DUT (target device) when the host triggers an operation in the DUT.
-- **EventName** Refers to the specific event occurring from ManufacturingPlatform. A list of all possible events can be found in ufptelemetryevents.h. An example is: "GetFlashingImageData" or "GetFlashingStatus"
-- **FieldName** Describes the value field. If relevant it also includes the unit. Example: "ErrorMessage" or "TimeInSec"
-- **HostStartTime** Indicates the UTC system time on the host, recorded when the host starts a telemetry logging session on the DUT (target device)
-- **Identifier** Indicates the phase the ManufacturingPlatform is in. In FlashingPlatform, this field is empty. In FlashingDevice, it includes the DeviceUniqueId, and in an activity, it also includes the operation name.
-- **MajorVersionUInt64** Refers to the major version of the host UFP binaries.
-- **MinorVersionUInt64** Refers to the minor version of the host UFP binaries.
-- **OperationName** The name of the operation the host is triggering a logging session on the DUT (target device) for.
-- **ValueStr** The value to log. Described by field name and relevant to the event name.
-- **ValueUInt64** The value to log. Described by field name and relevant to the event name.
-- **ValueWideStr** The value to log. Described by field name and relevant to the event name.
-
-
## Microsoft Edge events
-### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel** An integer indicating the channel of the installation (Canary or Dev).
-- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName** A string representation of the installation source.
-- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample** A value indicating how the device's data is being sampled.
-- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel** An integer indicating the channel of the installation (Canary or Dev).
-- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName** A string representation of the installation source.
-- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample** A value indicating how the device's data is being sampled.
-- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
@@ -4389,41 +3621,9 @@ The following fields are available:
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
-- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
-- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
-- **installSourceName** A string representation of the installation source.
-- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
-- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
-- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
-- **pop_sample** A value indicating how the device's data is being sampled.
-- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
-- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
-
-
-### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
-
-This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
-
-The following fields are available:
-
-- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
-- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version.
-- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
-- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
-- **Channel** An integer indicating the channel of the installation (Canary or Dev).
-- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
-- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
-- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
-- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
-- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
-- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [ExperimentationAndConfigurationServiceControl](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **installSourceName** A string representation of the installation source.
@@ -4453,10 +3653,13 @@ The following fields are available:
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
+- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appLastLaunchTime** The time when browser was last launched.
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
@@ -4473,15 +3676,19 @@ The following fields are available:
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply.
- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
- **eventType** A string indicating the type of the event. Please see the wiki for additional information.
+- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
+- **hwDiskType** Device’s hardware disk type.
- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
@@ -4489,8 +3696,11 @@ The following fields are available:
- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwLogicalCpus** Number of logical CPUs of the device.
- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
+- **oemProductManufacturer** The device manufacturer name.
+- **oemProductName** The product name of the device defined by device manufacturer.
- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''.
- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''.
@@ -4510,6 +3720,41 @@ The following fields are available:
- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
+### Microsoft.Edge.Crashpad.CrashEvent
+
+This event sends simple Product and Service Performance data on a crashing Microsoft Edge browser process to help mitigate future instances of the crash.
+
+The following fields are available:
+
+- **app_name** The name of the crashing process.
+- **app_session_guid** Encodes the boot session, process id, and process start time.
+- **app_version** The version of the crashing process.
+- **client_id_hash** Hash of the browser client ID which helps identify installations.
+- **etag** Encodes the running experiments in the browser.
+- **module_name** The name of the module in which the crash originated.
+- **module_offset** Memory offset into the module in which the crash originated.
+- **module_version** The version of the module in which the crash originated.
+- **process_type** The type of the browser process that crashed, e.g., renderer, gpu-process, etc.
+- **stack_hash** Hash of the stack trace representing the crash. Currently not used or set to zero.
+- **sub_code** The exception/error code representing the crash.
+
+
+### Microsoft.Edge.Crashpad.HangEvent
+
+This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
+
+The following fields are available:
+
+- **app_name** The name of the hanging process.
+- **app_session_guid** Encodes the boot session, process, and process start time.
+- **app_version** The version of the hanging process.
+- **client_id_hash** Hash of the browser client id to help identify the installation.
+- **etag** Identifier to help identify running browser experiments.
+- **hang_source** Identifies how the hang was detected.
+- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
+- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
+
+
## Migration events
### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
@@ -4558,26 +3803,6 @@ The following fields are available:
- **Configs** Array of configs.
-### Microsoft.Windows.OneSettingsClient.StateChange
-
-This event indicates the change in config state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **flightId** Flight id.
-- **state** New state.
-
-
-### Microsoft.Windows.OneSettingsClient.Status
-
-This event indicates the config usage of status update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **flightId** Flight id.
-- **time** Time.
-
-
## OOBE events
### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateExpeditionChoiceCommitted
@@ -4600,16 +3825,6 @@ The following fields are available:
- **skippedReasonFlag** Flag representing reason for skip.
-### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStartUSOScan
-
-This event indicates USO Scan API call. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
-
-The following fields are available:
-
-- **oobeExpeditedUpdateCommitOption** Expedited update commit work type.
-- **resultCode** HR result of operation.
-
-
### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult
This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
@@ -4649,40 +3864,6 @@ The following fields are available:
- **userRegionCode** The current user's region setting
-## Servicing API events
-
-### Microsoft.Windows.ServicingUAPI.ModifyFeaturesEnd
-
-This event sends Software Setup and Inventory data regarding the end of an operation to modify a feature. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
-
-The following fields are available:
-
-- **Actions** A numeric flag that indicates whether the operations are Inbox.
-- **ClientId** A unique, human-readable identifier for telemetry/diagnostic purposes.
-- **Duration** Duration of operation in milliseconds.
-- **Flags** A numeric flag indicating the type of operation being requested.
-- **NetRequiredBytes** Net space required after operation completes or after reboot if operation requires one.
-- **RebootRequired** A true or false value indicating if a reboot is required to complete the operation.
-- **RequiredDownloadBytes** Space required to acquire content (compressed).
-- **Result** HResult at operation end.
-- **TotalMaxRequiredBytes** Total maximum space required during operation.
-
-
-### Microsoft.Windows.ServicingUAPI.ModifyFeaturesResult
-
-This event sends Software Setup and Inventory data regarding a result that occurred during an operation to modify a feature. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
-
-The following fields are available:
-
-- **ClientId** A unique, human-readable identifier for telemetry/diagnostic purposes.
-- **FeatureIntentFlags** A numeric flag indicating the reason that the feature is being modified.
-- **FeatureName** Feature name which includes language-specific version if in the Language namespace.
-- **FeatureNewIntentFlags** A numeric flag indicating the new reason that the feature is absent or installed.
-- **FeatureNewStateFlags** A numeric flag indicating the new state of the feature.
-- **FeatureStateFlags** A numeric flag indicating the current state of the feature.
-- **Result** HResult from operation to modify a feature.
-
-
## Setup events
### Microsoft.Windows.Setup.WinSetupBoot.BootBlockStart
@@ -4782,52 +3963,6 @@ The following fields are available:
- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
-## SIH events
-
-### SIHEngineTelemetry.EvalApplicability
-
-This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
-- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
-- **CachedEngineVersion** The engine DLL version that is being used.
-- **EventInstanceID** A unique identifier for event instance.
-- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
-- **IsExecutingAction** If the action is presently being executed.
-- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **SihclientVersion** The client version that is being used.
-- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID** A unique identifier for the action being acted upon.
-- **WuapiVersion** The Windows Update API version that is currently installed.
-- **WuaucltVersion** The Windows Update client version that is currently installed.
-- **WuauengVersion** The Windows Update engine version that is currently installed.
-- **WUDeviceID** The unique identifier controlled by the software distribution client.
-
-
-### SIHEngineTelemetry.ExecuteAction
-
-This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CachedEngineVersion** The engine DLL version that is being used.
-- **EventInstanceID** A unique identifier for event instance.
-- **EventScenario** Indicates the purpose of sending this event, whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **RebootRequired** Indicates if a reboot was required to complete the action.
-- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.).
-- **SihclientVersion** The SIH version.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateID** A unique identifier for the action being acted upon.
-- **WuapiVersion** The Windows Update API version.
-- **WuaucltVersion** The Windows Update version identifier for SIH.
-- **WuauengVersion** The Windows Update engine version identifier.
-- **WUDeviceID** The unique identifier controlled by the software distribution client.
-
-
## Software update events
### SoftwareUpdateClientTelemetry.CheckForUpdates
@@ -4839,54 +3974,29 @@ The following fields are available:
- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
- **AllowCachedResults** Indicates if the scan allowed using cached results.
- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable
-- **BranchReadinessLevel** The servicing branch configured on the device.
- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
-- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
- **ClientVersion** The version number of the software distribution client.
- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
-- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
-- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates** Update IDs which are currently being deferred until a later time
-- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered.
-- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled.
- **DriverSyncPassPerformed** Were drivers scanned this time?
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
-- **ExtendedMetadataCabUrl** Hostname that is used to download an update.
- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
-- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan.
-- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days).
- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days).
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
- **IPVersion** Indicates whether the download took place over IPv4 or IPv6
- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device.
- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **MSIError** The last error that was encountered during a scan for updates.
-- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
-- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete
- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked
- **NumberOfLoop** The number of round trips the scan required
- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan
- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan
- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down.
- **Online** Indicates if this was an online scan.
-- **PausedUpdates** A list of UpdateIds which that currently being paused.
-- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
-- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
-- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days).
- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days).
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
- **ScanDurationInSeconds** The number of seconds a scan took
- **ScanEnqueueTime** The number of seconds it took to initialize a scan
@@ -4896,90 +4006,43 @@ The following fields are available:
- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
- **SyncType** Describes the type of scan the event was
- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
-- **TargetReleaseVersion** The value selected for the target release version policy.
- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down.
-- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation.
- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-### SoftwareUpdateClientTelemetry.Commit
-
-This event sends data on whether the Update Service has been called to execute an upgrade, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle
-- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client
-- **ClassificationId** Classification identifier of the update content.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** The mode of operation of the update deployment provider.
-- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
-- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FlightId** The specific id of the flight the device is getting
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
-- **RevisionNumber** Identifies the revision number of this specific piece of content
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content
-
-
### SoftwareUpdateClientTelemetry.Download
This event sends tracking data about the software distribution client download of the content for that update, to help keep Windows up to date.
The following fields are available:
-- **ActiveDownloadTime** Number of seconds the update was actively being downloaded.
-- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download.
-- **AppXScope** Indicates the scope of the app download.
-- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle.
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
-- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
-- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
-- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
- **ClientVersion** The version number of the software distribution client.
- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior.
-- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
- **DownloadProps** Information about the download operation properties in the form of a bitmask.
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
- **EventType** Possible values are Child, Bundle, or Driver.
-- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight.
- **FlightId** The specific ID of the flight (pre-release build) the device is getting.
- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HostName** The hostname URL the content is downloading from.
-- **IPVersion** Indicates whether the download took place over IPv4 or IPv6.
- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
-- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
- **PackageFullName** The package name of the content.
-- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific content has previously failed.
- **RevisionNumber** The revision number of the specified piece of content.
- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
-- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
-- **TotalExpectedBytes** The total count of bytes that the download is expected to be.
- **UpdateId** An identifier associated with the specific piece of content.
- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedDO** Whether the download used the delivery optimization service.
- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
@@ -5035,113 +4098,6 @@ The following fields are available:
- **WUDeviceID** Unique device id controlled by the software distribution client
-### SoftwareUpdateClientTelemetry.Install
-
-This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** The version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
-- **CSIErrorType** The stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** The mode of operation of the update deployment provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
-- **EventType** Possible values are Child, Bundle, or Driver.
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build.
-- **FlightId** The specific ID of the Windows Insider build the device is getting.
-- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update).
-- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware** Indicates whether this update is a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
-- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
-- **MsiAction** The stage of MSI installation where it failed.
-- **MsiProductCode** The unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content being installed.
-- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
-- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
-- **RevisionNumber** The revision number of this specific piece of content.
-- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
-- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** The ID that represents a given MSI installation.
-- **UpdateId** Unique update ID.
-- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
-- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
-- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
-
-
-### SoftwareUpdateClientTelemetry.Revert
-
-This is a revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation that failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** The mode of operation of the update deployment provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
-- **EventType** Event type (Child, Bundle, Release, or Driver).
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of the flight.
-- **FlightId** The specific ID of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId** The identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device ID controlled by the software distribution client.
-
-
### SoftwareUpdateClientTelemetry.TaskRun
This is a start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
@@ -5158,55 +4114,6 @@ The following fields are available:
- **WUDeviceID** Unique device ID controlled by the software distribution client.
-### SoftwareUpdateClientTelemetry.Uninstall
-
-This is an uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
-
-The following fields are available:
-
-- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.).
-- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of the flight.
-- **FlightId** The specific ID of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicating whether Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicating whether Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device ID controlled by the software distribution client.
-
-
### SoftwareUpdateClientTelemetry.UpdateDetected
This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
@@ -5250,15 +4157,6 @@ The following fields are available:
## Surface events
-### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
-
-This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
-
-The following fields are available:
-
-- **pszBatteryDataXml** Battery performance data.
-
-
### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
@@ -5537,6 +4435,271 @@ The following fields are available:
- **totalUserTime** Total user mode time used by the job object.
+### Microsoft.Windows.Shell.EM.EMCompleted
+
+Event that tracks the effectiveness of an operation to mitigate an issue on devices that meet certain requirements.
+
+The following fields are available:
+
+- **cleanUpScheduledTaskHR** The result of the operation to clean up the scheduled task the launched the operation.
+- **eulaHashHR** The result of the operation to generate a hash of the EULA file that's currently on-disk.
+- **mitigationHR** The result of the operation to take corrective action on a device that's impacted.
+- **mitigationResult** The enumeration value representing the action that was taken on the device.
+- **mitigationResultReason** The string value representing the action that was taken on the device.
+- **mitigationSuccessWriteHR** The result of writing the success value to the registry.
+- **region** The device's default region at the time of execution.
+- **windowsVersionString** The version of Windows that was computed at the time of execution.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
+
+This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantCompatCheckResultOutput** Output of compatibility check for update assistant.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
+
+This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantAppFilePath** Path to Update Assistant app.
+- **UpdateAssistantDeviceId** Device Id of the Update Assistant Candidate Device.
+- **UpdateAssistantExeName** Exe name running as Update Assistant.
+- **UpdateAssistantExternalId** External Id of the Update Assistant Candidate Device.
+- **UpdateAssistantIsDeviceCloverTrail** True/False is the device clovertrail.
+- **UpdateAssistantIsPushing** True if the update is pushing to the device.
+- **UpdateAssistantMachineId** Machine Id of the Update Assistant Candidate Device.
+- **UpdateAssistantOsVersion** Update Assistant OS Version.
+- **UpdateAssistantPartnerId** Partner Id for Assistant application.
+- **UpdateAssistantReportPath** Path to report for Update Assistant.
+- **UpdateAssistantStartTime** Start time for UpdateAssistant.
+- **UpdateAssistantUiType** The type of UI whether default or OOBE.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+- **UpdateAssistantVersionInfo** Information about Update Assistant application.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantEULAProperty
+
+This event is set to true at the start of AcceptEULA. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantEULAPropertyGeoId** Geo Id used to show EULA.
+- **UpdateAssistantEULAPropertyRegion** Region used to show EULA.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantInteractive
+
+An user action such as button click happens.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantInteractiveObjective** The objective of the action performed.
+- **UpdateAssistantInteractiveUiAction** The action performed through UI.
+- **UpdateAssistantVersion** Current package version of Update Assistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantPostInstallDetails
+
+Information pertaining to post install phase of Update Assistant.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantPostInstallCV** Correlation vector for update assistant post install.
+- **UpdateAssistantPostInstallUpgradeClientId** Client id post install.
+- **UpdateAssistantPostInstallUserSignature** User signature of install.
+- **UpdateAssistantVersion** Current package version of Update Assistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantStateAcceptEULA** True at the start of AcceptEULA.
+- **UpdateAssistantStateCheckingCompat** True at the start of Checking Compat
+- **UpdateAssistantStateCheckingUpgrade** True at the start of CheckingUpgrade.
+- **UpdateAssistantStateDownloading** True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling** True at the start of Installing.
+- **UpdateAssistantStatePerformRestart** True at the start of PerformRestart.
+- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
+- **UpdateAssistantStateWelcomeToNewOS** True at the start of WelcomeToNewOS.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStateGeneralErrorDetails
+
+Details about errors of current state.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantGeneralErrorHResult** HResult of current state.
+- **UpdateAssistantGeneralErrorOriginalState** State name of current state.
+- **UpdateAssistantVersion** Current package version of Update Assistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
+
+This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantUserActionExitingState** Exiting state name user performed action on.
+- **UpdateAssistantUserActionHResult** HRESULT of user action.
+- **UpdateAssistantUserActionState** State name user performed action on.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantDwnldr.UpdateAssistantDownloadDetails
+
+Details about the Update Assistant ESD download.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The counter for all telemetry on the device.
+- **UpdateAssistantDownloadCancelled** True when the ESD download is cancelled.
+- **UpdateAssistantDownloadDownloadTotalBytes** The total size in bytes of the download.
+- **UpdateAssistantDownloadEditionMismatch** True if downloaded ESD doesn't match edition.
+- **UpdateAssistantDownloadESDEncrypted** True if ESD is encrypted.
+- **UpdateAssistantDownloadIs10s** True if ESD is 10s.
+- **UpdateAssistantDownloadMessage** Message from a completed or failed download.
+- **UpdateAssistantDownloadMsgSize** Size of the download.
+- **UpdateAssistantDownloadNEdition** True if ESD is N edition.
+- **UpdateAssistantDownloadPath** Full path to the download.
+- **UpdateAssistantDownloadPathSize** Size of the path.
+- **UpdateAssistantDownloadProductsXml** Full path of products xml.
+- **UpdateAssistantDownloadTargetEdition** The targeted edition for the download.
+- **UpdateAssistantDownloadTargetLanguage** The targeted language for the download.
+- **UpdateAssistantDownloadUseCatalog** True if update assistant is using catalog.
+- **UpdateAssistantVersion** Current package version of Update Assistant.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteDetectionStarted
+
+This event indicates that the detection phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** List of update IDs in progress.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteDownloadStarted
+
+This event indicates that the download phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
+- **ExpediteUpdatesInProgress** A list of update IDs in progress.
+- **ExpediteUsoLastError** The last error returned by USO.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterFailedToUpdateToExpectedUbr
+
+This event indicates the expected UBR of the device. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdaterPolicyRestoreResult** HRESULT of the policy restore.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanCompleted
+
+This event sends results of the expedite USO scan. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CartPolicySetOnDevice** True if the cart policy is set for the device.
+- **CV** Correlation vector.
+- **ExpediteCbsServicingInProgressStatus** True if servicing is in progress in cbs for the device.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy ID of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteScheduledTaskCreated** Indicates whether the scheduled task was created (true/false).
+- **ExpediteScheduledTaskHresult** HRESULT for scheduled task creation.
+- **ExpediteUpdaterCurrentUbr** The UBR of the device.
+- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
+- **ExpediteUpdaterMonitorResult** HRESULT of the USO monitoring.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **ExpediteUpdaterScanResult** HRESULT of the expedite USO scan.
+- **ExpediteUpdaterUsoResult** HRESULT of the USO initialization and resume API calls.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.ExpediteUpdaterScanStarted
+
+This event sends telemetry that USO scan has been started. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CartPolicySetOnDevice** True if the cart policy is set for a given device.
+- **CV** Correlation vector.
+- **ExpediteErrorBitMap** Bit map value for any error code.
+- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpediteResult** Boolean value for success or failure.
+- **ExpediteUpdaterCurrentUbr** The UBR of the device.
+- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
+- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
+- **GlobalEventCounter** Counts the number of events for this provider.
+- **PackageVersion** The package version label.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsCachedNotificationRetrieved
+
+This event is sent when a notification is received. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** A correlation vector.
+- **GlobalEventCounter** This is a client side counter that indicates ordering of events sent by the user.
+- **PackageVersion** The package version of the label.
+- **UpdateHealthToolsBlobNotificationNotEmpty** A boolean that is true if the blob notification has valid content.
+
+
### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploaded
This event is received when the UpdateHealthTools service uploads device information. The data collected with this event is used to help keep Windows secure and up to date.
@@ -5550,6 +4713,62 @@ The following fields are available:
- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsDeviceInformationUploadFailed
+
+This event provides information for device which failed to upload the details. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Telemetry event counter.
+- **PackageVersion** Version label of the package sending telemetry.
+- **UpdateHealthToolsEnterpriseActionResult** Result of running the tool expressed as an HRESULT.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationCompleted
+
+This event is received when a push notification has been completed by the UpdateHealthTools service. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsEnterpriseActionResult** The HRESULT return by the enterprise action.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationReceived
+
+This event is received when the UpdateHealthTools service receives a push notification. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+- **UpdateHealthToolsPushCurrentChannel** The channel used to receive notification.
+- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
+- **UpdateHealthToolsPushCurrentStep** The current step for the push notification.
+
+
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationStatus
+
+This event is received when there is status on a push notification. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of UpdateHealthTools.
+- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device.
+- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push.
+- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push.
+- **UpdateHealthToolsPushCurrentStep** The current step for the push notification
+
+
### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceIsDSSJoin
This event is sent when a device has been detected as DSS device. The data collected with this event is used to help keep Windows secure and up to date.
@@ -5561,31 +4780,19 @@ The following fields are available:
- **PackageVersion** The package version of the label.
+### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsServiceStarted
-## Update events
-
-### Update360Telemetry.DriverUpdateSummaryReport
-
-This event collects information regarding the state of devices and drivers on the system, following a reboot, after the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent when the service first starts. It is a heartbeat indicating that the service is available on the device. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
-- **AnalysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during the analysis.
-- **AppendError** A Boolean indicating if there was an error appending more information to the summary string.
-- **DevicePopulateErrorCount** The number of errors that occurred during the population of the list of all devices on the system, includes information such as, hardware ID, compatible ID.
-- **ErrorCode** The error code returned.
-- **FlightId** The flight ID for the driver manifest update.
-- **ObjectId** The unique value for each diagnostics session.
-- **RelatedCV** Correlation vector value generated from the latest USO scan.
-- **Result** Indicates the result of the update.
-- **ScenarioId** Indicates the update scenario.
-- **SessionId** The unique value for each update session.
-- **Summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match.
-- **TruncatedDeviceCount** The number of devices missing from the summary string due to there not being enough room in the string.
-- **TruncatedDriverCount** The number of devices missing from the summary string due to there not being enough room in the string.
-- **UpdateId** Unique ID for each update.
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of remediation.
+## Update events
+
### Update360Telemetry.Revert
This event sends data relating to the Revert phase of updating Windows. The data collected with this event is used to help keep Windows secure and up to date.
@@ -5604,7 +4811,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5621,7 +4828,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5666,7 +4873,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5688,7 +4895,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5710,7 +4917,6 @@ This event sends data for the install phase of updating Windows. The data collec
The following fields are available:
-- **CancelRequested** Boolean to indicate whether a cancel was requested.
- **ErrorCode** The error code returned for the current install phase.
- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
@@ -5771,7 +4977,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5787,7 +4993,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5805,7 +5011,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentPostRebootResult
-This event collects information regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5841,7 +5047,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentSetupBoxLaunch
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -5947,7 +5153,7 @@ The following fields are available:
### Setup360Telemetry.OsUninstall
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, Windows 10, and Windows 11. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6013,12 +5219,12 @@ The following fields are available:
### Setup360Telemetry.PreDownloadUX
-This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10, Windows 11 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
+This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
The following fields are available:
- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **HostOSBuildNumber** The build number of the previous operating system.
- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system).
- **InstanceId** Unique GUID that identifies each instance of setuphost.exe.
@@ -6057,7 +5263,7 @@ The following fields are available:
### Setup360Telemetry.PreInstallUX
-This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, Windows 10, and Windows 11, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
The following fields are available:
@@ -6155,7 +5361,7 @@ The following fields are available:
### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6309,80 +5515,375 @@ The following fields are available:
- **timeStamp** The error time stamp as recorded in the error record.
-## Windows Update CSP events
+## Windows Store events
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed
+### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
-This event sends basic telemetry on the failure of the Feature Rollback. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
The following fields are available:
-- **current** Result of currency check.
-- **dismOperationSucceeded** Dism uninstall operation status.
-- **hResult** Failure error code.
-- **oSVersion** Build number of the device.
-- **paused** Indicates whether the device is paused.
-- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice** This is the device info.
-- **wUfBConnected** Result of Windows Update for Business connection check.
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The Item Bundle ID.
+- **CategoryId** The Item Category ID.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Was this requested by a user?
+- **IsMandatory** Was this a mandatory update?
+- **IsRemediation** Was this a remediation install?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Flag indicating if this is an update.
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The product family name of the product being installed.
+- **ProductId** The identity of the package or packages being installed.
+- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled.
+- **UserAttemptNumber** The total number of user attempts at installation before it was canceled.
+- **WUContentId** The Windows Update content ID.
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable
+### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
-This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
+
+This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
+
+This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
The following fields are available:
-- **current** Result of currency check.
-- **dismOperationSucceeded** Dism uninstall operation status.
-- **oSVersion** Build number of the device.
-- **paused** Indicates whether the device is paused.
-- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice** Represents the device info.
-- **wUfBConnected** Result of Windows Update for Business connection check.
+- **CatalogId** The Store Product ID of the app being installed.
+- **HResult** HResult code of the action being performed.
+- **IsBundle** Is this a bundle?
+- **PackageFamilyName** The name of the package being installed.
+- **ProductId** The Store Product ID of the product being installed.
+- **SkuId** Specific edition of the item being installed.
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted
+### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
-This event sends basic information indicating that Feature Rollback has started. The data collected with this event is used to help keep Windows secure and up to date.
-
-
-
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityFailed
-
-This event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
The following fields are available:
-- **current** Result of currency check.
-- **dismOperationSucceeded** Dism uninstall operation status.
-- **hResult** Failure Error code.
-- **oSVersion** Build number of the device.
-- **paused** Indicates whether the device is paused.
-- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice** Release Channel.
-- **wUfBConnected** Result of Windows Update for Business connection check.
+- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
+- **AttemptNumber** The total number of attempts to acquire this product.
+- **BundleId** The bundle ID
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** HResult code to show the result of the operation (success/failure).
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Did the user initiate the installation?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this happening after a device restore?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
+- **UserAttemptNumber** The number of attempts by the user to acquire this product
+- **WUContentId** The Windows Update content ID.
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable
+### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
-This event informs you whether a rollback of Quality updates is applicable to the devices that you are attempting to rollback. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
The following fields are available:
-- **current** Result of currency check.
-- **dismOperationSucceeded** Dism uninstall operation status.
-- **oSVersion** Build number of the device.
-- **paused** Indicates whether the device is paused.
-- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status.
-- **sacDevice** Device in the General Availability Channel.
-- **wUfBConnected** Result of Windows Update for Business connection check.
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The identity of the Windows Insider build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **DownloadSize** The total size of the download.
+- **ExtendedHResult** Any extended HResult error codes.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this initiated by the user?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this a restore of a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
+- **PFN** The Product Family Name of the app being download.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to download.
+- **UserAttemptNumber** The number of attempts by the user to download.
+- **WUContentId** The Windows Update content ID.
-### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityStarted
+### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
-This event indicates that the Quality Rollback process has started. The data collected with this event is used to help keep Windows secure and up to date.
+This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
+The following fields are available:
+
+- **HResult** The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
+
+This event is sent after sending the inventory of the products installed to determine whether updates for those products are available. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
+
+This event is sent after a product has been installed to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **ExtendedHResult** The extended HResult error code.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this an interactive installation?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
+
+This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsApplicability** Is this request to only check if there are any applicable packages to install?
+- **IsInteractive** Is this user requested?
+- **IsOnline** Is the request doing an online check?
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
+
+This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
+
+This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of system attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
+
+This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
+
+This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **FailedRetry** Indicates whether the installation or update retry was successful.
+- **HResult** The HResult code of the operation.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
+
+This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
+
+This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **BundleId** The identity of the build associated with this product.
+- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specific edition ID being installed.
+- **VolumePath** The disk path of the installation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
+
+This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The Product Full Name.
+- **PreviousHResult** The result code of the last action performed before this operation.
+- **PreviousInstallState** Previous state before the installation or update was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
+
+This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **IsUserRetry** Did the user initiate the retry?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **PreviousHResult** The previous HResult error code.
+- **PreviousInstallState** Previous state before the installation was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector for the original install before it was resumed.
+- **ResumeClientId** The ID of the app that initiated the resume operation.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
+
+This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ProductId** The Store Product ID for the product being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
+
+This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The Store Catalog ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specfic edition of the app being updated.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
+
+Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CatalogId** The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **HResult** The resulting HResult error/success code of this operation.
+- **NewState** The current fulfillment state of this product.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginLastStage** The most recent product fulfillment step that the plug-in has reported (different than its state).
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **Prevstate** The previous fulfillment state of this product.
+- **ProductId** Product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
+
+This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **PFamN** The name of the app that is requested for update.
## Windows Update Delivery Optimization events
@@ -6421,61 +5922,6 @@ The following fields are available:
- **updateID** The ID of the update being downloaded.
-### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
-
-This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **background** Is the download a background download?
-- **bytesFromCacheServer** Bytes received from a cache host.
-- **bytesFromCDN** The number of bytes received from a CDN source.
-- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
-- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
-- **bytesFromLedbat** The number of bytes received from source using an Ledbat enabled connection.
-- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
-- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
-- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
-- **bytesRequested** The total number of bytes requested for download.
-- **cacheServerConnectionCount** Number of connections made to cache hosts.
-- **cdnConnectionCount** The total number of connections made to the CDN.
-- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
-- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
-- **cdnIp** The IP address of the source CDN.
-- **cdnUrl** Url of the source Content Distribution Network (CDN).
-- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion.
-- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
-- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
-- **downlinkUsageBps** The download speed (in bytes per second).
-- **downloadMode** The download mode used for this file download session.
-- **downloadModeReason** Reason for the download.
-- **downloadModeSrc** Source of the DownloadMode setting.
-- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
-- **expiresAt** The time when the content will expire from the Delivery Optimization Cache.
-- **fileID** The ID of the file being downloaded.
-- **fileSize** The size of the file being downloaded.
-- **groupConnectionCount** The total number of connections made to peers in the same group.
-- **groupID** A GUID representing a custom group of devices.
-- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
-- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download.
-- **isThrottled** Event Rate throttled (event represents aggregated data).
-- **isVpn** Is the device connected to a Virtual Private Network?
-- **jobID** Identifier for the Windows Update job.
-- **lanConnectionCount** The total number of connections made to peers in the same LAN.
-- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network.
-- **numPeers** The total number of peers used for this download.
-- **numPeersLocal** The total number of local peers used for this download.
-- **predefinedCallerName** The name of the API Caller.
-- **restrictedUpload** Is the upload restricted?
-- **routeToCacheServer** The cache server setting, source, and value.
-- **sessionID** The ID of the download session.
-- **sessionTimeMs** The duration of the session, in milliseconds.
-- **totalTimeMs** Duration of the download (in seconds).
-- **updateID** The ID of the update being downloaded.
-- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
-- **uplinkUsageBps** The upload speed (in bytes per second).
-
-
### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
@@ -6719,34 +6165,18 @@ The following fields are available:
- **WorkCompleted** A flag that indicates if work is completed.
-### Microsoft.Windows.Update.Orchestrator.Client.MACUpdateInstallResult
-
-This event reports the installation result details of the MACUpdate expedited application. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **Completed** Indicates whether the installation is complete.
-- **InstallFailureReason** Indicates the reason an install failed.
-- **IsRetriableError** Indications whether the error is retriable.
-- **OperationStatus** Returns the operation status result reported by the installation attempt.
-- **Succeeded** Indicates whether the installation succeeded.
-- **VelocityEnabled** Indicates whether the velocity tag for MACUpdate is enabled.
-
-
### Microsoft.Windows.Update.Orchestrator.UX.InitiatingReboot
This event indicates that a restart was initiated in to enable the update process. The data collected with this event is used to help keep Windows up to date.
The following fields are available:
-- **correlationVector.c_str()** Represents the correlation vector.
-- **isInteractive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action or not.
-- **isOnAC** Indicates whether the device was on AC power when the restart was initiated.
-- **isRebootOutsideOfActiveHours** is reboot outside active hours.
-- **isRebootScheduledByUser** is reboot scheduled by user.
-- **reduceDisruptionFlagSet** Indicates whether the disruptless overnight reboot behavior is enabled.
-- **updateIdList** list of Update ID.
-- **wokeToRestart** whether the device woke to perform the restart.
+- **isInteractive** Indicates reboot initiation stage of the update process was entered as a result of user action or not, to determine actions needed to keep Windows up to date.
+- **isOnAC** Whether the device is on AC power when the restart was initiated.
+- **isRebootOutsideOfActiveHours** Is reboot outside active hours.
+- **isRebootScheduledByUser** Is reboot scheduled by user.
+- **updateIdList** List of Update ID.
+- **wokeToRestart** Whether the device woke to perform the restart.
### Microsoft.Windows.Update.Orchestrator.UX.RebootFailed
@@ -6756,12 +6186,22 @@ This event indicates that the reboot failed and the update process failed to det
The following fields are available:
- **batteryLevel** Battery level percentage.
-- **correlationVector.c_str()** correlation vector.
- **error** error for reboot failed.
- **isRebootOutsideOfActiveHours** Indicates the timing that the failed reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date.
- **updateIdList** List of update ids.
+### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted
+
+Indicates that EULA for an update has been accepted.
+
+The following fields are available:
+
+- **publisherIntent** Publisher Intent id associated with the update.
+- **reason** Reason for EULA acceptance.
+- **update** Update for which EULA has been accepted.
+
+
### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved
This event signifies an update being approved around the OOBE time period. The data collected with this event is used to help keep Windows secure and up to date.
@@ -6785,1193 +6225,12 @@ The following fields are available:
- **freeDiskSpaceInMB** Amount of free disk space.
- **interactive** Informs if this action is caused due to user interaction.
- **priority** The CPU and IO priority this action is being performed on.
-- **provider** The provider that is being invoked to perform this action (Windows Update , Legacy UO Provider etc.).
+- **provider** The provider that is being invoked to perform this action (Windows Update, Legacy UO Provider etc.).
- **update** Update related metadata including UpdateId.
- **uptimeMinutes** Duration USO for up for in the current boot session.
- **wilActivity** Wil Activity related information.
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled
-
-This event checks for updates canceled on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults** Indicates if the scan allowed using cached results.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business target version is enabled on the device.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
-- **NumberOfLoop** Number of roundtrips the scan required.
-- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
-- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
-- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
-- **Online** Indicates if this was an online scan.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ScanDurationInSeconds** Number of seconds the scan took to complete.
-- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
-- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **ServiceUrl** Environment URL for which a device is configured to scan.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
-- **TotalNumMetadataSignatures** The detected version of the self healing engine that is currently downloading or downloaded.
-- **WUDeviceID** The detected version of the self healing engine that is currently downloading or downloaded.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesFailed
-
-This event checks for failed updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults** Indicates if the scan allowed using cached results.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **CapabilityDetectoidGuid** GUID for a hardware applicability detectoid that could not be evaluated.
-- **CDNCountryCode** Two letter country abbreviation for the CDN's location.
-- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DriverError** The error code hit during a driver scan, or 0 if no error was hit.
-- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **ExtendedMetadataCabUrl** URL for the extended metadata cab.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FailedUpdateGuids** GUIDs for the updates that failed to be evaluated during the scan.
-- **FailedUpdatesCount** Number of updates that failed to be evaluated during the scan.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business target version is enabled on the device.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **MSIError** The last error encountered during a scan for updates.
-- **NetworkConnectivityDetected** 0 when IPv4 is detected, 1 when IPv6 is detected.
-- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
-- **NumberOfLoop** Number of roundtrips the scan required.
-- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
-- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
-- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
-- **Online** Indicates if this was an online scan.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ScanDurationInSeconds** Number of seconds the scan took to complete.
-- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
-- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **ServiceUrl** Environment URL for which a device is configured to scan.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult.).
-- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
-- **TotalNumMetadataSignatures** The detected version of the self healing engine that is currently downloading or downloaded.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesRetry
-
-This event checks for update retries on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults** Indicates if the scan allowed using cached results.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DriverSyncPassPerformed** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **ExtendedStatusCode** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
-- **FeatureUpdatePause** Failed Parse actions.
-- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
-- **NumberOfLoop** Number of roundtrips the scan required.
-- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
-- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
-- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
-- **Online** Indicates if this was an online scan.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ScanDurationInSeconds** Number of seconds the scan took to complete.
-- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
-- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **ServiceUrl** Environment URL for which a device is configured to scan.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
-- **TotalNumMetadataSignatures** Total number of metadata signatures checks done for new metadata synced down.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesScanInitFailed
-
-This event checks for failed update initializations on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesServiceRegistrationFailed
-
-This event checks for updates for failed service registrations the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **Context** Context of failure.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesStarted
-
-This event checks for updates started on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBFederatedScanDisabled** Flag indicated is Windows Update for Business FederatedScan is disabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CheckForUpdatesSucceeded
-
-This event checks for successful updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActivityMatchingId** Unique identifier for a single CheckForUpdates session from initialization to completion.
-- **AllowCachedResults** Indicates if the scan allowed using cached results.
-- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
-- **BranchReadinessLevel** Servicing branch train configured on the device (CB, CBB, none).
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
-- **DeferredUpdates** UpdateIds which are currently being deferred until a later time.
-- **DriverExclusionPolicy** Indicates if policy for not including drivers with Windows Update (WU) updates is enabled.
-- **DriverSyncPassPerformed** A flag indicating whether the driver sync is performed in a update scan.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **ExcludedUpdateClasses** Update classifications being excluded via policy.
-- **ExcludedUpdates** UpdateIds which are currently being excluded via policy.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdateDeferral** Deferral period configured for feature OS updates on the device, in days.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FeatureUpdatePausePeriod** Pause duration configured for feature OS updates on the device, in days.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6).
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete.
-- **NumberOfApplicationsCategoryScanEvaluated** Number of categories (apps) for which an app update scan checked.
-- **NumberOfLoop** Number of roundtrips the scan required.
-- **NumberOfNewUpdatesFromServiceSync** Number of updates which were seen for the first time in this scan.
-- **NumberOfUpdatesEvaluated** Number of updates evaluated by the scan.
-- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down.
-- **Online** Indicates if this was an online scan.
-- **PausedUpdates** UpdateIds which are currently being paused.
-- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, datetime for the end of the pause time window.
-- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, datetime for the beginning of the pause time window.
-- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, datetime for the end of the pause time window.
-- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, datetime for the beginning of the pause time window.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdateDeferral** Deferral period configured for quality OS updates on the device, in days.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **QualityUpdatePausePeriod** Pause duration configured for quality OS updates on the device, in days.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ScanDurationInSeconds** Number of seconds the scan took to complete.
-- **ScanEnqueueTime** Number of seconds it took to initialize the scan.
-- **ScanProps** This will be a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits will be used; all remaining bits will be reserved and set to zero. Bit 0 (0x1): IsInteractive -- will be set to 1 if the scan is requested by a user, or to 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker -- will be set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **ServiceUrl** Environment URL for which a device is configured to scan.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
-- **TargetReleaseVersion** For drivers targeted to a specific device model, this is the version release of the drivers being distributed to the device.
-- **TotalNumMetadataSignatures** Total number of metadata signatures checks done for new metadata synced down.
-- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete the operation.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.CommitFailed
-
-This event checks for failed commits on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
-- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content.
-
-
-### Microsoft.Windows.Update.WUClient.CommitStarted
-
-This event tracks the commit started event on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content.
-
-
-### Microsoft.Windows.Update.WUClient.CommitSucceeded
-
-This event is used to track the commit succeeded process, after the update installation, when the software update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc.
-- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **HandlerType** The specific id of the flight the device is getting.
-- **RevisionNumber** Indicates the kind of content (app, driver, windows patch, etc.).
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadCanceled
-
-This event tracks the download canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActiveDownloadTime** Identifies the active total transferring time in seconds.
-- **AppXBlockHashFailures** Number of block hash failures.
-- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - Only the content required to launch the app is being downloaded "AutomaticContentOnly" - Only the optional [automatic] content for the app, i.e. the ones that can downloaded after the app has been launched, is being downloaded "AllContent" - All content for the app, including the optional [automatic] content, is being downloaded.
-- **BundleBytesDownloaded** Number of bytes downloaded for bundle.
-- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
-- **BundleRepeatFailCount** Identifies the number of repeated download failures.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **BytesDownloaded** Identifies the number of bytes downloaded.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **CancelReason** Reason why download is canceled.
-- **CbsMethod** Identifies the CBS SelfContained method.
-- **CDNCountryCode** CDN country identifier.
-- **CDNId** CDN Identifier.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **ConnectTime** Identifies the total connection time in milliseconds.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **DownloadStartTime** Identifies the download start time.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HostName** Identifies the hostname.
-- **IPVersion** Identifies the IP Connection Type version.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **NetworkCost** Identifies the network cost.
-- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
-- **PackageFullName** Package name of the content.
-- **PostDnldTime** Identifies the delay after last job in seconds.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Identifies repeated download failure count.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SizeCalcTime** Identifies time taken for payload size calculation.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TotalExpectedBytes** Identifies the total expected download bytes.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedDO** Identifies if used DO.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadFailed
-
-This event tracks the download failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActiveDownloadTime** Identifies the active total transferring time in seconds.
-- **AppXBlockHashFailures** Number of block hash failures.
-- **AppXScope** Identifies streaming app phase.
-- **BundleBytesDownloaded** Number of bytes downloaded for bundle.
-- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
-- **BundleRepeatFailCount** Identifies the number of repeated download failures.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **BytesDownloaded** Identifies the number of bytes downloaded.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **CbsMethod** Identifies the CBS SelfContained method.
-- **CDNCountryCode** Identifies the source CDN country code.
-- **CDNId** CDN Identifier.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **ConnectTime** Identifies the total connection time in milliseconds.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **DownloadStartTime** Identifies the download start time.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HostName** Identifies the hostname.
-- **IPVersion** Identifies the IP Connection Type version.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **NetworkCost** Identifies the network cost.
-- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
-- **PackageFullName** The package name of the content.
-- **PostDnldTime** Identifies the delay after last job in seconds.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Identifies repeated download failure count.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SizeCalcTime** Identifies time taken for payload size calculation.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TotalExpectedBytes** Identifies the total expected download bytes.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedDO** Identifies if used DO.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadQueued
-
-This event tracks the download queued event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **Reason** Regulation reason of why queued.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadStarted
-
-This event tracks the download started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadSucceeded
-
-This event tracks the successful download event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn’t actively being downloaded.
-- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload.
-- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - Only the content required to launch the app is being downloaded "AutomaticContentOnly" - Only the optional [automatic] content for the app, i.e. the ones that can downloaded after the app has been launched, is being downloaded "AllContent" - All content for the app, including the optional [automatic] content, is being downloaded.
-- **BundleBytesDownloaded** Indicates the bytes downloaded for bundle.
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Identifies the number of repeated download failures.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle).
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. This value can be one of the following: 1. Express download method was used for download. 2. SelfContained download method was used for download indicating the update had no express content. 3. SelfContained download method was used indicating that the update has an express payload, but the server is not hosting it. 4. SelfContained download method was used indicating that range requests are not supported. 5. SelfContained download method was used indicating that the system does not support express download (dpx.dll is not present). 6. SelfContained download method was used indicating that self-contained download method was selected previously. 7. SelfContained download method was used indicating a fall back to self-contained if the number of requests made by DPX exceeds a certain threshold.
-- **CDNCountryCode** Two letter country abbreviation for the CDN's location.
-- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **ConnectTime** Indicates the cumulative sum (in seconds) of how long it took to establish the connection for all updates in an update bundle.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **DownloadStartTime** Start time in FILETIME for the download.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **HostName** The hostname URL the content is downloading from.
-- **IPVersion** Indicates whether download took place on IPv4 or IPv6 (0-Unknown, 1-IPv4, 2-IPv6)
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag indicated is Windows Update for Business targeted version is enabled on the device.
-- **NetworkCost** A flag indicating the cost of the network being used for downloading the update content. That could be one of the following values0x0 : Unkown0x1 : Network cost is unrestricted0x2 : Network cost is fixed0x4 : Network cost is variable0x10000 : Network cost over data limit0x20000 : Network cost congested0x40000 : Network cost roaming0x80000 : Network cost approaching data limit.
-- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be “metered”.
-- **PackageFullName** The package name of the content.
-- **PostDnldTime** Time taken, in seconds, to signal download completion after the last job has completed downloading payload.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SizeCalcTime** Time taken, in seconds, to calculate the total download size of the payload.
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TotalExpectedBytes** Total count of bytes that the download is expected (total size of the download.).
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedDO** Indicates whether the download used the delivery optimization service.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.DownloadSwitchingToBITS
-
-This event tracks the download switching to BITS event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
-- **BundleRevisionNumber** Identifies the number of repeated download failures.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **DownloadPriority** Indicates the priority of the download activity.
-- **DownloadProps** Indicates a bitmask for download operations indicating 1. If an update was downloaded to a system volume (least significant bit i.e. bit 0) 2. If the update was from a channel other than the installed channel (bit 1) 3. If the update was for a product pinned by policy (bit 2) 4. If the deployment action for the update is uninstall (bit 3).
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.InstallCanceled
-
-This event tracks the install canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **MsiAction** Stage of MSI installation where it failed.
-- **MsiProductCode** Unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** ID which represents a given MSI installation.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.InstallFailed
-
-This event tracks the install failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **MsiAction** Stage of MSI installation where it failed.
-- **MsiProductCode** Unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** ID which represents a given MSI installation.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.InstallRebootPending
-
-This event tracks the install reboot pending event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **MsiAction** Stage of MSI installation where it failed.
-- **MsiProductCode** Unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** ID which represents a given MSI installation.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.InstallStarted
-
-The event tracks the install started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **MsiAction** Stage of MSI installation where it failed.
-- **MsiProductCode** Unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** ID which represents a given MSI installation.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.InstallSucceeded
-
-The event tracks the successful install event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedErrorCode** The extended error code.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **InstallProps** A bitmask for future flags associated with the install operation. There is no value being reported in this field right now. Expected value for this field is 0.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **MsiAction** Stage of MSI installation where it failed.
-- **MsiProductCode** Unique identifier of the MSI installer.
-- **PackageFullName** The package name of the content.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **TransactionCode** ID which represents a given MSI installation.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.RevertFailed
-
-This event tracks the revert failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.RevertStarted
-
-This event tracks the revert started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.RevertSucceeded
-
-The event tracks the successful revert event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
-- **BundleRepeatFailCount** Indicates whether this particular update bundle had previously failed.
-- **BundleRevisionNumber** Identifies the revision number of the content bundle.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClassificationId** Classification identifier of the update content.
-- **ClientVersion** Version number of the software distribution client.
-- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
-- **CSIErrorType** Stage of CBS installation where it failed.
-- **DeploymentMutexId** Mutex identifier of the deployment operation.
-- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation.
-- **DeploymentProviderMode** Mode of operation of the Update Deployment Provider.
-- **DriverPingBack** Contains information about the previous driver and system state.
-- **DriverRecoveryIds** The list of identifiers which could be used for uninstalling the drivers when a recovery is required.
-- **EventInstanceID** A globally unique identifier for event instance.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
-- **FlightBuildNumber** Indicates the build number of that flight.
-- **FlightId** The specific id of the flight the device is getting.
-- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
-- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
-- **IsFinalOutcomeEvent** Indicates if this event signal the end of the update/upgrade process.
-- **IsFirmware** Indicates whether an update was a firmware update.
-- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
-- **IsWUfBDualScanEnabled** Flag indicated is Windows Update for Business dual scan is enabled on the device.
-- **IsWUfBEnabled** Flag indicated is Windows Update for Business is enabled on the device.
-- **IsWUfBTargetVersionEnabled** Flag that indicates if the Windows Update for Business target version policy is enabled on the device.
-- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
-- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
-- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RepeatFailCount** Indicates whether this specific piece of content had previously failed.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
-- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
-- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClient.UpdateDetected
-
-This event tracks the update detected event when the software update client is trying to update the device. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
-- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClientExt.DataStoreHealth
-
-This event tracks the health of the data store. The data store stores updated metadata synced from the update services, service endpoint information synced from SLS services, and in-progress update data so the update client can continue to serve after reboot. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **EventScenario** Indicates the purpose of the event, for example, whether the scan started, succeeded or failed.
-- **StatusCode** The result code of the event (success, cancellation, failure code HResult).
-
-
-### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint
-
-This is a checkpoint event between the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
-- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **FileId** Unique identifier for the downloaded file.
-- **FileName** Name of the downloaded file.
-- **FlightId** The specific id of the flight the device is getting.
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **UpdateId** Identifier associated with the specific piece of content.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat
-
-This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **BytesTotal** Total bytes to transfer for this content.
-- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat.
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **ClientVersion** Version number of the software distribution client.
-- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat.
-- **CurrentError** Last (transient) error encountered by the active download.
-- **DownloadFlags** Flags indicating if power state is ignored.
-- **DownloadState** Current state of the active download for this content (queued, suspended, progressing).
-- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver".
-- **FlightId** The specific id of the flight the device is getting.
-- **IsNetworkMetered** Indicates whether Windows considered the current network to be “metered”.
-- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any.
-- **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any.
-- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby).
-- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
-- **ResumeCount** Number of times this active download has resumed from a suspended state.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SuspendCount** Number of times this active download has entered a suspended state.
-- **SuspendReason** Last reason for which this active download has entered suspended state.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **WUDeviceID** Unique device id controlled by the software distribution client.
-
-
-### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrity
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows up to date and secure.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl** Endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
-- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
-- **ListOfSHA256OfIntermediateCerData** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id).
-- **MetadataSignature** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
-- **RawValidityWindowInDays** Raw unparsed mode string from the SLS response. May be null if not applicable.
-- **RevisionId** Identifies the revision of this specific piece of content.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SHA256OfLeafCerData** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate.
-- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key.
-- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
-- **SignatureAlgorithm** Hash algorithm for the metadata signature.
-- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
-- **UpdateId** Identifier associated with the specific piece of content.
-- **ValidityWindowInDays** Validity window in days.
-
-
-### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
-- **EventScenario** Field indicating the sub-phase event scenario.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
-- **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data.
-- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id).
-- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
-- **RawValidityWindowInDays** Raw unparsed string of validity window in effect when verifying the timestamp.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data.
-- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-
-
-### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
-- **EventScenario** Field indicating the sub-phase event scenario.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
-- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id).
-- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
-- **RevisionId** Identifies the revision of this specific piece of content.
-- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key.
-- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
-- **SignatureAlgorithm** Hash algorithm for the metadata signature.
-- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed.
-- **UpdateId** Identifier associated with the specific piece of content.
-
-
-### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp
-
-This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
-- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
-- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
-- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
-- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
-- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
-- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
-- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
-- **ValidityWindowInDays** Validity window in effect when verifying the timestamp.
-
-
### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed
This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure.
@@ -7981,7 +6240,6 @@ The following fields are available:
- **LoadProps** A bitmask for flags associated with loading the undocked module.
- **ModulePath** Path of the undocked module.
- **ModuleVersion** Version of the undocked module.
-- **PinkyFlags** PinkyFlags used to create the UUS session.
- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
- **StatusCode** Result of the undocked module loading operation.
- **UusSessionID** Unique ID used to create the UUS session.
@@ -8018,6 +6276,23 @@ The following fields are available:
- **CommandLine** The command line used to launch RUXIMICS.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
+
+This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **ETagValue** eTag for sync.
+- **hrInitialize** Error, if any, that occurred while initializing OneSettings.
+- **hrQuery** Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
+
+This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
+
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -8032,68 +6307,8 @@ The following fields are available:
- **WasPresented** True if the user interaction campaign is displayed to the user.
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
-
-
-### Microsoft.Windows.WindowsUpdate.RUXIM.IHLaunch
-
-This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) is launched. The data collected with this event is used to help keep Windows up to date and performing properly.
-
-The following fields are available:
-
-- **CommandLine** The command line used to launch RUXIMIH.
-- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
-
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext** The function where the failure occurred.
-- **currentContextId** The ID of the current call context where the failure occurred.
-- **currentContextMessage** The message of the current call context where the failure occurred.
-- **currentContextName** The name of the current call context where the failure occurred.
-- **failureCount** The number of failures for this failure ID.
-- **failureId** The ID of the failure that occurred.
-- **failureType** The type of the failure that occurred.
-- **fileName** The file name where the failure occurred.
-- **function** The function where the failure occurred.
-- **hresult** The HResult of the overall activity.
-- **lineNumber** The line number where the failure occurred.
-- **message** The message of the failure that occurred.
-- **module** The module where the failure occurred.
-- **originatingContextId** The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage** The message of the originating call context that resulted in the failure.
-- **originatingContextName** The name of the originating call context that resulted in the failure.
-- **threadId** The ID of the thread on which the activity is executing.
-
## Windows Update mitigation events
-### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ActivityError
-
-This event provides information for error encountered when enabling In-Place Upgrade. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **wilActivity** Result of the attempt to enable In-Place Upgrade. See [wilActivity](#wilactivity).
-
-
-### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshooting
-
-This event provides information for the operation of enabling In-Place Upgrade. The data collected with this event is used to help keep Windows secure.
-
-The following fields are available:
-
-- **wilActivity** Result of the attempt to enable In-Place Upgrade. See [wilActivity](#wilactivity).
-
-
### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete
This event provides summary information after attempting to enable In-Place Upgrade. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -8135,7 +6350,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O
The following fields are available:
-- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightId** Unique identifier for each flight.
- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
- **MitigationScenario** The update scenario in which the mitigation was executed.
@@ -8157,7 +6372,7 @@ This event sends data specific to the FixupWimmountSysPath mitigation used for O
The following fields are available:
-- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightId** Unique identifier for each flight.
- **ImagePathDefault** Default path to wimmount.sys driver defined in the system registry.
- **ImagePathFixedup** Boolean indicating whether the wimmount.sys driver path was fixed by this mitigation.
@@ -8227,18 +6442,6 @@ The following fields are available:
- **SoftReserveUsedSpace** The amount of the soft reserve used when end scenario is called.
-### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
-
-This event is sent when the Update Reserve Manager returns an error from one of its internal functions. The data collected with this event is used to help keep Windows secure and up to date.
-
-The following fields are available:
-
-- **FailedFile** The binary file that contained the failed function.
-- **FailedFunction** The name of the function that originated the failure.
-- **FailedLine** The line number of the failure.
-- **ReturnCode** The return code of the function.
-
-
### Microsoft.Windows.UpdateReserveManager.InitializeReserves
This event is sent when reserves are initialized on the device. The data collected with this event is used to help keep Windows secure and up to date.
@@ -8334,4 +6537,4 @@ The following fields are available:
- **Disposition** The parameter for the hard reserve adjustment function.
- **Flags** The flags passed to the hard reserve adjustment function.
- **PendingHardReserveAdjustment** The final change to the hard reserve size.
-- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
\ No newline at end of file
+- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index 339c597a08..1fba0d455b 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -1,29 +1,22 @@
---
description: Learn more about the required Windows 10 diagnostic data gathered.
-title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
-ms.prod: m365-security
+title: Required diagnostic events and fields for Windows 10 (versions 22H2, 21H2, 21H1, 20H2, and 2004)
+ms.prod: windows-client
+ms.technology: itpro-privacy
localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection:
- - M365-security-compliance
- - highpri
-ms.topic: article
-ms.date:
-ms.technology: privacy
+ms.collection: highpri
+ms.topic: reference
---
-# Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic events and fields
-
-
-> [!IMPORTANT]
-> Windows is moving to classifying the data collected from customer’s devices as either *Required* or *Optional*.
-
+# Required diagnostic events and fields for Windows 10: versions 22H2, 21H2, 21H1, 20H2, and 2004
**Applies to**
+- Windows 10, version 22H2
- Windows 10, version 21H2
- Windows 10, version 21H1
- Windows 10, version 20H2
@@ -38,7 +31,8 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-- [Required Windows 11 diagnostic events and fields](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 11, version 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
@@ -48,7 +42,6 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
-
## Appraiser events
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@@ -65,10 +58,15 @@ The following fields are available:
- **DatasourceApplicationFile_21H1Setup** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_21H2** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_CO21H2** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_CU22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_NI22H2Setup** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS2** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_RS3** The total number of objects of this type present on this device.
-- **DatasourceApplicationFile_RS4** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_RS5** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_TH1** The total number of objects of this type present on this device.
- **DatasourceApplicationFile_TH2** The total number of objects of this type present on this device.
@@ -80,10 +78,15 @@ The following fields are available:
- **DatasourceDevicePnp_21H1Setup** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_21H2** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CO21H2** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CU22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_NI22H2Setup** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS1** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS2** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS3** The total number of objects of this type present on this device.
-- **DatasourceDevicePnp_RS4** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device.
- **DatasourceDevicePnp_RS4Setup** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS5** The total number of objects of this type present on this device.
- **DatasourceDevicePnp_RS5Setup** The total number of objects of this type present on this device.
@@ -97,10 +100,15 @@ The following fields are available:
- **DatasourceDriverPackage_21H1Setup** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_21H2** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CO21H2** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CU22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_NI22H2Setup** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS2** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS3** The total number of objects of this type present on this device.
-- **DatasourceDriverPackage_RS4** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device.
- **DatasourceDriverPackage_RS4Setup** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS5** The total number of objects of this type present on this device.
- **DatasourceDriverPackage_RS5Setup** The total number of objects of this type present on this device.
@@ -114,6 +122,11 @@ The following fields are available:
- **DataSourceMatchingInfoBlock_21H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_21H2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_CO21H2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_CU22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
@@ -129,6 +142,11 @@ The following fields are available:
- **DataSourceMatchingInfoPassive_21H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_21H2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_CO21H2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_CU22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
@@ -144,6 +162,11 @@ The following fields are available:
- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_21H2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CO21H2** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CU22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
@@ -159,6 +182,11 @@ The following fields are available:
- **DatasourceSystemBios_21H1Setup** The total number of objects of this type present on this device.
- **DatasourceSystemBios_21H2** The total number of objects of this type present on this device.
- **DatasourceSystemBios_21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CO21H2** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CU22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_NI22H2Setup** The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS1** The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS2** The total number of objects of this type present on this device.
- **DatasourceSystemBios_RS3** The total number of objects of this type present on this device.
@@ -176,10 +204,15 @@ The following fields are available:
- **DecisionApplicationFile_21H1Setup** The total number of objects of this type present on this device.
- **DecisionApplicationFile_21H2** The total number of objects of this type present on this device.
- **DecisionApplicationFile_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_CO21H2** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS1** The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS2** The total number of objects of this type present on this device.
- **DecisionApplicationFile_RS3** The total number of objects of this type present on this device.
-- **DecisionApplicationFile_RS4** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS5** The total number of objects of this type present on this device.
- **DecisionApplicationFile_TH1** The total number of objects of this type present on this device.
- **DecisionApplicationFile_TH2** The total number of objects of this type present on this device.
@@ -191,10 +224,15 @@ The following fields are available:
- **DecisionDevicePnp_21H1Setup** The total number of objects of this type present on this device.
- **DecisionDevicePnp_21H2** The total number of objects of this type present on this device.
- **DecisionDevicePnp_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CO21H2** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS1** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS2** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS3** The total number of objects of this type present on this device.
-- **DecisionDevicePnp_RS4** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device.
- **DecisionDevicePnp_RS4Setup** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS5** The total number of objects of this type present on this device.
- **DecisionDevicePnp_RS5Setup** The total number of objects of this type present on this device.
@@ -208,10 +246,15 @@ The following fields are available:
- **DecisionDriverPackage_21H1Setup** The total number of objects of this type present on this device.
- **DecisionDriverPackage_21H2** The total number of objects of this type present on this device.
- **DecisionDriverPackage_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CO21H2** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS1** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS2** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS3** The total number of objects of this type present on this device.
-- **DecisionDriverPackage_RS4** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device.
- **DecisionDriverPackage_RS4Setup** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS5** The total number of objects of this type present on this device.
- **DecisionDriverPackage_RS5Setup** The total number of objects of this type present on this device.
@@ -225,6 +268,11 @@ The following fields are available:
- **DecisionMatchingInfoBlock_21H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_21H2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_CO21H2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoBlock_RS3** The total number of objects of this type present on this device.
@@ -240,6 +288,11 @@ The following fields are available:
- **DecisionMatchingInfoPassive_21H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_21H2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_CO21H2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPassive_RS3** The total number of objects of this type present on this device.
@@ -255,6 +308,11 @@ The following fields are available:
- **DecisionMatchingInfoPostUpgrade_21H1Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_21H2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CO21H2** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS2** The total number of objects of this type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS3** The total number of objects of this type present on this device.
@@ -270,6 +328,11 @@ The following fields are available:
- **DecisionMediaCenter_21H1Setup** The total number of objects of this type present on this device.
- **DecisionMediaCenter_21H2** The total number of objects of this type present on this device.
- **DecisionMediaCenter_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_CO21H2** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS1** The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS2** The total number of objects of this type present on this device.
- **DecisionMediaCenter_RS3** The total number of objects of this type present on this device.
@@ -284,6 +347,11 @@ The following fields are available:
- **DecisionSModeState_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSModeState_21H2** The total number of objects of this type present on this device.
- **DecisionSModeState_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSModeState_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSModeState_RS1** The total number of objects of this type present on this device.
- **DecisionSModeState_RS2** The total number of objects of this type present on this device.
- **DecisionSModeState_RS3** The total number of objects of this type present on this device.
@@ -299,6 +367,11 @@ The following fields are available:
- **DecisionSystemBios_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_21H2** The total number of objects of this type present on this device.
- **DecisionSystemBios_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemBios_RS1** The total number of objects of this type present on this device.
- **DecisionSystemBios_RS2** The total number of objects of this type present on this device.
- **DecisionSystemBios_RS3** The total number of objects of this type present on this device.
@@ -315,6 +388,11 @@ The following fields are available:
- **DecisionSystemDiskSize_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_21H2** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_RS2** The total number of objects of this type present on this device.
- **DecisionSystemDiskSize_RS3** The total number of objects of this type present on this device.
@@ -329,6 +407,11 @@ The following fields are available:
- **DecisionSystemMemory_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemMemory_21H2** The total number of objects of this type present on this device.
- **DecisionSystemMemory_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device.
- **DecisionSystemMemory_RS2** The total number of objects of this type present on this device.
- **DecisionSystemMemory_RS3** The total number of objects of this type present on this device.
@@ -343,6 +426,11 @@ The following fields are available:
- **DecisionSystemProcessorCpuCores_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_21H2** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_RS2** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuCores_RS3** The total number of objects of this type present on this device.
@@ -356,6 +444,12 @@ The following fields are available:
- **DecisionSystemProcessorCpuModel_21H1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_21H2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_RS2** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuModel_RS3** The total number of objects of this type present on this device.
@@ -370,6 +464,11 @@ The following fields are available:
- **DecisionSystemProcessorCpuSpeed_21H1Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_21H2** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_CO21H2** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuSpeed_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuSpeed_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_RS1** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_RS2** The total number of objects of this type present on this device.
- **DecisionSystemProcessorCpuSpeed_RS3** The total number of objects of this type present on this device.
@@ -384,6 +483,11 @@ The following fields are available:
- **DecisionTest_21H1Setup** The total number of objects of this type present on this device.
- **DecisionTest_21H2** The total number of objects of this type present on this device.
- **DecisionTest_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTest_CO21H2** The total number of objects of this type present on this device.
+- **DecisionTest_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTest_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionTest_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionTest_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionTest_RS1** The total number of objects of this type present on this device.
- **DecisionTest_RS2** The total number of objects of this type present on this device.
- **DecisionTest_RS3** The total number of objects of this type present on this device.
@@ -398,6 +502,11 @@ The following fields are available:
- **DecisionTpmVersion_21H1Setup** The total number of objects of this type present on this device.
- **DecisionTpmVersion_21H2** The total number of objects of this type present on this device.
- **DecisionTpmVersion_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_CO21H2** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device.
- **DecisionTpmVersion_RS2** The total number of objects of this type present on this device.
- **DecisionTpmVersion_RS3** The total number of objects of this type present on this device.
@@ -412,6 +521,11 @@ The following fields are available:
- **DecisionUefiSecureBoot_21H1Setup** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_21H2** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_21H2Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_CO21H2** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_CU22H2Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_NI22H2Setup** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_RS2** The total number of objects of this type present on this device.
- **DecisionUefiSecureBoot_RS3** The total number of objects of this type present on this device.
@@ -444,6 +558,11 @@ The following fields are available:
- **Wmdrm_21H1Setup** The total number of objects of this type present on this device.
- **Wmdrm_21H2** The total number of objects of this type present on this device.
- **Wmdrm_21H2Setup** The total number of objects of this type present on this device.
+- **Wmdrm_CO21H2** The total number of objects of this type present on this device.
+- **Wmdrm_CO21H2Setup** The total number of objects of this type present on this device.
+- **Wmdrm_CU22H2Setup** The total number of objects of this type present on this device.
+- **Wmdrm_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **Wmdrm_NI22H2Setup** The total number of objects of this type present on this device.
- **Wmdrm_RS1** The total number of objects of this type present on this device.
- **Wmdrm_RS2** The total number of objects of this type present on this device.
- **Wmdrm_RS3** The total number of objects of this type present on this device.
@@ -1107,6 +1226,8 @@ The following fields are available:
- **CpuStepping** Cpu stepping.
- **CpuVendor** Cpu vendor.
- **PlatformId** CPU platform identifier.
+- **ProcessorName** OEM processor name.
+- **ProductName** OEM product name.
- **SysReqOverride** Appraiser decision about system requirements override.
@@ -1757,6 +1878,17 @@ The following fields are available:
- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
+### Microsoft.Windows.Appraiser.General.WmdrmRemove
+
+This event indicates that the Wmdrm object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
### Microsoft.Windows.Appraiser.General.WmdrmStartSync
The WmdrmStartSync event indicates that a new set of WmdrmAdd events will be sent. This event is used to understand the usage of older digital rights management on the system, to help keep Windows up to date.
@@ -1770,23 +1902,6 @@ The following fields are available:
## Audio endpoint events
-### MicArrayGeometry
-
-This event provides information about the layout of the individual microphone elements in the microphone array. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **MicCoords** The location and orientation of the microphone element.
-- **usFrequencyBandHi** The high end of the frequency range for the microphone.
-- **usFrequencyBandLo** The low end of the frequency range for the microphone.
-- **usMicArrayType** The type of the microphone array.
-- **usNumberOfMicrophones** The number of microphones in the array.
-- **usVersion** The version of the microphone array specification.
-- **wHorizontalAngleBegin** The horizontal angle of the start of the working volume (reported as radians times 10,000).
-- **wHorizontalAngleEnd** The horizontal angle of the end of the working volume (reported as radians times 10,000).
-- **wVerticalAngleBegin** The vertical angle of the start of the working volume (reported as radians times 10,000).
-- **wVerticalAngleEnd** The vertical angle of the end of the working volume (reported as radians times 10,000).
-
### Microsoft.Windows.Audio.EndpointBuilder.DeviceInfo
This event logs the successful enumeration of an audio endpoint (such as a microphone or speaker) and provides information about the audio endpoint. The data collected with this event is used to keep Windows performing properly.
@@ -1814,7 +1929,7 @@ The following fields are available:
- **JackSubType** A unique ID representing the KS node type of the endpoint.
- **localEffectClsid** The COM Class Identifier (CLSID) for the legacy local effect audio processing object.
- **localEffectModule** Module name for the legacy local effect audio processing object.
-- **MicArrayGeometry** Describes the microphone array, including the microphone position, coordinates, type, and frequency range. See [MicArrayGeometry](#micarraygeometry).
+- **MicArrayGeometry** Describes the microphone array, including the microphone position, coordinates, type, and frequency range.
- **modeEffectClsid** The COM Class Identifier (CLSID) for the mode effect audio processing object.
- **modeEffectModule** Module name for the mode effect audio processing object.
- **persistentId** A unique ID for this endpoint which is retained across migrations.
@@ -1839,6 +1954,7 @@ The following fields are available:
- **AppraiserTaskExitCode** The Appraiser task exist code.
- **AppraiserTaskLastRun** The last runtime for the Appraiser task.
- **CensusVersion** The version of Census that generated the current data for this device.
+- **IEVersion** The version of Internet Explorer that is running on the device.
### Census.Azure
@@ -1882,11 +1998,12 @@ The following fields are available:
- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false
- **IsDERequirementMet** Represents if the device can do device encryption.
- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption
+- **IsDomainJoined** Indicates whether a machine is joined to a domain.
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Configuration Manager environment.
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@@ -1932,6 +2049,7 @@ The following fields are available:
- **DeviceForm** Indicates the form as per the device classification.
- **DeviceName** The device name that is set by the user.
- **DigitizerSupport** Is a digitizer supported?
+- **DUID** The device unique ID.
- **EnclosureKind** Windows.Devices.Enclosure.EnclosureKind enum values representing each unique enclosure posture kind.
- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
- **InventoryId** The device ID used for compatibility testing.
@@ -2024,6 +2142,7 @@ The following fields are available:
- **OSSKU** Retrieves the Friendly Name of OS Edition.
- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines.
- **OSSubscriptionTypeId** Returns boolean for enterprise subscription feature for selected PRO machines.
+- **OSTimeZoneBiasInMins** Retrieves the time zone set on machine.
- **OSUILocale** Retrieves the locale of the UI that is currently used by the OS.
- **ProductActivationResult** Returns Boolean if the OS Activation was successful.
- **ProductActivationTime** Returns the OS Activation time for tracking piracy issues.
@@ -2032,7 +2151,7 @@ The following fields are available:
- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy.
- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
- **ServiceProductKeyID** Retrieves the License key of the KMS
-- **SharedPCMode** Returns Boolean for education devices used as shared cart
+- **SharedPCMode** Returns Boolean for devices that have enabled the configuration EnableSharedPCMode.
- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
- **SLICStatus** Whether a SLIC table exists on the device.
- **SLICVersion** Returns OS type/version from SLIC table.
@@ -2300,10 +2419,10 @@ The following fields are available:
- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS).
- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates.
- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades.
-- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update (WU) updates to other devices on the same network.
+- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded Windows Update updates to other devices on the same network.
- **WULCUVersion** Version of the LCU Installed on the machine.
- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier.
-- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused.
+- **WUPauseState** Retrieves Windows Update setting to determine if updates are paused.
- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
@@ -2319,6 +2438,76 @@ The following fields are available:
- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft.
+## Code Integrity events
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked
+
+Indicates if OEM attempted to block autoenablement via regkey.
+
+The following fields are available:
+
+- **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility
+
+Fires when the compatibility check completes. Gives the results from the check.
+
+The following fields are available:
+
+- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
+- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement).
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
+
+Fires when auto-enablement is successful and HVCI is being enabled on the device.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity
+
+Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
+
+The following fields are available:
+
+- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure.
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
+
+Fires when driver scanning fails to get results.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError
+
+Fires when there is an error checking the SDB for a particular driver.
+
+The following fields are available:
+
+- **DriverPath** Path to the driver that was being checked in the SDB when checking encountered an error.
+- **Error** Error encountered during checking the SDB.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverNonCompliantError
+
+Fires when a driver is discovered that is non-compliant with HVCI.
+
+The following fields are available:
+
+- **DriverPath** Path to driver.
+- **NonComplianceMask** Error code indicating driver violation.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage
+
+Fires when an incompatible language pack is detected.
+
+The following fields are available:
+
+- **Language** String containing the incompatible language pack detected.
+
+
## Common data extensions
### Common Data Extensions.app
@@ -2495,7 +2684,6 @@ The following fields are available:
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
-
## Component-based servicing events
### CbsServicingProvider.CbsCapabilityEnumeration
@@ -2859,7 +3047,7 @@ This event sends data about the connectivity status of the Connected User Experi
The following fields are available:
-- **CensusExitCode** Returns last execution codes from census client run.
+- **CensusExitCode** Last exit code of Census task
- **CensusStartTime** Returns timestamp corresponding to last successful census run.
- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine.
- **LastConnectivityLossTime** The FILETIME at which the last free network loss occurred.
@@ -2922,6 +3110,20 @@ The following fields are available:
- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+## Direct to update events
+
+### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess
+
+This event indicates that the Handler Download and Extract cab call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CampaignID** ID of the update campaign being run.
+- **ClientID** ID of the client receiving the update.
+- **CoordinatorVersion** Coordinator version of Direct to Update.
+- **CV** Correlation vector.
+
+
## DISM events
### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU
@@ -3038,6 +3240,7 @@ The following fields are available:
- **FinishInstallUI** Indicates whether the installation process shows the user interface.
- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT).
- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareVendor** The vendor of the firmware.
- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT).
- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description.
- **FlightIds** A list of the different Windows Insider builds on the device.
@@ -3077,7 +3280,7 @@ The following fields are available:
- **FlightId** The ID of the Windows Insider build the device received.
- **InstallDate** The date the driver was installed.
- **InstallFlags** The driver installation flags.
-- **OptionalData** Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.)
+- **OptionalData** Metadata specific to Windows Update (WU) associated with the driver (flight IDs, recovery IDs, etc.)
- **RebootRequired** Indicates whether a reboot is required after the installation.
- **RollbackPossible** Indicates whether this driver can be rolled back.
- **WuTargetedHardwareId** Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update.
@@ -3251,6 +3454,37 @@ The following fields are available:
## Feature update events
+### Microsoft.Windows.FeatureQuality.Heartbeat
+
+This event indicates the feature status heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Features** Array of features.
+
+
+### Microsoft.Windows.FeatureQuality.StateChange
+
+This event indicates the change of feature state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **state** New state.
+
+
+### Microsoft.Windows.FeatureQuality.Status
+
+This event indicates the feature status. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **featureId** Feature id.
+- **flightId** Flight id.
+- **time** Time of status change.
+- **variantId** Variant id.
+
+
### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -3295,7 +3529,7 @@ The following fields are available:
### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on client devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
The following fields are available:
@@ -3367,7 +3601,7 @@ The following fields are available:
- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion.
- **PackageVersion** Windows Mixed Reality Portal app package version.
- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state.
-- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity).
+- **wilActivity** Windows Mixed Reality Portal app wilActivity ID.
### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
@@ -3492,6 +3726,55 @@ The following fields are available:
- **devinv** The file version of the Device inventory component.
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd
+
+This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AmHealthy** Indicates if the is device healthy. 0 - Errors found. 1 - No errors. 2 - Unknown. 3 - Advisory.
+- **DevicePathSubtype** The device path subtype associated with the record producer.
+- **DevicePathType** The device path type associated with the record producer.
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordStartSync
+
+This event indicates a new set of InventoryAcpiPhatHealthRecord events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatVersionElementAdd
+
+This event sends basic metadata for ACPI PHAT Version Element structure. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **ProducerId** The ACPI vendor ID.
+- **VersionValue** The 64 bit component version value.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatVersionElementStartSync
+
+This event indicates that a new set of InventoryAcpiPhatVersionElement events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
@@ -3747,7 +4030,7 @@ The following fields are available:
- **HWID** The version of the driver loaded for the device.
- **Inf** The bus that enumerated the device.
- **InstallDate** The date of the most recent installation of the device on the machine.
-- **InstallState** The device installation state. For a list of values, see: [Device Install State](https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx).
+- **InstallState** The device installation state. One of these values: [DEVICE_INSTALL_STATE enumeration](/windows-hardware/drivers/ddi/wdm/ne-wdm-_device_install_state)
- **InventoryVersion** List of hardware ids for the device.
- **LowerClassFilters** Lower filter class drivers IDs installed for the device
- **LowerFilters** Lower filter drivers IDs installed for the device
@@ -3846,7 +4129,7 @@ The following fields are available:
- **DriverIsKernelMode** Is it a kernel mode driver?
- **DriverName** The file name of the driver.
- **DriverPackageStrongName** The strong name of the driver package
-- **DriverSigned** The strong name of the driver package
+- **DriverSigned** Is the driver signed?
- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file.
- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
- **DriverVersion** The version of the driver file.
@@ -3970,62 +4253,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
-
-This event provides data on the installed Office add-ins. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **AddinCLSID** The class identifier key for the Microsoft Office add-in.
-- **AddInCLSID** The class identifier key for the Microsoft Office add-in.
-- **AddInId** The identifier for the Microsoft Office add-in.
-- **AddinType** The type of the Microsoft Office add-in.
-- **BinFileTimestamp** The timestamp of the Office add-in.
-- **BinFileVersion** The version of the Microsoft Office add-in.
-- **Description** Description of the Microsoft Office add-in.
-- **FileId** The file identifier of the Microsoft Office add-in.
-- **FileSize** The file size of the Microsoft Office add-in.
-- **FriendlyName** The friendly name for the Microsoft Office add-in.
-- **FullPath** The full path to the Microsoft Office add-in.
-- **InventoryVersion** The version of the inventory binary generating the events.
-- **LoadBehavior** Integer that describes the load behavior.
-- **LoadTime** Load time for the Office add-in.
-- **OfficeApplication** The Microsoft Office application associated with the add-in.
-- **OfficeArchitecture** The architecture of the add-in.
-- **OfficeVersion** The Microsoft Office version for this add-in.
-- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in.
-- **ProductCompany** The name of the company associated with the Office add-in.
-- **ProductName** The product name associated with the Microsoft Office add-in.
-- **ProductVersion** The version associated with the Office add-in.
-- **ProgramId** The unique program identifier of the Microsoft Office add-in.
-- **Provider** Name of the provider for this add-in.
-- **Usage** Data about usage for the add-in.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
-
-This event indicates that the particular data object represented by the objectInstanceId is no longer present. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion** The version of the inventory binary generating the events.
-
-
-### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
-
-This event indicates that a new sync is being generated for this object type. The data collected with this event is used to keep Windows performing properly.
-
-This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
-
-The following fields are available:
-
-- **InventoryVersion** The version of the inventory binary generating the events.
-
-
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUexIndicatorStartSync
Diagnostic event to indicate a new sync is being generated for this object type. The data collected with this event is used to help keep Windows up to date.
@@ -4343,8 +4570,12 @@ The following fields are available:
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
+- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. E.g. Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z
+- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) E.g. HIT from proxy.domain.tld, MISS from proxy.local
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
+- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. E.g. Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z
+- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. E.g. CP=\"CAO PSA OUR\"
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
@@ -4359,12 +4590,14 @@ The following fields are available:
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
-- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply.
+- **appPingEventPackageCacheResult** Indicates whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key; 2 means there's a cache hit under a different key; 0 means that there's a cache miss; -1 means the field does not apply.
- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
+- **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
+- **appUpdateCheckTargetChannel** Check for status showing the target release channel.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
@@ -4440,6 +4673,41 @@ The following fields are available:
- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+### Microsoft.Edge.Crashpad.CrashEvent
+
+This event sends simple Product and Service Performance data on a crashing Microsoft Edge browser process to help mitigate future instances of the crash.
+
+The following fields are available:
+
+- **app_name** The name of the crashing process.
+- **app_session_guid** Encodes the boot session, process id, and process start time.
+- **app_version** The version of the crashing process.
+- **client_id_hash** The version of the crashing process.
+- **etag** Encodes the running experiments in the browser.
+- **module_name** The name of the module in which the crash originated.
+- **module_offset** Memory offset into the module in which the crash originated.
+- **module_version** The version of the module in which the crash originated.
+- **process_type** The type of the browser process that crashed, example, renderer, gpu-process, etc.
+- **stack_hash** Hash of the stack trace representing the crash. Currently not used or set to zero.
+- **sub_code** The exception/error code representing the crash.
+
+
+### Microsoft.Edge.Crashpad.HangEvent
+
+This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
+
+The following fields are available:
+
+- **app_name** The name of the hanging process.
+- **app_session_guid** Encodes the boot session, process, and process start time.
+- **app_version** The version of the hanging process.
+- **client_id_hash** Hash of the browser client id to help identify the installation.
+- **etag** Identifier to help identify running browser experiments.
+- **hang_source** Identifies how the hang was detected.
+- **process_type** The type of the hanging browser process, example, gpu-process, renderer, etc.
+- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
+
+
### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
@@ -4669,16 +4937,89 @@ The following fields are available:
- **totalRunDuration** Total running/evaluation time from last time.
- **totalRuns** Total number of running/evaluation from last time.
-## Settings events
-### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.ProtocolActivation
+## OOBE events
-This event tracks protocol launching for Setting's URIs. The data collected with this event is used to help keep Windows up to date.
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateExpeditionChoiceCommitted
+
+This event requests a commit work for expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
The following fields are available:
-- **activationSource** Where activation is initiated.
-- **uriString** URI of the launching protocol.
+- **oobeExpeditedUpdateCommitOption** Type of commit work for expedited update.
+- **resultCode** HR result of operation.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateNthEulaAcceptChoice
+
+Eula choice in NthLogon NDUP - necessary for upgrade.
+
+The following fields are available:
+
+- **fAccepted** Accept/decline state.
+- **resultCode** Hresult of committing choice.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateNthLogonDisplayStatus
+
+NthLogon NDUP evaluated whether it should launch or not.
+
+The following fields are available:
+
+- **nthSkippedReasonFlag** Flag indicating skip reason.
+- **reason** Skip reason string.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdatePageSkipped
+
+This event provides information about skipping expedited update page. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **reason** Reason for skip.
+- **skippedReasonFlag** Flag representing reason for skip.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult
+
+This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **oobeExpeditedUpdateStatus** Expedited update status.
+- **reason** Reason for the status.
+- **resultCode** HR result of operation.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateSvEulaAccepted
+
+Event logged when the Win11 EULA is accepted in OOBE on a Win10 machine.
+
+The following fields are available:
+
+- **lang** The language code of the accepted Win11 EULA.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateSvEulaNotMarkedAccepted
+
+Logged when Eula is accepted but it can't be confirmed if it's the SV version.
+
+The following fields are available:
+
+- **fLPLanguage** Return val of check for if current lang is backed by Language Pack.
+- **lang** Current lang code in use.
+- **resultCode** Hresult of the LP check.
+
+
+## Other events
+
+### Microsoft.Windows.OneSettingsClient.Heartbeat
+
+This event indicates the config state heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Configs** Array of configs.
## Privacy consent logging events
@@ -4709,6 +5050,18 @@ The following fields are available:
- **userRegionCode** The current user's region setting
+## Settings events
+
+### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.ProtocolActivation
+
+This event tracks protocol launching for Setting's URIs. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **activationSource** Where activation is initiated.
+- **uriString** URI of the launching protocol.
+
+
## Setup events
### Microsoft.Windows.Setup.WinSetupBoot.BootBlockStart
@@ -5272,17 +5625,6 @@ The following fields are available:
## Surface events
-### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
-
-This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
-
-The following fields are available:
-
-- **CUtility::GetTargetNameA(Target)** Sub component name.
-- **HealthLog** Health indicator log.
-- **healthLogSize** 4KB.
-- **productId** Identifier for product model.
-
### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
@@ -5450,16 +5792,30 @@ The following fields are available:
- **Ver** Schema version.
+### Microsoft.Surface.Health.Binary.Prod.McuHealthLog
+
+This event collects information to keep track of health indicator of the built-in micro controller. For example, the number of abnormal shutdowns due to power issues during boot sequence, type of display panel attached to base, thermal indicator, throttling data in hardware etc. The data collected with this event is used to help keep Windows secure and performing properly.
+
+The following fields are available:
+
+- **CUtility::GetTargetNameA(Target)** Sub component name.
+- **HealthLog** Health indicator log.
+- **healthLogSize** 4KB.
+- **productId** Identifier for product model.
+
+
### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
+- **ControllerResetCause** The cause for the controller reset.
- **HostResetCause** Host reset cause.
- **PchResetCause** PCH reset cause.
- **SamResetCause** SAM reset cause.
+
## Update Assistant events
### Microsoft.Windows.QUALauncher.Applicable
@@ -5498,6 +5854,80 @@ The following fields are available:
- **Result** Applicability check for quality update assistant.
+### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck
+
+This event sends basic info on whether the device is ready to download the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device.
+- **KBNumber** KBNumber of the update being installed.
+- **PackageVersion** Current package version of quality update assistant.
+- **Reason** Indicates why the device did not pass the readiness check.
+- **Result** Device readiness check for quality update assistant.
+
+
+### Microsoft.Windows.QualityUpdateAssistant.Download
+
+This event sends basic info when download of the latest cumulative update begins. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DODownloadHResult** Result code from Delivery Optimization when used to download the quality update.
+- **DownloadMode** Indicates how the quality update was downloaded.
+- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process.
+- **GlobalEventCounter** Client side counter that indicates ordering of events sent by this device.
+- **HttpsDownloadHResult** Result code when HTTPS is used to download the quality update.
+- **KBNumber** KBNumber of the update being installed.
+- **PackageVersion** Current package version of quality update assistant.
+- **QualityUpdateDeviceHasMinimumUptime** Indicates whether the device has the minimum uptime required to install a quality update.
+- **Result** Download of latest cumulative update payload.
+- **Scenario** Indicates if the installation step succeeded or failed.
+
+
+### Microsoft.Windows.QualityUpdateAssistant.Install
+
+This event sends basic info on the result of the installation of the latest cumulative update. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DismInstallHResult** Internal result code from DISM when used to install the quality update.
+- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device.
+- **InstallMode** Indicates which installation method was used to attempt the install of the quality update.
+- **KBNumber** KBNumber of the update being installed.
+- **launchretrycounter** Count of the number of times the install has been retried in the event of a non-successful installation attempt.
+- **PackageVersion** Current package version of quality update assistant.
+- **QualityUpdateDismErrorCode** Error code returned when DISM is used to install the quality update.
+- **QualityUpdatePendingRebootAfterInstallStage** Indicates if the device is pending reboot after install is complete.
+- **QualityUpdateSecondsInstallStage** Time spent installing the quality update.
+- **QualityUpdateWusaErrorCode** Error code returned when WUSA is used to install the quality update.
+- **Result** Install of latest cumulative update payload.
+- **Scenario** Indicates if the installation step succeeded or failed.
+- **WusaInstallHResult** Internal result code from WUSA when used to install the quality update.
+
+
+### Microsoft.Windows.QualityUpdateAssistant.RebootPending
+
+This event sends basic info on the result of the installation of the latest cumulative update indicating device is pending reboot.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **ExecutionRequestId** Client side counter which indicates ordering of events sent by this device.
+- **GlobalEventCounter** KBNumber of the update being installed.
+- **KBNumber** KBNumber of the update being installed.
+- **PackageVersion** Current package version of quality update assistant.
+- **QualityUpdateDaysPendingRebootAfterInstallStage** The number of days pending for reboot after installation.
+- **QualityUpdatePendingRebootAfterInstallStage** QualityUpdatePendingRebootAfterInstallStartingToast.
+- **Result** Result of Execution.
+- **Scenario** Represent the state of execution step.
+
+
### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed
This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (i.e. reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -5584,6 +6014,150 @@ The following fields are available:
- **totalUserTime** Total user mode time used by the job object.
+### Microsoft.Windows.Shell.EM.EMCompleted
+
+Event that tracks the effectiveness of an operation to mitigate an issue on devices that meet certain requirements.
+
+The following fields are available:
+
+- **cleanUpScheduledTaskHR** The result of the operation to clean up the scheduled task the launched the operation.
+- **eulaHashHR** The result of the operation to generate a hash of the EULA file that's currently on-disk.
+- **mitigationHR** The result of the operation to take corrective action on a device that's impacted.
+- **mitigationResult** The enumeration value representing the action that was taken on the device.
+- **mitigationResultReason** The string value representing the action that was taken on the device.
+- **mitigationSuccessWriteHR** The result of writing the success value to the registry.
+- **region** The device's default region at the time of execution.
+- **windowsVersionString** The version of Windows that was computed at the time of execution.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
+
+This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantCompatCheckResultOutput** Output of compatibility check for update assistant.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
+
+This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantAppFilePath** Path to Update Assistant app.
+- **UpdateAssistantDeviceId** Device Id of the Update Assistant Candidate Device.
+- **UpdateAssistantExeName** Exe name running as Update Assistant.
+- **UpdateAssistantExternalId** External Id of the Update Assistant Candidate Device.
+- **UpdateAssistantIsDeviceCloverTrail** True/False is the device clovertrail.
+- **UpdateAssistantIsPushing** True if the update is pushing to the device.
+- **UpdateAssistantMachineId** Machine Id of the Update Assistant Candidate Device.
+- **UpdateAssistantOsVersion** Update Assistant OS Version.
+- **UpdateAssistantPartnerId** Partner Id for Assistant application.
+- **UpdateAssistantReportPath** Path to report for Update Assistant.
+- **UpdateAssistantStartTime** Start time for UpdateAssistant.
+- **UpdateAssistantTargetOSVersion** Update Assistant Target OS Version.
+- **UpdateAssistantUiType** The type of UI whether default or OOBE.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+- **UpdateAssistantVersionInfo** Information about Update Assistant application.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantEULAProperty
+
+This event is set to true at the start of AcceptEULA. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantEULAPropertyGeoId** Geo Id used to show EULA.
+- **UpdateAssistantEULAPropertyRegion** Region used to show EULA.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantInteractive
+
+An user action such as button click happens.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantInteractiveObjective** The objective of the action performed.
+- **UpdateAssistantInteractiveUiAction** The action performed through UI.
+- **UpdateAssistantVersion** Current package version of Update Assistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantStateAcceptEULA** True at the start of AcceptEULA.
+- **UpdateAssistantStateCheckingCompat** True at the start of Checking Compat
+- **UpdateAssistantStateCheckingUpgrade** True at the start of CheckingUpgrade.
+- **UpdateAssistantStateConfirmUninstall** True at the start of the state Confirm Uninstall.
+- **UpdateAssistantStateDownloading** True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling** True at the start of Installing.
+- **UpdateAssistantStatePerformRestart** True at the start of PerformRestart.
+- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
+- **UpdateAssistantStateShowingUpdate** True at the start of Showing Update.
+- **UpdateAssistantStateWelcomeToNewOS** True at the start of WelcomeToNewOS.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStateGeneralErrorDetails
+
+Details about errors of current state.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantGeneralErrorHResult** HResult of current state.
+- **UpdateAssistantGeneralErrorOriginalState** State name of current state.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
+
+This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantUserActionExitingState** Exiting state name user performed action on.
+- **UpdateAssistantUserActionHResult** HRESULT of user action.
+- **UpdateAssistantUserActionState** State name user performed action on.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
+### Microsoft.Windows.UpdateAssistantBox.UpdateAssistantBoxStubDetails
+
+Details about the box stub process.
+
+The following fields are available:
+
+- **CV** Correlation vector for the telemetry.
+- **GlobalEventCounter** Device counter for all events.
+- **UpdateAssistantBoxStubCompleted** True if the boxstub process has completed.
+- **UpdateAssistantBoxStubHResult** HResult of box stub run.
+- **UpdateAssistantBoxStubInstallationProgram** The path to the installation folder.
+- **UpdateAssistantBoxStubUiType** UI type of box stub run.
+- **UpdateAssistantVersion** The version of Update Assistant application for this run.
+
+
### Microsoft.Windows.UpdateHealthTools.ExpediteDetectionStarted
This event indicates that the detection phase of USO has started. The data collected with this event is used to help keep Windows secure and up to date.
@@ -5594,6 +6168,7 @@ The following fields are available:
- **ExpeditePolicyId** The policy ID of the expedite request.
- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
- **ExpediteUpdatesInProgress** List of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
- **ExpediteUsoLastError** The last error returned by USO.
- **GlobalEventCounter** Counts the number of events for this provider.
- **PackageVersion** The package version label.
@@ -5609,6 +6184,7 @@ The following fields are available:
- **ExpeditePolicyId** The policy Id of the expedite request.
- **ExpediteUpdaterOfferedUpdateId** Update Id of the LCU expected to be expedited.
- **ExpediteUpdatesInProgress** A list of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
- **ExpediteUsoLastError** The last error returned by USO.
- **GlobalEventCounter** Counts the number of events for this provider.
- **PackageVersion** The package version label.
@@ -5624,6 +6200,7 @@ The following fields are available:
- **ExpeditePolicyId** The policy ID of the expedite request.
- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
- **ExpediteUpdatesInProgress** List of update IDs in progress.
+- **ExpediteUsoCorrelationVector** The correlation vector for the current USO session.
- **ExpediteUsoLastError** The last error returned by USO.
- **GlobalEventCounter** Counts the number of events for this provider.
- **PackageVersion** The package version label.
@@ -5689,6 +6266,7 @@ The following fields are available:
- **ExpeditePolicyId** The policy ID of the expedite request.
- **ExpediteUpdaterOfferedUpdateId** UpdateId of the LCU expected to be expedited.
- **ExpediteUpdatesInProgress** Comma delimited list of update IDs currently being offered.
+- **ExpediteUsoCorrelationVector** The correlation vector from the USO session.
- **ExpediteUsoLastError** Last HResult from the current USO session.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of UpdateHealthTools.
@@ -5731,6 +6309,7 @@ The following fields are available:
- **ExpediteErrorBitMap** Bit map value for any error code.
- **ExpediteHoursOfUpTimeSincePolicy** The number of hours the device has been active since it received a policy.
- **ExpeditePolicyId** The policy Id of the expedite request.
+- **ExpeditePollCount** Counts the number of polls.
- **ExpediteResult** Boolean value for success or failure.
- **ExpediteUpdaterCurrentUbr** The UBR of the device.
- **ExpediteUpdaterExpectedUbr** The expected UBR of the device.
@@ -5766,10 +6345,10 @@ The following fields are available:
- **CV** The correlation vector.
- **GlobalEventCounter** Counts the events at the global level for telemetry.
- **PackageVersion** The package version for currency tools.
-- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is Azure Active Directory-joined.
+- **UnifiedInstallerDeviceAADJoinedHresult** The result code after checking if device is Azure Active Directory joined.
- **UnifiedInstallerDeviceInDssPolicy** Boolean indicating whether the device is found to be in a DSS policy.
- **UnifiedInstallerDeviceInDssPolicyHresult** The result code for checking whether the device is found to be in a DSS policy.
-- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is Azure Active Directory-joined.
+- **UnifiedInstallerDeviceIsAADJoined** Boolean indicating whether a device is Azure Active Directory joined.
- **UnifiedInstallerDeviceIsAdJoined** Boolean indicating whether a device is AD joined.
- **UnifiedInstallerDeviceIsAdJoinedHresult** The result code for checking whether a device is AD joined.
- **UnifiedInstallerDeviceIsEducationSku** Boolean indicating whether a device is Education SKU.
@@ -5784,8 +6363,8 @@ The following fields are available:
- **UnifiedInstallerDeviceIsProSkuHresult** The result code from checking whether a device is Pro SKU.
- **UnifiedInstallerDeviceIsSccmManaged** Boolean indicating whether a device is managed by Configuration Manager.
- **UnifiedInstallerDeviceIsSccmManagedHresult** The result code from checking whether a device is managed by Configuration Manager.
-- **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is Windows Update for Business managed.
-- **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device is Windows Update for Business managed.
+- **UnifiedInstallerDeviceWufbManaged** Boolean indicating whether a device is managed by Windows Update for Business.
+- **UnifiedInstallerDeviceWufbManagedHresult** The result code from checking whether a device ismanaged by Windows Update for Business.
- **UnifiedInstallerPlatformResult** The result code from checking what platform type the device is.
- **UnifiedInstallerPlatformType** The enum indicating the type of platform detected.
- **UnifiedInstUnifiedInstallerDeviceIsHomeSkuHresultllerDeviceIsHomeSku** The result code from checking whether a device is Home SKU.
@@ -5936,90 +6515,6 @@ The following fields are available:
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
- **PackageVersion** Current package version of remediation.
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantCompatCheckResult
-
-This event provides the result of running the compatibility check for update assistant. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantCompatCheckResultOutput** Output of compatibility check for update assistant.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantDeviceInformation
-
-This event provides basic information about the device where update assistant was run. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantAppFilePath** Path to Update Assistant app.
-- **UpdateAssistantDeviceId** Device Id of the Update Assistant Candidate Device.
-- **UpdateAssistantExeName** Exe name running as Update Assistant.
-- **UpdateAssistantExternalId** External Id of the Update Assistant Candidate Device.
-- **UpdateAssistantIsDeviceCloverTrail** True/False is the device clovertrail.
-- **UpdateAssistantIsPushing** True if the update is pushing to the device.
-- **UpdateAssistantMachineId** Machine Id of the Update Assistant Candidate Device.
-- **UpdateAssistantOsVersion** Update Assistant OS Version.
-- **UpdateAssistantPartnerId** Partner Id for Assistant application.
-- **UpdateAssistantReportPath** Path to report for Update Assistant.
-- **UpdateAssistantStartTime** Start time for UpdateAssistant.
-- **UpdateAssistantTargetOSVersion** Update Assistant Target OS Version.
-- **UpdateAssistantUiType** The type of UI whether default or OOBE.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-- **UpdateAssistantVersionInfo** Information about Update Assistant application.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantEULAProperty
-
-This event is set to true at the start of AcceptEULA. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantEULAPropertyGeoId** Geo Id used to show EULA.
-- **UpdateAssistantEULAPropertyRegion** Region used to show EULA.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
-
-This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantStateAcceptEULA** True at the start of AcceptEULA.
-- **UpdateAssistantStateCheckingCompat** True at the start of Checking Compat
-- **UpdateAssistantStateCheckingUpgrade** True at the start of CheckingUpgrade.
-- **UpdateAssistantStateDownloading** True at the start Downloading.
-- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
-- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
-- **UpdateAssistantStateInstalling** True at the start of Installing.
-- **UpdateAssistantStatePerformRestart** True at the start of PerformRestart.
-- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
-- **UpdateAssistantStateShowingUpdate** True at the start of Showing Update.
-- **UpdateAssistantStateWelcomeToNewOS** True at the start of WelcomeToNewOS.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-
-
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantUserActionDetails
-
-This event provides details about user action. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantUserActionExitingState** Exiting state name user performed action on.
-- **UpdateAssistantUserActionHResult** HRESULT of user action.
-- **UpdateAssistantUserActionState** State name user performed action on.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
## Update events
@@ -6042,7 +6537,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentCommit
-This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6059,7 +6554,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentDownloadRequest
-This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6104,7 +6599,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentExpand
-This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6126,7 +6621,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentInitialize
-This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6168,6 +6663,7 @@ The UpdateAgentMerge event sends data on the merge phase when updating Windows.
The following fields are available:
+- **CancelRequested** A cancellation request happened.
- **ErrorCode** The error code returned for the current merge phase.
- **FlightId** Unique ID for each flight.
- **MergeId** The unique ID to join two update sessions being merged.
@@ -6227,7 +6723,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentModeStart
-This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6243,7 +6739,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentOneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6261,7 +6757,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentPostRebootResult
-This event collects information regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6298,7 +6794,7 @@ The following fields are available:
### Update360Telemetry.UpdateAgentSetupBoxLaunch
-The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. The data collected with this event is used to help keep Windows secure and up to date.
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6493,7 +6989,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window
The following fields are available:
- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
-- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **HostOSBuildNumber** The build number of the previous operating system.
- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system).
- **InstanceId** Unique GUID that identifies each instance of setuphost.exe.
@@ -6630,7 +7126,7 @@ The following fields are available:
### Setup360Telemetry.Setup360OneSettings
-This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -6875,6 +7371,20 @@ This event is sent when the Store Agent cache is refreshed with any available pa
+### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
+
+This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The Store Product ID of the app being installed.
+- **HResult** HResult code of the action being performed.
+- **IsBundle** Is this a bundle?
+- **PackageFamilyName** The name of the package being installed.
+- **ProductId** The Store Product ID of the product being installed.
+- **SkuId** Specific edition of the item being installed.
+
+
### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
@@ -7714,7 +8224,7 @@ This event measures overall health of UpdateOrchestrator. The data collected wit
The following fields are available:
-- **wilActivity** This struct provides a Windows Internal Library context used for Product and Service diagnostics. See [wilActivity](#wilactivity).
+- **wilActivity** This struct provides a Windows Internal Library context used for Product and Service diagnostics.
### Microsoft.Windows.Update.Orchestrator.DeferRestart
@@ -7742,9 +8252,14 @@ This event sends launch data for a Windows Update scan to help keep Windows secu
The following fields are available:
+- **detectionBlockingPolicy** State of update action.
- **detectionBlockreason** The reason detection did not complete.
+- **detectionRetryMode** Indicates whether we will try to scan again.
+- **errorCode** The error code returned for the current process.
- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
- **interactive** Indicates whether the session was user initiated.
+- **networkStatus** Error info
+- **scanTriggerSource** Source of the triggered scan.
- **updateScenarioType** Identifies the type of update session being performed.
- **wuDeviceid** The unique device ID used by Windows Update.
@@ -7766,7 +8281,7 @@ The following fields are available:
- **seekerUpdateIdList** The list of “seeker” update identifiers.
- **seekerUpdateList** The list of “seeker” updates.
- **services** The list of services that were called during update.
-- **wilActivity** The activity results. See [wilActivity](#wilactivity).
+- **wilActivity** The activity results.
### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
@@ -8001,7 +8516,7 @@ The following fields are available:
- **updaterCmdLine** The command line requested by the updater.
- **updaterId** The ID of the updater that requested the work.
-- **wuDeviceid** WU device ID.
+- **wuDeviceid** Windows Update device ID.
### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkNonSystem
@@ -8064,6 +8579,17 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
+### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted
+
+Indicates that EULA for an update has been accepted.
+
+The following fields are available:
+
+- **publisherIntent** Publisher Intent id associated with the update.
+- **reason** Reason for EULA acceptance.
+- **update** Update for which EULA has been accepted.
+
+
### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. The data collected with this event is used to help keep Windows secure and up to date.
@@ -8155,6 +8681,61 @@ The following fields are available:
- **wuDeviceid** Represents device ID.
+### Microsoft.Windows.WindowsUpdate.PLUG.PLUGActivityEvaluate
+
+PLUG Scheduler has determined whether or not to execute an activity.
+
+The following fields are available:
+
+- **Name** The name of the activity.
+- **WillExecute** True if PLUG has decided to execute the activity.
+
+
+### Microsoft.Windows.WindowsUpdate.PLUG.PLUGActivityExecuteEnd
+
+PLUG Scheduler has executed an activity.
+
+The following fields are available:
+
+- **ExitCode** Exit code reported by activity process.
+- **HRESULT** Result of activity execution.
+- **Name** Name of activity being executed.
+
+
+### Microsoft.Windows.WindowsUpdate.PLUG.PLUGActivityExecuteStart
+
+PLUG Scheduler is starting to execute an activity.
+
+The following fields are available:
+
+- **Name** The name of the activity being executed.
+
+
+### Microsoft.Windows.WindowsUpdate.PLUG.PLUGSchedulerExit
+
+PLUG Scheduler (PLUGScheduler.exe) is about to exit.
+
+
+
+### Microsoft.Windows.WindowsUpdate.PLUG.PLUGSchedulerLaunch
+
+PLUG Scheduler (PLUGScheduler.exe) has just started to run.
+
+The following fields are available:
+
+- **CommandLine** The command line used to launch PLUG Scheduler.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICOInteractionCampaignComplete
+
+This event is generated whenever a RUXIM user interaction campaign becomes complete. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying the interaction campaign that became complete.
+- **ResultId** The final result of the interaction campaign.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -8185,6 +8766,23 @@ The following fields are available:
- **CommandLine** The command line used to launch RUXIMICS.
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncExit
+
+This event is sent when RUXIM completes checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **ETagValue** eTag for sync.
+- **hrInitialize** Error, if any, that occurred while initializing OneSettings.
+- **hrQuery** Error, if any, that occurred while retrieving UX interaction campaign data from OneSettings.
+
+
+### Microsoft.Windows.WindowsUpdate.RUXIM.ICSOneSettingsSyncLaunch
+
+This event is sent when RUXIM begins checking with OneSettings to retrieve any UX interaction campaigns that may need to be displayed. The data collected with this event is used to help keep Windows up to date.
+
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -8218,6 +8816,26 @@ The following fields are available:
- **InteractionCampaignID** GUID identifying the user interaction campaign that the Interaction Handler will process.
+### Microsoft.Windows.WindowsUpdate.RUXIM.LibStoredState
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) has read or written the stored state of an interaction campaign.
+
+The following fields are available:
+
+- **EvaluationCount** Number of times the interaction campaign has been evaluated.
+- **InteractionCampaignID** The user interaction we processed.
+- **IsChanged** True if the stored state has been modified in the registry (by creating it or by modifying one or more fields).
+- **IsComplete** True if the interaction campaign is marked as complete.
+- **IsNew** True if the stored state was not previously in the registry and was just initialized.
+- **LastEvaluationTime** Last time the interaction campaign was evaluated.
+- **LastPresentationTime** Last time the interaction campaign was presented.
+- **PresentationCount** Number of times the interaction campaign has been presented.
+- **ResultId** The result ID currently recorded for the interaction campaign.
+- **StateCreationTime** Time the state was created.
+- **StateModificationTime** Time the state was last modified.
+- **ThrottlingRoll** Randomly generated throttling roll for the interaction campaign.
+
+
### Microsoft.Windows.WindowsUpdate.RUXIM.SystemEvaluator.Evaluation
This event is generated whenever the RUXIM Evaluator DLL performs an evaluation. The data collected with this event is used to help keep Windows up to date and performing properly.
@@ -8229,30 +8847,6 @@ The following fields are available:
- **NodeEvaluationData** Structure showing the results of individual checks that occurred during the overall evaluation.
- **Result** Overall result generated by the evaluation.
-### wilActivity
-
-This event provides a Windows Internal Library context used for Product and Service diagnostics. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **callContext** The function where the failure occurred.
-- **currentContextId** The ID of the current call context where the failure occurred.
-- **currentContextMessage** The message of the current call context where the failure occurred.
-- **currentContextName** The name of the current call context where the failure occurred.
-- **failureCount** The number of failures for this failure ID.
-- **failureId** The ID of the failure that occurred.
-- **failureType** The type of the failure that occurred.
-- **fileName** The file name where the failure occurred.
-- **function** The function where the failure occurred.
-- **hresult** The HResult of the overall activity.
-- **lineNumber** The line number where the failure occurred.
-- **message** The message of the failure that occurred.
-- **module** The module where the failure occurred.
-- **originatingContextId** The ID of the originating call context that resulted in the failure.
-- **originatingContextMessage** The message of the originating call context that resulted in the failure.
-- **originatingContextName** The name of the originating call context that resulted in the failure.
-- **threadId** The ID of the thread on which the activity is executing.
-
## Windows Update mitigation events
@@ -8297,7 +8891,7 @@ This event sends data specific to the CryptcatsvcRebuild mitigation used for OS
The following fields are available:
-- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightId** The unique identifier for each flight.
- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
- **MitigationNeeded** Information on whether the mitigation was needed.
@@ -8318,7 +8912,7 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O
The following fields are available:
-- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightId** Unique identifier for each flight.
- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
- **MitigationScenario** The update scenario in which the mitigation was executed.
@@ -8590,6 +9184,3 @@ The following fields are available:
- **virtualMachineName** VM name.
- **waitForClientConnection** True if we should wait for client connection.
- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled.
-
-
-
diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index cca1091e48..295d4bf26f 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -15,21 +15,21 @@
href: Microsoft-DiagnosticDataViewer.md
- name: Required Windows diagnostic data events and fields
items:
- - name: Windows 11, version 22H2 required diagnostic events and fields
+ - name: Windows 11, version 22H2
href: required-diagnostic-events-fields-windows-11-22H2.md
- - name: Windows 11, version 21H2 required diagnostic events and fields
+ - name: Windows 11, version 21H2
href: required-windows-11-diagnostic-events-and-fields.md
- - name: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required Windows diagnostic data events and fields
+ - name: Windows 10, versions 22H2, 21H2, 21H1, 20H2, and 2004
href: required-windows-diagnostic-data-events-and-fields-2004.md
- - name: Windows 10, version 1909 and Windows 10, version 1903 required level Windows diagnostic events and fields
+ - name: Windows 10, versions 1909 and 1903
href: basic-level-windows-diagnostic-events-and-fields-1903.md
- - name: Windows 10, version 1809 required Windows diagnostic events and fields
+ - name: Windows 10, version 1809
href: basic-level-windows-diagnostic-events-and-fields-1809.md
- - name: Windows 10, version 1803 required Windows diagnostic events and fields
+ - name: Windows 10, version 1803
href: basic-level-windows-diagnostic-events-and-fields-1803.md
- - name: Windows 10, version 1709 required Windows diagnostic events and fields
+ - name: Windows 10, version 1709
href: basic-level-windows-diagnostic-events-and-fields-1709.md
- - name: Windows 10, version 1703 required Windows diagnostic events and fields
+ - name: Windows 10, version 1703
href: basic-level-windows-diagnostic-events-and-fields-1703.md
- name: Optional Windows diagnostic data events and fields
items:
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index e4e7e22ec9..2e65697d6a 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -1,15 +1,13 @@
---
title: Windows Privacy Compliance Guide
description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: conceptual
---
# Windows Privacy Compliance:
A Guide for IT and Compliance Professionals
diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
index d24d978945..480e474f63 100644
--- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
+++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 11 connection endpoints for non-Enterprise editions
description: Explains what Windows 11 endpoints are used in non-Enterprise editions. Specific to Windows 11.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 11 connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index 2651ae6d53..f4777d4afa 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -1,16 +1,13 @@
---
title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.reviewer:
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10 diagnostic data for the Full diagnostic data level
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index 12ab817b8c..04381116ab 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -1,24 +1,22 @@
---
title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
description: Use this article to learn about the types of optional diagnostic data that is collected.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection:
- - M365-security-compliance
- - highpri
-ms.topic: article
-ms.reviewer:
-ms.technology: privacy
-
+ms.collection: highpri
+ms.topic: reference
---
# Windows 10, version 1709 and later and Windows 11 optional diagnostic data
Applies to:
-- Windows 11
+- Windows 11, version 22H2
+- Windows 11, version 21H2
+- Windows 10, version 22H2
- Windows 10, version 21H2
- Windows 10, version 21H1
- Windows 10, version 20H2
diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
index 94356eae38..692ea4127b 100644
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@@ -1,16 +1,13 @@
---
title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.reviewer:
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 1809, connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index d98d8fa989..cffad0f0e4 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 1903, connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index 3608b11804..364bbda151 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 10, version 1909, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 1909, connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
index 4b4f07c78f..72c2c99868 100644
--- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 10, version 2004, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 2004, connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index ec38d80ece..a909428902 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 20H2, connection endpoints for non-Enterprise editions
diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
index 2923d95d74..379e4110bc 100644
--- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
@@ -1,15 +1,13 @@
---
title: Windows 10, version 21H1, connection endpoints for non-Enterprise editions
description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 21H1.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.technology: itpro-privacy
ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: dougeby
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/01/2021
-ms.technology: privacy
+ms.topic: reference
---
# Windows 10, version 21H1, connection endpoints for non-Enterprise editions
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index d0cc1cad93..50c96ed712 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -15,13 +15,14 @@ appliesto:
- ✅ Windows 11
- ✅ Hybrid deployment
- ✅ Key trust
+- ✅ Cloud Kerberos trust
---
-# Deploying Certificates to Key Trust Users to Enable RDP
+# Deploy Certificates to Key Trust and Cloud Kerberos Trust Users to Enable RDP
Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
-This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user.
+This document discusses an approach for key trust and cloud Kerberos trust deployments where authentication certificates can be deployed to an existing WHFB user.
Three approaches are documented here:
@@ -77,7 +78,7 @@ Three approaches are documented here:
1. Tick **Microsoft Software Key Storage Provider**
1. Set the Request hash to **SHA256**
-1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them .
+1. On the **Security** tab, add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them.
1. Click **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates.
@@ -87,7 +88,7 @@ Three approaches are documented here:
1. Execute the following command:
- certutil -dstemplate \
For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.|
+|File system| One FAT32 partition for the system drive and one NTFS partition for the operating system drive. This is applicable for computers that boot natively with UEFI firmware.
For computers with legacy BIOS firmware, at least two NTFS disk partitions, one for the system drive and one for the operating system drive.
For either firmware, the system drive partition must be at least 350 megabytes (MB) and set as the active partition.|
|Hardware encrypted drive prerequisites (optional)|To use a hardware encrypted drive as the boot drive, the drive must be in the uninitialized state and in the security inactive state. In addition, the system must always boot with native UEFI version 2.3.1 or higher and the CSM (if any) disabled.|
Upon passing the initial configuration, users are required to enter a password for the volume. If the volume doesn't pass the initial configuration for BitLocker, the user is presented with an error dialog describing the appropriate actions to be taken.
@@ -109,7 +109,7 @@ The following table shows the compatibility matrix for systems that have been Bi
Table 1: Cross compatibility for Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes
|Encryption Type|Windows 11, Windows 10, and Windows 8.1|Windows 8|Windows 7|
-|--- |--- |--- |--- |
+|---|---|---|---|
|Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted|
|Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted|
|Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A|
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index 9959b6f5bc..0e827934c2 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -2,12 +2,12 @@
title: BitLocker Countermeasures (Windows 10)
description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
@@ -82,9 +82,9 @@ This helps mitigate DMA and memory remanence attacks.
On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways:
-- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
+- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
- **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can't be accessed without the startup key.
-- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enter a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.
+- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.
- **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can't be used for access to the drive, because the correct PIN is also required.
In the following group policy example, TPM + PIN is required to unlock an operating system drive:
@@ -130,7 +130,7 @@ This section covers countermeasures for specific types of attacks.
### Bootkits and rootkits
-A physically-present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys.
+A physically present attacker might attempt to install a bootkit or rootkit-like piece of software into the boot chain in an attempt to steal the BitLocker keys.
The TPM should observe this installation via PCR measurements, and the BitLocker key won't be released.
This is the default configuration.
@@ -163,6 +163,7 @@ The following sections cover mitigations for different types of attackers.
Physical access may be limited by a form factor that doesn't expose buses and memory.
For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard.
+
This attacker of opportunity doesn't use destructive methods or sophisticated forensics hardware/software.
Mitigation:
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
index 649c0a0e0f..3811e7cb94 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -1,7 +1,7 @@
---
title: BitLocker deployment comparison (Windows 10)
description: This article shows the BitLocker deployment comparison chart.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: lovina-saldanha
ms.author: v-lsaldanha
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 8156cd38ac..5b84d41717 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -1,12 +1,12 @@
---
title: Overview of BitLocker Device Encryption in Windows
description: This article provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
@@ -17,13 +17,11 @@ ms.custom: bitlocker
# Overview of BitLocker Device Encryption in Windows
**Applies to**
-
- Windows 10
- Windows 11
-- Windows Server 2016 and above
+- Windows Server 2016 and later
-This article explains how BitLocker Device Encryption can help protect data on devices running Windows.
-For a general overview and list of articles about BitLocker, see [BitLocker](bitlocker-overview.md).
+This article explains how BitLocker Device Encryption can help protect data on devices running Windows. For a general overview and list of articles about BitLocker, see [BitLocker](bitlocker-overview.md).
When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and providing new strategies.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 3a6b451bd5..8f2e37d39f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -2,12 +2,12 @@
title: BitLocker Group Policy settings (Windows 10)
description: This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 1e211bd02d..17dd8a1f09 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -2,7 +2,7 @@
title: BitLocker How to deploy on Windows Server 2012 and later
description: This article for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index 98acd44af7..88e19c407b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -2,12 +2,12 @@
title: BitLocker - How to enable Network Unlock (Windows 10)
description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 4d19e0ed71..6d39fbf7bf 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -1,12 +1,12 @@
---
title: BitLocker Management Recommendations for Enterprises (Windows 10)
description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 72fd1ad190..8d83958580 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -2,11 +2,11 @@
title: BitLocker
description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
ms.author: dansimp
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
@@ -28,9 +28,9 @@ This topic provides a high-level overview of BitLocker, including a list of syst
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
-BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
+BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
-On computers that do not have a TPM version 1.2 or later, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both options do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
+On computers that do not have a TPM version 1.2 or later versions, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, you can use an operating system volume password to protect the operating system volume on a computer without TPM. Both options do not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.
@@ -38,13 +38,13 @@ In addition to the TPM, BitLocker offers the option to lock the normal startup p
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
-There are two additional tools in the Remote Server Administration Tools, which you can use to manage BitLocker.
+There are two additional tools in the Remote Server Administration Tools which you can use to manage BitLocker.
- **BitLocker Recovery Password Viewer**. The BitLocker Recovery Password Viewer enables you to locate and view BitLocker Drive Encryption recovery passwords that have been backed up to Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
By using this tool, you can examine a computer object's **Properties** dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest. To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator.
-- **BitLocker Drive Encryption Tools**. BitLocker Drive Encryption Tools include the command-line tools, manage-bde and repair-bde, and the BitLocker cmdlets for Windows PowerShell. Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the
-BitLocker control panel, and they are appropriate to use for automated deployments and other scripting scenarios. Repair-bde is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or by using the recovery console.
+- **BitLocker Drive Encryption Tools**. BitLocker Drive Encryption Tools include the command-line tools, manage-bde and repair-bde, and the BitLocker cmdlets for Windows PowerShell. Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the
+BitLocker control panel, and they are appropriate to be used for automated deployments and other scripting scenarios. Repair-bde is provided for disaster recovery scenarios in which a BitLocker-protected drive cannot be unlocked normally or by using the recovery console.
## New and changed functionality
@@ -54,7 +54,7 @@ To find out what's new in BitLocker for Windows, such as support for the XTS-AES
BitLocker has the following hardware requirements:
-For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later. If your computer does not have a TPM, enabling BitLocker requires that you save a startup key on a removable device, such as a USB flash drive.
+For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If your computer does not have a TPM, enabling BitLocker makes it mandatory for you to save a startup key on a removable device, such as a USB flash drive.
A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM does not require TCG-compliant firmware.
@@ -64,37 +64,41 @@ The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support th
> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
> [!NOTE]
-> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
->
-> Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI.
+> TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature.
+
+> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
The hard disk must be partitioned with at least two drives:
- The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
-- The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space.
+- The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space.
+
+When installed on a new computer, Windows automatically creates the partitions that are required for BitLocker.
A partition subject to encryption cannot be marked as an active partition (this applies to the operating system, fixed data, and removable data drives).
-When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker.
-When installing the BitLocker optional component on a server you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives.
+When installing the BitLocker optional component on a server, you will also need to install the Enhanced Storage feature, which is used to support hardware encrypted drives.
## In this section
| Topic | Description |
| - | - |
-| [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md) | This topic for the IT professional provides an overview of the ways that BitLocker Device Encryption can help protect data on devices running Windows. |
-| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.|
-| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic for the IT professional explains how can you plan your BitLocker deployment. |
-| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. |
-| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This topic for the IT professional explains how to deploy BitLocker on Windows Server.|
-| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. |
-| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This topic for the IT professional describes how to use tools to manage BitLocker.|
-| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. |
-| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker. |
-| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This topic for IT professionals describes the BCD settings that are used by BitLocker.|
-| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic for IT professionals describes how to recover BitLocker keys from AD DS. |
-| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 11, Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
+| [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md) | This topic provides an overview of the ways in which BitLocker Device Encryption can help protect data on devices running Windows 10. |
+| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This topic answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.|
+| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic explains the procedure you can use to plan your BitLocker deployment. |
+| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic explains how BitLocker features can be used to protect your data through drive encryption. |
+| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This topic explains how to deploy BitLocker on Windows Server.|
+| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This topic describes how BitLocker Network Unlock works and how to configure it. |
+| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This topic describes how to use tools to manage BitLocker.|
+| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This topic describes how to use the BitLocker Recovery Password Viewer. |
+| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This topic describes the function, location, and effect of each group policy setting that is used to manage BitLocker. |
+| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This topic describes the BCD settings that are used by BitLocker.|
+| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic describes how to recover BitLocker keys from AD DS. |
+| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
| [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
-| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.|
-| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core |
+| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic describes how to protect CSVs and SANs with BitLocker.|
+| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic describes how to use BitLocker with Windows IoT Core |
+
+
+
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 50d55f1b6b..390b943e87 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -8,7 +8,7 @@ author: frankroj
ms.author: frankroj
ms.reviewer: rafals
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
@@ -24,9 +24,9 @@ ms.custom: bitlocker
- Windows 11
- Windows Server 2016 and later
-This article for IT professionals describes how to recover BitLocker keys from Active Directory Domain Services (AD DS).
+This article describes how to recover BitLocker keys from AD DS.
-Organizations can use BitLocker recovery information saved in AD DS to access BitLocker-protected data. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended.
+Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. It's recommended to create a recovery model for BitLocker while you are planning your BitLocker deployment.
This article assumes that you understand how to set up AD DS to back up BitLocker recovery information automatically, and what types of recovery information are saved to AD DS.
@@ -37,10 +37,9 @@ This article does not detail how to configure AD DS to store the BitLocker reco
BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario, you have the following options to restore access to the drive:
-- The user can supply the recovery password. If your organization allows users to print or store recovery passwords, the user can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft Account online. (Saving a recovery password with your Microsoft Account online is only allowed when BitLocker is used on a PC that is not a member of a domain).
-- A data recovery agent can use their credentials to unlock the drive. If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it.
-- A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive. Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed. This method requires that you have enabled this recovery method in the BitLocker Group Policy setting **Choose how BitLocker-protected operating system drives can be recovered** located at **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** in the Local Group Policy Editor. For more information, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-
+- **The user can supply the recovery password.** If your organization allows users to print or store recovery passwords, the users can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft account online. (Saving a recovery password with your Microsoft account online is only allowed when BitLocker is used on a PC that is not a member of a domain).
+- **Data recovery agents can use their credentials to unlock the drive.** If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it.
+- **A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive.** Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed. This method makes it mandatory for you to enable this recovery method in the BitLocker group policy setting **Choose how BitLocker-protected operating system drives can be recovered** located at **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** in the Local Group Policy Editor. For more information, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
### What causes BitLocker recovery?
@@ -85,34 +84,36 @@ The following list provides examples of specific events that will cause BitLocke
- Adding or removing add-in cards (such as video or network cards), or upgrading firmware on add-in cards.
- Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive.
-> [!NOTE]
-> Before you begin recovery, we recommend that you determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker will reseal the encryption key to the current values of the measured components.
+> [!NOTE]
+> Before you begin recovery, we recommend that you determine what caused recovery. This might help prevent the problem from occurring again in the future. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. After the recovery password has been used to recover access to the PC, BitLocker reseals the encryption key to the current values of the measured components.
+
For planned scenarios, such as a known hardware or firmware upgrades, you can avoid initiating recovery by temporarily suspending BitLocker protection. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key.
> [!NOTE]
> If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool.
-If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
+If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker network unlock feature to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method.
Recovery has been described within the context of unplanned or undesired behavior, but you can also cause recovery as an intended production scenario, in order to manage access control. For example, when you redeploy desktop or laptop computers to other departments or employees in your enterprise, you can force BitLocker into recovery before the computer is given to a new user.
-
## Testing recovery
Before you create a thorough BitLocker recovery process, we recommend that you test how the recovery process works for both end users (people who call your helpdesk for the recovery password) and administrators (people who help the end user get the recovery password). The -forcerecovery command of manage-bde is an easy way for you to step through the recovery process before your users encounter a recovery situation.
**To force a recovery for the local computer:**
-1. Select the **Start** button, type *cmd* in the **Start Search** box, right-click **cmd.exe**, and then select **Run as administrator**.
-2. At the command prompt, type the following command and then press **Enter**:
- `manage-bde -forcerecovery
We recommend monitoring Failure access attempts: the volume should not be high. You will be able to see who was not able to get access to a file or folder on a network share on a computer. |
-| Member Server | IF | Yes | IF | Yes | IF – If a server has shared network folders that typically get many access requests (File Server, for example), the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers should not be high (if they are not File Servers). With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
-| Workstation | IF | Yes | IF | Yes | IF – If a workstation has shared network folders that typically get many access requests, the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations should not be high. With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
+| Domain Controller | No | Yes | No | Yes | Audit Success for this subcategory on domain controllers typically will lead to high volume of events, especially for SYSVOL share.
We recommend monitoring Failure access attempts: the volume shouldn't be high. You will be able to see who wasn't able to get access to a file or folder on a network share on a computer. |
+| Member Server | IF | Yes | IF | Yes | IF – If a server has shared network folders that typically get many access requests (File Server, for example), the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use the [Audit File System](audit-file-system.md) subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for member servers shouldn't be high (if they aren't File Servers). With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
+| Workstation | IF | Yes | IF | Yes | IF – If a workstation has shared network folders that typically get many access requests, the volume of events might be high. If you really need to track all successful access events for every file or folder located on a shared folder, enable Success auditing or use Audit File System subcategory, although that subcategory excludes some information in Audit Detailed File Share, for example, the client’s IP address.
The volume of Failure events for workstations shouldn't be high. With Failure auditing, you can see who can't access a file or folder on a network share on this computer. |
**Events List:**
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md
index c6e8118ded..c954c98ef9 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Directory Service Access
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
index caa1701475..5aa0e36978 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Directory Service Changes
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
index 5a424dae77..f9c45299fe 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Directory Service Replication
diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
index 76eb29a0bc..23341f0d60 100644
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Distribution Group Management
diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
index 00a34ebb03..bc24e85d75 100644
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit DPAPI Activity
diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md
index 29e1ca9570..59c2d6638e 100644
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit File Share
diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md
index 12885568e0..c9a66ed82e 100644
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit File System
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
index d7e01c186a..7984928783 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Filtering Platform Connection
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index 6f9481da89..15c0bc27d2 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Filtering Platform Packet Drop
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
index ae7aca862f..b8f192cccd 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Filtering Platform Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index 1ae73ba656..b3740aca1a 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Group Membership
diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
index 84d320a966..c468ff02f3 100644
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Handle Manipulation
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
index a31f2e95b9..dc52d2d90e 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit IPsec Driver
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
index 121c17cdf3..92e2d71f5e 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit IPsec Extended Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
index e250004563..965715efa2 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit IPsec Main Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
index 412c2ed30e..7a8be4ff82 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit IPsec Quick Mode
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
index cf603612e7..98a1c8f558 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Kerberos Authentication Service
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 775390d2fd..135c2882b7 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Kerberos Service Ticket Operations
diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md
index 8d8700c72e..bb5d6d221a 100644
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Kernel Object
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index 764e61eca5..b6108a6488 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Logoff
diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md
index 896c41e4c2..74e7fe7f8f 100644
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Logon
diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
index 25553898cc..a441c97c4c 100644
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit MPSSVC Rule-Level Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md
index c141fc7bf1..6c9a0fb877 100644
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Network Policy Server
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index ead439de46..b9920a8900 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Non-Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index afeebd6098..23ab2587a5 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Account Logon Events
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index 1f3ac84620..7d8e27c634 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Account Management Events
diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
index cfadd950fa..43e4b822aa 100644
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Logon/Logoff Events
diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
index 287ef71e1d..901c4b5a7e 100644
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Object Access Events
diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
index 2ebaf41f93..776b3fdec9 100644
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Policy Change Events
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index 7ffd11fc64..97a8de3544 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other Privilege Use Events
diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md
index dd61dda8ea..015eb3ddea 100644
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Other System Events
diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md
index bae8fa6df6..da07e88f35 100644
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit PNP Activity
diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md
index a2e6e0c9c6..3eb6dcf190 100644
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 03/16/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Process Creation
diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md
index 584f8b8880..60a0a05de7 100644
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Process Termination
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index 13960b7b4c..e67da43c3e 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 01/05/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Registry
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index eae70e36ee..4277dd71c8 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Removable Storage
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index 0b881d3f43..27dc6938be 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit RPC Events
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 4297c79c86..1f295079c7 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit SAM
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 5d21c7bd36..6fe81c704f 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security Group Management
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index 7e25a9e858..94c6d1f229 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security State Change
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index f2a020e961..fbda6e4cbb 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security System Extension
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index 3b87a0810f..eb8714f152 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index ef4cf15494..8f865d11bc 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Special Logon
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index 59ddddcc56..761abff74a 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit System Integrity
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index 5eb81c872a..df3e720b31 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -5,8 +5,8 @@ manager: aaroncz
author: vinaypamnani-msft
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
---
# Audit Token Right Adjusted
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index e1460e7aa6..7efa2301e3 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit User Account Management
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index adfe26b5d1..750c5568ca 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit User/Device Claims
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index fd30c96538..c40298d5a5 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit account logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 5198cd91e7..2327ae1658 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each event of account management on a d
ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit account management
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index 6baff08ecd..bbd62c2d7f 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -4,7 +4,7 @@ description: Determines whether to audit the event of a user accessing an Active
ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit directory service access
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index 414793c373..b502700f38 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index eea30b98ef..5223f78f44 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -4,7 +4,7 @@ description: The policy setting, Audit object access, determines whether to audi
ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit object access
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index b96ea7b99e..698273ad21 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -4,7 +4,7 @@ description: Determines whether to audit every incident of a change to user righ
ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit policy change
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index a0d131b788..202483cba9 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user exercising a us
ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit privilege use
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index e1e8ec83dc..96125dc789 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -4,7 +4,7 @@ description: Determines whether to audit detailed tracking information for event
ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit process tracking
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 0f47401092..951ca143f2 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit when a user restarts or shuts down the
ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit system events
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index ba11dec1f1..e05747ce76 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -4,7 +4,7 @@ description: Learn about basic security audit policies that specify the categori
ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Basic security audit policies
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index 306c7c8339..bbc3b39ae8 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: Basic security audit policy settings are found under Computer Confi
ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Basic security audit policy settings
diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index af627fc630..431c0d89e2 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -4,7 +4,7 @@ description: By defining auditing settings for specific event categories, you ca
ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a basic audit policy for an event category
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index 32ae7fc631..b5e2bfaf89 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -2,7 +2,7 @@
title: 1100(S) The event logging service has shut down. (Windows 10)
description: Describes security event 1100(S) The event logging service has shut down.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1100(S): The event logging service has shut down.
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index 26db20429c..3da9fc2a33 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -2,7 +2,7 @@
title: 1102(S) The audit log was cleared. (Windows 10)
description: Though you shouldn't normally see it, this event generates every time Windows Security audit log is cleared. This is for event 1102(S).
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1102(S): The audit log was cleared.
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 2dc26ce28a..71e08f1f79 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -2,7 +2,7 @@
title: 1104(S) The security log is now full. (Windows 10)
description: This event generates every time Windows security log becomes full and the event log retention method is set to Do not overwrite events.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1104(S): The security log is now full.
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index 876b254fac..6eea66a2d6 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -2,7 +2,7 @@
title: 1105(S) Event log automatic backup. (Windows 10)
description: This event generates every time Windows security log becomes full and new event log file was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1105(S): Event log automatic backup
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index b29bdbea27..3ef547a322 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -2,7 +2,7 @@
title: The event logging service encountered an error (Windows 10)
description: Describes security event 1108(S) The event logging service encountered an error while processing an incoming event published from %1.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index e461d3a1f0..51e0c51819 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -2,7 +2,7 @@
title: 4608(S) Windows is starting up. (Windows 10)
description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4608(S): Windows is starting up.
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index a9256d7167..cbb410b55d 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -2,7 +2,7 @@
title: 4610(S) An authentication package has been loaded by the Local Security Authority. (Windows 10)
description: Describes security event 4610(S) An authentication package has been loaded by the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4610(S): An authentication package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index ddfd12cebd..0f4b7b7a55 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -2,7 +2,7 @@
title: 4611(S) A trusted logon process has been registered with the Local Security Authority. (Windows 10)
description: Describes security event 4611(S) A trusted logon process has been registered with the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index 1894b7e87a..15ba866bce 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -2,7 +2,7 @@
title: 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. (Windows 10)
description: Describes security event 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index 00aa2bf61d..1dbbdeeefe 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -2,7 +2,7 @@
title: 4614(S) A notification package has been loaded by the Security Account Manager. (Windows 10)
description: Describes security event 4614(S) A notification package has been loaded by the Security Account Manager.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4614(S): A notification package has been loaded by the Security Account Manager.
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index a71a72d981..d3cd763690 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -2,7 +2,7 @@
title: 4615(S) Invalid use of LPC port. (Windows 10)
description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4615(S): Invalid use of LPC port.
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 62f402ee6c..6c96460629 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -2,7 +2,7 @@
title: 4616(S) The system time was changed. (Windows 10)
description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4616(S): The system time was changed.
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index 52790766da..dcbe79c3ac 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -2,7 +2,7 @@
title: 4618(S) A monitored security event pattern has occurred. (Windows 10)
description: Describes security event 4618(S) A monitored security event pattern has occurred.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4618(S): A monitored security event pattern has occurred.
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 145a52481e..8d85ca11c8 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -2,7 +2,7 @@
title: 4621(S) Administrator recovered system from CrashOnAuditFail. (Windows 10)
description: Describes security event 4621(S) Administrator recovered system from CrashOnAuditFail.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4621(S): Administrator recovered system from CrashOnAuditFail.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index d71804453a..b4d338e351 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -2,7 +2,7 @@
title: 4622(S) A security package has been loaded by the Local Security Authority. (Windows 10)
description: Describes security event 4622(S) A security package has been loaded by the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4622(S): A security package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index af8492549e..9a4d514219 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -2,7 +2,7 @@
title: 4624(S) An account was successfully logged on. (Windows 10)
description: Describes security event 4624(S) An account was successfully logged on.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4624(S): An account was successfully logged on.
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index a8cf41f43c..0f5213ddb9 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -2,7 +2,7 @@
title: 4625(F) An account failed to log on. (Windows 10)
description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 01/03/2022
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4625(F): An account failed to log on.
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 40dda4fb91..d855d40847 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -2,7 +2,7 @@
title: 4626(S) User/Device claims information. (Windows 10)
description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4626(S): User/Device claims information.
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 2ced3b38aa..b86dcd5739 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -2,7 +2,7 @@
title: 4627(S) Group membership information. (Windows 10)
description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4627(S): Group membership information.
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index 3c9d5b5fcb..467dedd19f 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -2,7 +2,7 @@
title: 4634(S) An account was logged off. (Windows 10)
description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4634(S): An account was logged off.
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 75ebc4000b..9ff4d6507e 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -2,7 +2,7 @@
title: 4647(S) User initiated logoff. (Windows 10)
description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4647(S): User initiated logoff.
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 38f6872968..b0cab6c7cd 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -2,7 +2,7 @@
title: 4648(S) A logon was attempted using explicit credentials. (Windows 10)
description: Describes security event 4648(S) A logon was attempted using explicit credentials.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4648(S): A logon was attempted using explicit credentials.
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index eb4add10ec..4447ed9ef5 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -2,7 +2,7 @@
title: 4649(S) A replay attack was detected. (Windows 10)
description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4649(S): A replay attack was detected.
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index e00a414562..4f9aa3d55a 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -2,7 +2,7 @@
title: 4656(S, F) A handle to an object was requested. (Windows 10)
description: Describes security event 4656(S, F) A handle to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4656(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index 5d5f2aa622..fbe96e603d 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -2,7 +2,7 @@
title: 4657(S) A registry value was modified. (Windows 10)
description: Describes security event 4657(S) A registry value was modified. This event is generated when a registry key value is modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4657(S): A registry value was modified.
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 2529318f4c..c577dd8cb1 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -2,7 +2,7 @@
title: 4658(S) The handle to an object was closed. (Windows 10)
description: Describes security event 4658(S) The handle to an object was closed. This event is generated when the handle to an object is closed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4658(S): The handle to an object was closed.
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 78d23e5710..52e57a1502 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -2,7 +2,7 @@
title: 4660(S) An object was deleted. (Windows 10)
description: Describes security event 4660(S) An object was deleted. This event is generated when an object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4660(S): An object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index 21aab6e49b..bf8b9b0543 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -2,7 +2,7 @@
title: 4661(S, F) A handle to an object was requested. (Windows 10)
description: Describes security event 4661(S, F) A handle to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4661(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index 46ca1c34bf..cdc37e9ac3 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -2,7 +2,7 @@
title: 4662(S, F) An operation was performed on an object. (Windows 10)
description: Describes security event 4662(S, F) An operation was performed on an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4662(S, F): An operation was performed on an object.
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index b407e338d2..e92604294e 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -2,7 +2,7 @@
title: 4663(S) An attempt was made to access an object. (Windows 10)
description: Describes security event 4663(S) An attempt was made to access an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4663(S): An attempt was made to access an object.
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index c3c06a1bff..5d20d8cbda 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -2,7 +2,7 @@
title: 4664(S) An attempt was made to create a hard link. (Windows 10)
description: Describes security event 4664(S) An attempt was made to create a hard link.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4664(S): An attempt was made to create a hard link.
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 3c34a477b3..1775901f8b 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -2,7 +2,7 @@
title: 4670(S) Permissions on an object were changed. (Windows 10)
description: Describes security event 4670(S) Permissions on an object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4670(S): Permissions on an object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index b3d70bd49a..7a1ee6965a 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -2,7 +2,7 @@
title: 4671(-) An application attempted to access a blocked ordinal through the TBS. (Windows 10)
description: Describes security event 4671(-) An application attempted to access a blocked ordinal through the TBS.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4671(-): An application attempted to access a blocked ordinal through the TBS.
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index b1dcd19a2f..25a4365bb7 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -2,7 +2,7 @@
title: 4672(S) Special privileges assigned to new logon. (Windows 10)
description: Describes security event 4672(S) Special privileges assigned to new logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4672(S): Special privileges assigned to new logon.
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index 816f3243d3..e4ba4b8a01 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -2,7 +2,7 @@
title: 4673(S, F) A privileged service was called. (Windows 10)
description: Describes security event 4673(S, F) A privileged service was called. This event is generated for an attempt to perform privileged system service operations.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4673(S, F): A privileged service was called.
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 4811afdc89..09b8e8a50e 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -2,7 +2,7 @@
title: 4674(S, F) An operation was attempted on a privileged object. (Windows 10)
description: Describes security event 4674(S, F) An operation was attempted on a privileged object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4674(S, F): An operation was attempted on a privileged object.
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index c39393eaeb..8a6b84b8e9 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -2,7 +2,7 @@
title: 4675(S) SIDs were filtered. (Windows 10)
description: Describes security event 4675(S) SIDs were filtered. This event is generated when SIDs were filtered for a specific Active Directory trust.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4675(S): SIDs were filtered.
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 9fb85668e9..3de0d6acc5 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -2,7 +2,7 @@
title: 4688(S) A new process has been created. (Windows 10)
description: Describes security event 4688(S) A new process has been created. This event is generated when a new process starts.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 01/24/2022
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4688(S): A new process has been created.
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 4ce41a0a7f..e64fd85f5a 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -2,7 +2,7 @@
title: 4689(S) A process has exited. (Windows 10)
description: Describes security event 4689(S) A process has exited. This event is generates when a process exits.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4689(S): A process has exited.
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index d199963bc4..25c57686e5 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -2,7 +2,7 @@
title: 4690(S) An attempt was made to duplicate a handle to an object. (Windows 10)
description: Describes security event 4690(S) An attempt was made to duplicate a handle to an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4690(S): An attempt was made to duplicate a handle to an object.
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index c4cabb426e..140889746d 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -2,7 +2,7 @@
title: 4691(S) Indirect access to an object was requested. (Windows 10)
description: Describes security event 4691(S) Indirect access to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4691(S): Indirect access to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index b4655573c6..ac9b7268ca 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -2,7 +2,7 @@
title: 4692(S, F) Backup of data protection master key was attempted. (Windows 10)
description: Describes security event 4692(S, F) Backup of data protection master key was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4692(S, F): Backup of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 604b596451..219798f08e 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -2,7 +2,7 @@
title: 4693(S, F) Recovery of data protection master key was attempted. (Windows 10)
description: Describes security event 4693(S, F) Recovery of data protection master key was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4693(S, F): Recovery of data protection master key was attempted.
@@ -25,7 +25,7 @@ ms.technology: windows-sec
This event generates every time that recovery is attempted for a [DPAPI](/previous-versions/ms995355(v=msdn.10)) Master Key.
-While unprotecting data, if DPAPI cannot use the Master Key protected by the user's password, it sends the backup Master Key to a domain controller by using a mutually authenticated and privacy protected RPC call. The domain controller then decrypts the Master Key with its private key and sends it back to the client by using the same protected RPC call. This protected RPC call is used to ensure that no one listening on the network can get the Master Key.
+While unprotecting data, if DPAPI can't use the Master Key protected by the user's password, it sends the backup Master Key to a domain controller by using a mutually authenticated and privacy protected RPC call. The domain controller then decrypts the Master Key with its private key and sends it back to the client by using the same protected RPC call. This protected RPC call is used to ensure that no one listening on the network can get the Master Key.
This event generates on domain controllers, member servers, and workstations.
@@ -79,9 +79,9 @@ Failure event generates when a Master Key restore operation fails for some reaso
**Subject:**
-- **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it can't ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “recover” operation.
@@ -101,13 +101,13 @@ Failure event generates when a Master Key restore operation fails for some reaso
**Key Information:**
-- **Key Identifier** \[Type = UnicodeString\]**:** unique identifier of a master key which was recovered. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is it’s ID.
+- **Key Identifier** \[Type = UnicodeString\]**:** unique identifier of a master key which was recovered. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is its ID.
- **Recovery Server** \[Type = UnicodeString\]: the name (typically – DNS name) of the computer that you contacted to recover your Master Key. For domain joined machines, it’s typically a name of a domain controller.
> **Note** In this event Recovery Server field contains information from Recovery Reason field.
-- **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates a RSA public/private key pair, which is the recovery key. In this field you will see unique Recovery key ID which was used for Master key recovery operation. This parameter might not be captured in the event, and in that case will be empty.
+- **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates an RSA public/private key pair, which is the recovery key. In this field you'll see unique Recovery key ID which was used for Master key recovery operation. This parameter might not be captured in the event, and in that case will be empty.
- **Recovery Reason** \[Type = HexInt32\]: hexadecimal code of recovery reason.
@@ -121,8 +121,8 @@ Failure event generates when a Master Key restore operation fails for some reaso
For 4693(S, F): Recovery of data protection master key was attempted.
-- This event is typically an informational event and it is difficult to detect any malicious activity using this event. It’s mainly used for DPAPI troubleshooting.
+- This event is typically an informational event and it's difficult to detect any malicious activity using this event. It’s mainly used for DPAPI troubleshooting.
- For domain joined computers, **Recovery Reason** should typically be a domain controller DNS name.
-> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
\ No newline at end of file
+> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index 0282e7d3b4..dc24a37fc9 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -2,7 +2,7 @@
title: 4694(S, F) Protection of auditable protected data was attempted. (Windows 10)
description: Describes security event 4694(S, F) Protection of auditable protected data was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4694(S, F): Protection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 0a1c8102df..78c1b43834 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -2,7 +2,7 @@
title: 4695(S, F) Unprotection of auditable protected data was attempted. (Windows 10)
description: Describes security event 4695(S, F) Unprotection of auditable protected data was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4695(S, F): Unprotection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index 503e8c18b5..16c7a8e333 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -2,7 +2,7 @@
title: 4696(S) A primary token was assigned to process. (Windows 10)
description: Describes security event 4696(S) A primary token was assigned to process.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4696(S): A primary token was assigned to process.
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 6ca2ffe88c..348ae3a7a9 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -2,7 +2,7 @@
title: 4697(S) A service was installed in the system. (Windows 10)
description: Describes security event 4697(S) A service was installed in the system.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4697(S): A service was installed in the system.
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index 0e8b5ef51d..7eb2d41a68 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -2,7 +2,7 @@
title: 4698(S) A scheduled task was created. (Windows 10)
description: Describes security event 4698(S) A scheduled task was created. This event is generated when a scheduled task is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4698(S): A scheduled task was created.
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index a9d14b8c99..258b0a31d3 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -2,7 +2,7 @@
title: 4699(S) A scheduled task was deleted. (Windows 10)
description: Describes security event 4699(S) A scheduled task was deleted. This event is generated every time a scheduled task is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4699(S): A scheduled task was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index 9846182ff5..aa1ef1cc10 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -2,7 +2,7 @@
title: 4700(S) A scheduled task was enabled. (Windows 10)
description: Describes security event 4700(S) A scheduled task was enabled. This event is generated every time a scheduled task is enabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4700(S): A scheduled task was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index 8efade99fd..11a6147179 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -2,7 +2,7 @@
title: 4701(S) A scheduled task was disabled. (Windows 10)
description: Describes security event 4701(S) A scheduled task was disabled. This event is generated every time a scheduled task is disabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4701(S): A scheduled task was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 7be335c868..a738b7753e 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -2,7 +2,7 @@
title: 4702(S) A scheduled task was updated. (Windows 10)
description: Describes security event 4702(S) A scheduled task was updated. This event is generated when a scheduled task is updated/changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4702(S): A scheduled task was updated.
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index b96826a470..a4200af9ea 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -2,7 +2,7 @@
title: 4703(S) A user right was adjusted. (Windows 10)
description: Describes security event 4703(S) A user right was adjusted. This event is generated when token privileges are enabled or disabled for a specific account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4703(S): A user right was adjusted.
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index 461a643a95..0780690284 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -2,7 +2,7 @@
title: 4704(S) A user right was assigned. (Windows 10)
description: Describes security event 4704(S) A user right was assigned. This event is generated when a user right is assigned to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4704(S): A user right was assigned.
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 70cfbfdc90..afd7149169 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -2,7 +2,7 @@
title: 4705(S) A user right was removed. (Windows 10)
description: Describes security event 4705(S) A user right was removed. This event is generated when a user right is removed from an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4705(S): A user right was removed.
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index bdbee520fb..c6ff0bb373 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -2,7 +2,7 @@
title: 4706(S) A new trust was created to a domain. (Windows 10)
description: Describes security event 4706(S) A new trust was created to a domain. This event is generated when a new trust is created for a domain.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4706(S): A new trust was created to a domain.
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index 6cd9f771d0..28b13b2cb0 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -2,7 +2,7 @@
title: 4707(S) A trust to a domain was removed. (Windows 10)
description: Describes security event 4707(S) A trust to a domain was removed. This event is generated when a domain trust is removed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4707(S): A trust to a domain was removed.
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 9940e66d35..e92aa50675 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -2,7 +2,7 @@
title: 4713(S) Kerberos policy was changed. (Windows 10)
description: Describes security event 4713(S) Kerberos policy was changed. This event is generated when Kerberos policy is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4713(S): Kerberos policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index 38aad24335..77709fc5c7 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -2,7 +2,7 @@
title: 4714(S) Encrypted data recovery policy was changed. (Windows 10)
description: Describes security event 4714(S) Encrypted data recovery policy was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4714(S): Encrypted data recovery policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index 129d5815bb..82b24bae92 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -2,7 +2,7 @@
title: 4715(S) The audit policy (SACL) on an object was changed. (Windows 10)
description: Describes security event 4715(S) The audit policy (SACL) on an object was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4715(S): The audit policy (SACL) on an object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index cd10d369cb..f6d57fece2 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -2,7 +2,7 @@
title: 4716(S) Trusted domain information was modified. (Windows 10)
description: Describes security event 4716(S) Trusted domain information was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4716(S): Trusted domain information was modified.
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index 7f78cff24b..dc449a8758 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -2,7 +2,7 @@
title: 4717(S) System security access was granted to an account. (Windows 10)
description: Describes security event 4717(S) System security access was granted to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4717(S): System security access was granted to an account.
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 244c704a46..7a47fa5d37 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -2,7 +2,7 @@
title: 4718(S) System security access was removed from an account. (Windows 10)
description: Describes security event 4718(S) System security access was removed from an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4718(S): System security access was removed from an account.
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 7573462403..97711ffdf7 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -2,7 +2,7 @@
title: 4719(S) System audit policy was changed. (Windows 10)
description: Describes security event 4719(S) System audit policy was changed. This event is generated when the computer audit policy changes.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4719(S): System audit policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index 92f0e29689..bb732fd1dd 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -2,7 +2,7 @@
title: 4720(S) A user account was created. (Windows 10)
description: Describes security event 4720(S) A user account was created. This event is generated a user object is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4720(S): A user account was created.
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index 4c4760577c..1d82961714 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -2,7 +2,7 @@
title: 4722(S) A user account was enabled. (Windows 10)
description: Describes security event 4722(S) A user account was enabled. This event is generated when a user or computer object is enabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4722(S): A user account was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index 8f28c2cd9e..f63004d706 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -2,7 +2,7 @@
title: 4723(S, F) An attempt was made to change an account's password. (Windows 10)
description: Describes security event 4723(S, F) An attempt was made to change an account's password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4723(S, F): An attempt was made to change an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index 86ee75c102..a36b61acac 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -2,7 +2,7 @@
title: 4724(S, F) An attempt was made to reset an account's password. (Windows 10)
description: Describes security event 4724(S, F) An attempt was made to reset an account's password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4724(S, F): An attempt was made to reset an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index bb763a6d94..731fa570ad 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -2,7 +2,7 @@
title: 4725(S) A user account was disabled. (Windows 10)
description: Describes security event 4725(S) A user account was disabled. This event is generated when a user or computer object is disabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4725(S): A user account was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index 3b94a9d932..620ba8bbeb 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -2,7 +2,7 @@
title: 4726(S) A user account was deleted. (Windows 10)
description: Describes security event 4726(S) A user account was deleted. This event is generated when a user object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4726(S): A user account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 14024e54dc..39426b84ac 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -2,7 +2,7 @@
title: 4731(S) A security-enabled local group was created. (Windows 10)
description: Describes security event 4731(S) A security-enabled local group was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4731(S): A security-enabled local group was created.
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index e664066bea..e68eecbb3d 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -2,7 +2,7 @@
title: 4732(S) A member was added to a security-enabled local group. (Windows 10)
description: Describes security event 4732(S) A member was added to a security-enabled local group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4732(S): A member was added to a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index aecd37a11c..b3dcf94109 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -2,7 +2,7 @@
title: 4733(S) A member was removed from a security-enabled local group. (Windows 10)
description: Describes security event 4733(S) A member was removed from a security-enabled local group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4733(S): A member was removed from a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index 4c58d09b59..2f83cfa9a5 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -2,7 +2,7 @@
title: 4734(S) A security-enabled local group was deleted. (Windows 10)
description: Describes security event 4734(S) A security-enabled local group was deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4734(S): A security-enabled local group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index ce3d862ef1..f590b87f44 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -2,7 +2,7 @@
title: 4735(S) A security-enabled local group was changed. (Windows 10)
description: Describes security event 4735(S) A security-enabled local group was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4735(S): A security-enabled local group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index 0c8fb36711..ef5a72da75 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -2,7 +2,7 @@
title: 4738(S) A user account was changed. (Windows 10)
description: Describes security event 4738(S) A user account was changed. This event is generated when a user object is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4738(S): A user account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index 5f10b369d3..4ecbfdf064 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -2,7 +2,7 @@
title: 4739(S) Domain Policy was changed. (Windows 10)
description: Describes security event 4739(S) Domain Policy was changed. This event is generated when certain changes are made to the local computer security policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4739(S): Domain Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 4d0b0d8df2..63c75713f7 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -2,7 +2,7 @@
title: 4740(S) A user account was locked out. (Windows 10)
description: Describes security event 4740(S) A user account was locked out. This event is generated every time a user account is locked out.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4740(S): A user account was locked out.
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 70b34fee70..0152e427a6 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -2,7 +2,7 @@
title: 4741(S) A computer account was created. (Windows 10)
description: Describes security event 4741(S) A computer account was created. This event is generated every time a computer object is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4741(S): A computer account was created.
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index da608ef607..de51f96421 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -2,7 +2,7 @@
title: 4742(S) A computer account was changed. (Windows 10)
description: Describes security event 4742(S) A computer account was changed. This event is generated every time a computer object is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4742(S): A computer account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index e439cd89ae..cfa007a9b7 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -2,7 +2,7 @@
title: 4743(S) A computer account was deleted. (Windows 10)
description: Describes security event 4743(S) A computer account was deleted. This event is generated every time a computer object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4743(S): A computer account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index fd2d5944a0..f49d9f6c7c 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -2,7 +2,7 @@
title: 4749(S) A security-disabled global group was created. (Windows 10)
description: Describes security event 4749(S) A security-disabled global group was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4749(S): A security-disabled global group was created.
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index f44abd9c34..aa3be8fba0 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -2,7 +2,7 @@
title: 4750(S) A security-disabled global group was changed. (Windows 10)
description: Describes security event 4750(S) A security-disabled global group was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4750(S): A security-disabled global group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index 1f8e570ad1..fdd8a37fcc 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -2,7 +2,7 @@
title: 4751(S) A member was added to a security-disabled global group. (Windows 10)
description: Describes security event 4751(S) A member was added to a security-disabled global group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4751(S): A member was added to a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index dfb6e1ca78..d49e422f9e 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -2,7 +2,7 @@
title: 4752(S) A member was removed from a security-disabled global group. (Windows 10)
description: Describes security event 4752(S) A member was removed from a security-disabled global group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4752(S): A member was removed from a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index d058d6c67b..b5f941a040 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -2,7 +2,7 @@
title: 4753(S) A security-disabled global group was deleted. (Windows 10)
description: Describes security event 4753(S) A security-disabled global group was deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4753(S): A security-disabled global group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 1d1c326b32..85824b3df3 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -2,7 +2,7 @@
title: 4764(S) A group's type was changed. (Windows 10)
description: Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4764(S): A group’s type was changed.
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index 975ba6c6fd..cf78144c6a 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -2,7 +2,7 @@
title: 4765(S) SID History was added to an account. (Windows 10)
description: Describes security event 4765(S) SID History was added to an account. This event is generated when SID History is added to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4765(S): SID History was added to an account.
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index f4c4c72b08..4178c53a80 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -2,7 +2,7 @@
title: 4766(F) An attempt to add SID History to an account failed. (Windows 10)
description: Describes security event 4766(F) An attempt to add SID History to an account failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4766(F): An attempt to add SID History to an account failed.
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index 15cbfe61f0..21beb6c3ec 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -2,7 +2,7 @@
title: 4767(S) A user account was unlocked. (Windows 10)
description: Describes security event 4767(S) A user account was unlocked. This event is generated every time a user account is unlocked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4767(S): A user account was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 2504a29182..1eded19698 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -2,7 +2,7 @@
title: 4768(S, F) A Kerberos authentication ticket (TGT) was requested. (Windows 10)
description: Describes security event 4768(S, F) A Kerberos authentication ticket (TGT) was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 10/20/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
@@ -180,11 +180,11 @@ The most common values:
| 14 | Request-anonymous | KILE not use this flag. |
| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the "canonicalize" KDC option for the AS-REQ or TGS-REQ. |
| 16-25 | Unused | - |
-| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag is not supported by KILE. |
+| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag isn't supported by KILE. |
| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
-| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in it’s renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
+| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. |
## Table 2. Kerberos ticket flags
@@ -209,7 +209,7 @@ The most common values:
| 0xA | KDC\_ERR\_CANNOT\_POSTDATE | Ticket (TGT) not eligible for postdating | This error can occur if a client requests postdating of a Kerberos ticket. Postdating is the act of requesting that a ticket’s start time be set into the future.
It also can occur if there is a time difference between the client and the KDC. |
| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There is a time difference between the KDC and the client. |
| 0xC | KDC\_ERR\_POLICY | Requested start time is later than end time | This error is usually the result of logon restrictions in place on a user’s account. For example workstation restriction, smart card authentication requirement or logon time restriction. |
-| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials is not in its Allowed-to-delegate-to list |
+| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials isn't in its Allowed-to-delegate-to list |
| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it cannot decrypt. |
| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it does not have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
@@ -226,7 +226,7 @@ The most common values:
| 0x1D | KDC\_ERR\_SVC\_UNAVAILABLE | KDC is unavailable | No information. |
| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
| 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. |
-| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
+| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server isn't yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
| 0x22 | KRB\_AP\_ERR\_REPEAT | The request is a replay | This error indicates that a specific authenticator showed up twice — the KDC has detected that this session ticket duplicates one that it has already received. |
| 0x23 | KRB\_AP\_ERR\_NOT\_US | The ticket is not for us | The server has received a ticket that was meant for a different realm. |
| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There is an account mismatch during protocol transition. |
@@ -236,18 +236,18 @@ The most common values:
| 0x28 | KRB\_AP\_ERR\_MSG\_TYPE | Message type is unsupported | This message is generated when target server finds that message format is wrong. This applies to KRB\_AP\_REQ, KRB\_SAFE, KRB\_PRIV and KRB\_CRED messages.
This error also generated if use of UDP protocol is being attempted with User-to-User authentication. |
| 0x29 | KRB\_AP\_ERR\_MODIFIED | Message stream modified and checksum didn't match | The authentication data was encrypted with the wrong key for the intended server.
The authentication data was modified in transit by a hardware or software error, or by an attacker.
The client sent the authentication data to the wrong server because incorrect DNS data caused the client to send the request to the wrong server.
The client sent the authentication data to the wrong server because DNS data was out-of-date on the client. |
| 0x2A | KRB\_AP\_ERR\_BADORDER | Message out of order (possible tampering) | This event generates for KRB\_SAFE and KRB\_PRIV messages if an incorrect sequence number is included, or if a sequence number is expected but not present. See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
-| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ is not one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
+| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key isn't available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ isn't one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
| 0x2D | KRB\_AP\_ERR\_NOKEY | Service key not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. Because it is possible for the server to be registered in multiple realms, with different keys in each, the realm field in the unencrypted portion of the ticket in the KRB\_AP\_REQ is used to specify which secret key the server should use to decrypt that ticket. The KRB\_AP\_ERR\_NOKEY error code is returned if the server doesn't have the proper key to decipher the ticket. |
| 0x2E | KRB\_AP\_ERR\_MUT\_FAIL | Mutual authentication failed | No information. |
| 0x2F | KRB\_AP\_ERR\_BADDIRECTION | Incorrect message direction | No information. |
-| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
+| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According to [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
| 0x31 | KRB\_AP\_ERR\_BADSEQ | Incorrect sequence number in message | No information. |
-| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after that, the user-supplied checksum in the Authenticator MUST be verified against the contents of the request. The message MUST be rejected either if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum is not collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
+| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after that, the user-supplied checksum in the Authenticator MUST be verified against the contents of the request. The message MUST be rejected either if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum isn't collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
| 0x33 | KRB\_AP\_PATH\_NOT\_ACCEPTED | Desired path is unreachable | No information. |
| 0x34 | KRB\_ERR\_RESPONSE\_TOO\_BIG | Too much data | The size of a ticket is too large to be transmitted reliably via UDP. In a Windows environment, this message is purely informational. A computer running a Windows operating system will automatically try TCP if UDP fails. |
| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes have not propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that does not understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
-| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) is not trusted by the domain controller. |
+| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or isn't implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) isn't trusted by the domain controller. |
| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client does not possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
| 0x40 | KDC\_ERR\_INVALID\_SIG | The signature is invalid | This error is related to PKINIT. If a PKI trust relationship exists, the KDC then verifies the client's signature on AuthPack (TGT request signature). If that fails, the KDC returns an error message of type KDC\_ERR\_INVALID\_SIG. |
| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they do not (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
@@ -317,11 +317,11 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Supplied Realm Name”** corresponding to another domain or “external” location. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**User ID”** for names that don’t comply with naming conventions. |
-- You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP address range or not from private IP address ranges.
+- You can track all [4768](event-4768.md) events where the **Client Address** isn't from your internal IP address range or not from private IP address ranges.
-- If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** is not from the allowlist, generate the alert.
+- If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** isn't from the allowlist, generate the alert.
-- All **Client Address** = ::1 means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** is not allowed to log on to any domain controller.
+- All **Client Address** = `::1` means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = `::1` and **Account Name** isn't allowed to log on to any domain controller.
- All [4768](event-4768.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index b6d214a0e6..bcf3312248 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -2,7 +2,7 @@
title: 4769(S, F) A Kerberos service ticket was requested. (Windows 10)
description: Describes security event 4769(S, F) A Kerberos service ticket was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4769(S, F): A Kerberos service ticket was requested.
@@ -27,9 +27,9 @@ This event generates every time Key Distribution Center gets a Kerberos Ticket G
This event generates only on domain controllers.
-If TGS issue fails then you will see Failure event with **Failure Code** field not equal to “**0x0**”.
+If TGS issue fails then you'll see Failure event with **Failure Code** field not equal to “**0x0**”.
-You will typically see many Failure events with **Failure Code** “**0x20**”, which simply means that a TGS ticket has expired. These are informational messages and have little to no security relevance.
+You'll typically see many Failure events with **Failure Code** “**0x20**”, which simply means that a TGS ticket has expired. These are informational messages and have little to no security relevance.
> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@@ -86,7 +86,7 @@ You will typically see many Failure events with **Failure Code** “**0x20**”,
- Computer account example: WIN81$@CONTOSO.LOCAL
- > **Note** Although this field is in the UPN format, this is not the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name.
+ > **Note** Although this field is in the UPN format, this isn't the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name.
This parameter in this event is optional and can be empty in some cases.
@@ -112,11 +112,11 @@ You will typically see many Failure events with **Failure Code** “**0x20**”,
- This parameter in this event is optional and can be empty in some cases.
-- **Service ID** \[Type = SID\]**:** SID of the account or computer object for which the TGS ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Service ID** \[Type = SID\]**:** SID of the account or computer object for which the TGS ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
- **NULL SID** – this value shows in Failure events.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it can't ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
**Network Information:**
@@ -173,12 +173,12 @@ The most common values:
| 14 | Request-anonymous | KILE not use this flag. |
| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the “canonicalize” KDC option for the AS-REQ or TGS-REQ. |
| 16-25 | Unused | - |
-| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag is not supported by KILE. |
-| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
+| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag isn't supported by KILE. |
+| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life can't otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
-| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
-| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. |
+| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field hasn't passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
+| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. |
| ## Table 4. Kerberos encryption types | | |
- **Ticket Encryption Type**: \[Type = HexInt32\]: the cryptographic suite that was used for issued TGS.
@@ -204,56 +204,56 @@ The most common values:
| 0x4 | KDC\_ERR\_C\_OLD\_MAST\_KVNO | Client's key encrypted in old master key | No information. |
| 0x5 | KDC\_ERR\_S\_OLD\_MAST\_KVNO | Server's key encrypted in old master key | No information. |
| 0x6 | KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN | Client not found in Kerberos database | The username doesn’t exist. |
-| 0x7 | KDC\_ERR\_S\_PRINCIPAL\_UNKNOWN | Server not found in Kerberos database | This error can occur if the domain controller cannot find the server’s name in Active Directory. This error is similar to KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN except that it occurs when the server name cannot be found. |
+| 0x7 | KDC\_ERR\_S\_PRINCIPAL\_UNKNOWN | Server not found in Kerberos database | This error can occur if the domain controller can't find the server’s name in Active Directory. This error is similar to KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN except that it occurs when the server name can't be found. |
| 0x8 | KDC\_ERR\_PRINCIPAL\_NOT\_UNIQUE | Multiple principal entries in KDC database | This error occurs if duplicate principal names exist. Unique principal names are crucial for ensuring mutual authentication. Thus, duplicate principal names are strictly forbidden, even across multiple realms. Without unique principal names, the client has no way of ensuring that the server it is communicating with is the correct one. |
| 0x9 | KDC\_ERR\_NULL\_KEY | The client or server has a null key (master key) | No master key was found for client or server. Usually it means that administrator should reset the password on the account. |
| 0xA | KDC\_ERR\_CANNOT\_POSTDATE | Ticket (TGT) not eligible for postdating | This error can occur if a client requests postdating of a Kerberos ticket. Postdating is the act of requesting that a ticket’s start time be set into the future.
It also can occur if there is a time difference between the client and the KDC. |
-| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There is a time difference between the KDC and the client. |
+| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There's a time difference between the KDC and the client. |
| 0xC | KDC\_ERR\_POLICY | Requested start time is later than end time | This error is usually the result of logon restrictions in place on a user’s account. For example workstation restriction, smart card authentication requirement or logon time restriction. |
-| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials is not in its Allowed-to-delegate-to list |
-| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it cannot decrypt. |
-| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it does not have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
-| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials isn't in its Allowed-to-delegate-to list |
+| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it can't decrypt. |
+| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it doesn't have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
+| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate can't be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA can't be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
| 0x11 | KDC\_ERR\_TRTYPE\_NO\_SUPP | KDC has no support for transited type | No information. |
| 0x12 | KDC\_ERR\_CLIENT\_REVOKED | Client’s credentials have been revoked | This might be because of an explicit disabling or because of other restrictions in place on the account. For example: account disabled, expired, or locked out. |
| 0x13 | KDC\_ERR\_SERVICE\_REVOKED | Credentials for server have been revoked | No information. |
| 0x14 | KDC\_ERR\_TGT\_REVOKED | TGT has been revoked | Since the remote KDC may change its PKCROSS key while there are PKCROSS tickets still active, it SHOULD cache the old PKCROSS keys until the last issued PKCROSS ticket expires. Otherwise, the remote KDC will respond to a client with a KRB-ERROR message of type KDC\_ERR\_TGT\_REVOKED. See [RFC1510](https://www.ietf.org/proceedings/49/I-D/draft-ietf-cat-kerberos-pk-cross-07.txt) for more details. |
| 0x15 | KDC\_ERR\_CLIENT\_NOTYET | Client not yet valid—try again later | No information. |
| 0x16 | KDC\_ERR\_SERVICE\_NOTYET | Server not yet valid—try again later | No information. |
-| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
-| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
-| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
+| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired.
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients don't request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
| 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. |
| 0x1B | KDC\_ERR\_MUST\_USE\_USER2USER | Server principal valid for user2user only | This error occurs because the service is missing an SPN. |
-| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
+| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client can't decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
| 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. |
-| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
+| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server isn't yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client aren't synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
| 0x22 | KRB\_AP\_ERR\_REPEAT | The request is a replay | This error indicates that a specific authenticator showed up twice — the KDC has detected that this session ticket duplicates one that it has already received. |
| 0x23 | KRB\_AP\_ERR\_NOT\_US | The ticket is not for us | The server has received a ticket that was meant for a different realm. |
-| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There is an account mismatch during protocol transition. |
+| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There's an account mismatch during protocol transition. |
| 0x25 | KRB\_AP\_ERR\_SKEW | The clock skew is too great | This error is logged if a client computer sends a timestamp whose value differs from that of the server’s timestamp by more than the number of minutes found in the “Maximum tolerance for computer clock synchronization” setting in Kerberos policy. |
| 0x26 | KRB\_AP\_ERR\_BADADDR | Network address in network layer header doesn't match address inside ticket | Session tickets MAY include the addresses from which they are valid. This error can occur if the address of the computer sending the ticket is different from the valid address in the ticket. A possible cause of this could be an Internet Protocol (IP) address change. Another possible cause is when a ticket is passed through a proxy server or NAT. The client is unaware of the address scheme used by the proxy server, so unless the program caused the client to request a proxy server ticket with the proxy server's source address, the ticket could be invalid. |
| 0x27 | KRB\_AP\_ERR\_BADVERSION | Protocol version numbers don't match (PVNO) | When an application receives a KRB\_SAFE message, it verifies it. If any error occurs, an error code is reported for use by the application.
The message is first checked by verifying that the protocol version and type fields match the current version and KRB\_SAFE, respectively. A mismatch generates a KRB\_AP\_ERR\_BADVERSION.
See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
| 0x28 | KRB\_AP\_ERR\_MSG\_TYPE | Message type is unsupported | This message is generated when target server finds that message format is wrong. This applies to KRB\_AP\_REQ, KRB\_SAFE, KRB\_PRIV and KRB\_CRED messages.
This error also generated if use of UDP protocol is being attempted with User-to-User authentication. |
| 0x29 | KRB\_AP\_ERR\_MODIFIED | Message stream modified and checksum didn't match | The authentication data was encrypted with the wrong key for the intended server.
The authentication data was modified in transit by a hardware or software error, or by an attacker.
The client sent the authentication data to the wrong server because incorrect DNS data caused the client to send the request to the wrong server.
The client sent the authentication data to the wrong server because DNS data was out-of-date on the client. |
| 0x2A | KRB\_AP\_ERR\_BADORDER | Message out of order (possible tampering) | This event generates for KRB\_SAFE and KRB\_PRIV messages if an incorrect sequence number is included, or if a sequence number is expected but not present. See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
-| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ is not one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
+| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ isn't one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
| 0x2D | KRB\_AP\_ERR\_NOKEY | Service key not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. Because it is possible for the server to be registered in multiple realms, with different keys in each, the realm field in the unencrypted portion of the ticket in the KRB\_AP\_REQ is used to specify which secret key the server should use to decrypt that ticket. The KRB\_AP\_ERR\_NOKEY error code is returned if the server doesn't have the proper key to decipher the ticket. |
| 0x2E | KRB\_AP\_ERR\_MUT\_FAIL | Mutual authentication failed | No information. |
| 0x2F | KRB\_AP\_ERR\_BADDIRECTION | Incorrect message direction | No information. |
-| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
+| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According to [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
| 0x31 | KRB\_AP\_ERR\_BADSEQ | Incorrect sequence number in message | No information. |
-| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after the user-supplied checksum in the Authenticator MUST be verified against the contents of the request, and the message MUST be rejected if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum is not collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
+| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after the user-supplied checksum in the Authenticator MUST be verified against the contents of the request, and the message MUST be rejected if the checksums don't match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum isn't collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
| 0x33 | KRB\_AP\_PATH\_NOT\_ACCEPTED | Desired path is unreachable | No information. |
| 0x34 | KRB\_ERR\_RESPONSE\_TOO\_BIG | Too much data | The size of a ticket is too large to be transmitted reliably via UDP. In a Windows environment, this message is purely informational. A computer running a Windows operating system will automatically try TCP if UDP fails. |
-| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes have not propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
-| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that does not understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
-| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) is not trusted by the domain controller. |
-| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client does not possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
+| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes hanven't propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
+| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that doesn't understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
+| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) isn't trusted by the domain controller. |
+| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client doesn't possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
| 0x40 | KDC\_ERR\_INVALID\_SIG | The signature is invalid | This error is related to PKINIT. If a PKI trust relationship exists, the KDC then verifies the client's signature on AuthPack (TGT request signature). If that fails, the KDC returns an error message of type KDC\_ERR\_INVALID\_SIG. |
-| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they do not (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
+| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they don't (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
| 0x42 | KRB\_AP\_ERR\_USER\_TO\_USER\_REQUIRED | User-to-user authorization is required | In the case that the client application doesn't know that a service requires user-to-user authentication, and requests and receives a conventional KRB\_AP\_REP, the client will send the KRB\_AP\_REP request, and the server will respond with a KRB\_ERROR token as described in [RFC1964](https://tools.ietf.org/html/rfc1964), with a msg-type of KRB\_AP\_ERR\_USER\_TO\_USER\_REQUIRED. |
-| 0x43 | KRB\_AP\_ERR\_NO\_TGT | No TGT was presented or available | In user-to-user authentication if the service does not possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT. |
+| 0x43 | KRB\_AP\_ERR\_NO\_TGT | No TGT was presented or available | In user-to-user authentication if the service doesn't possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT. |
| 0x44 | KDC\_ERR\_WRONG\_REALM | Incorrect domain or principal | Although this error rarely occurs, it occurs when a client presents a cross-realm TGT to a realm other than the one specified in the TGT. Typically, this results from incorrectly configured DNS. |
- **Transited Services** \[Type = UnicodeString\]: this field contains list of SPNs which were requested if Kerberos delegation was used.
@@ -269,17 +269,17 @@ For 4769(S, F): A Kerberos service ticket was requested.
| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“Account Information\\Account Name”** that corresponds to the high-value account or accounts. |
| **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“Account Information\\Account Name”** (with other information) to monitor how or when a particular account is being used. |
| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor this event with the **“Account Information\\Account Name”** that corresponds to the accounts that should never be used. |
-| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Account Information\\Account Domain”** corresponding to another domain or “external” location. |
+| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that aren't allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Account Information\\Account Domain”** corresponding to another domain or “external” location. |
| **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions. | Monitor the target **Computer:** (or other target device) for actions performed by the **“Account Information\\Account Name”** that you are concerned about. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**User ID”** for names that don’t comply with naming conventions. |
- If you know that **Account Name** should never request any tickets for (that is, never get access to) a particular computer account or service account, monitor for [4769](event-4769.md) events with the corresponding **Account Name** and **Service ID** fields.
-- You can track all [4769](event-4769.md) events where the **Client Address** is not from your internal IP range or not from private IP ranges.
+- You can track all [4769](event-4769.md) events where the **Client Address** isn't from your internal IP range or not from private IP ranges.
-- If you know that **Account Name** should be able to request tickets (should be used) only from a known allow list of IP addresses, track all **Client Address** values for this **Account Name** in [4769](event-4769.md) events. If **Client Address** is not from your allow list of IP addresses, generate the alert.
+- If you know that **Account Name** should be able to request tickets (should be used) only from a known allow list of IP addresses, track all **Client Address** values for this **Account Name** in [4769](event-4769.md) events. If **Client Address** isn't from your allow list of IP addresses, generate the alert.
-- All **Client Address** = ::1 means local TGS requests, which means that the **Account Name** logged on to a domain controller before making the TGS request. If you have an allow list of accounts allowed to log on to domain controllers, monitor events with **Client Address** = ::1 and any **Account Name** outside the allow list.
+- All **Client Address** = `::1` means local TGS requests, which means that the **Account Name** logged on to a domain controller before making the TGS request. If you have an allow list of accounts allowed to log on to domain controllers, monitor events with **Client Address** = `::1` and any **Account Name** outside the allow list.
- All [4769](event-4769.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
@@ -287,4 +287,4 @@ For 4769(S, F): A Kerberos service ticket was requested.
- Starting with Windows Vista and Windows Server 2008, monitor for a **Ticket Encryption Type** other than **0x11 and 0x12**. These are the expected values, starting with these operating systems, and represent AES-family algorithms.
-- If you have a list of important **Failure Codes**, monitor for these codes.
\ No newline at end of file
+- If you have a list of important **Failure Codes**, monitor for these codes.
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index ad500f9438..b24835b3ba 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -2,7 +2,7 @@
title: 4770(S) A Kerberos service ticket was renewed. (Windows 10)
description: Describes security event 4770(S) A Kerberos service ticket was renewed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4770(S): A Kerberos service ticket was renewed.
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index 2bf678cb5f..b0725e0cf9 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -2,7 +2,7 @@
title: 4771(F) Kerberos pre-authentication failed. (Windows 10)
description: Describes security event 4771(F) Kerberos pre-authentication failed. This event is generated when the Key Distribution Center fails to issue a Kerberos TGT.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4771(F): Kerberos pre-authentication failed.
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index b47920e1a2..54fdd53057 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -2,7 +2,7 @@
title: 4772(F) A Kerberos authentication ticket request failed. (Windows 10)
description: Describes security event 4772(F) A Kerberos authentication ticket request failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4772(F): A Kerberos authentication ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index 64b64b2a7f..e3ad7e5b20 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -2,7 +2,7 @@
title: 4773(F) A Kerberos service ticket request failed. (Windows 10)
description: Describes security event 4773(F) A Kerberos service ticket request failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4773(F): A Kerberos service ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index d90262ba63..2301e2110f 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -2,22 +2,19 @@
title: 4774(S, F) An account was mapped for logon. (Windows 10)
description: Describes security event 4774(S, F) An account was mapped for logon. This event is generated when an account is mapped for logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/07/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
-# 4774(S, F): An account was mapped for logon.
-
-
-Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx).
+# 4774(S, F): An account was mapped for logon
***Subcategory:*** [Audit Credential Validation](audit-credential-validation.md)
@@ -25,11 +22,11 @@ Success events do not appear to occur. Failure event [has been reported](http://
*An account was mapped for logon.*
-*Authentication Package:Schannel*
+*Authentication Package:* `
To monitor activity of specific user accounts outside of working hours, monitor the appropriate **Logon Account + Source Workstation** pairs. |
| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor this event with the **“Logon Account”** that should never be used. |
| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events. | If this event corresponds to a “allow list-only” action, review the **“Logon Account”** for accounts that are outside the allow list. |
-| **Restricted-use computers**: You might have certain computers from which certain people (accounts) should not log on. | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you are concerned about. |
+| **Restricted-use computers**: You might have certain computers from which certain people (accounts) shouldn't log on. | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you're concerned about. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**Logon Account”** for names that don’t comply with naming conventions. |
-- If NTLM authentication should not be used for a specific account, monitor for that account. Don’t forget that local logon will always use NTLM authentication if an account logs on to a device where its user account is stored.
+- If NTLM authentication shouldn't be used for a specific account, monitor for that account. Don’t forget that local logon will always use NTLM authentication if an account logs on to a device where its user account is stored.
- You can use this event to collect all NTLM authentication attempts in the domain, if needed. Don’t forget that local logon will always use NTLM authentication if the account logs on to a device where its user account is stored.
-- If a local account should be used only locally (for example, network logon or terminal services logon is not allowed), you need to monitor for all events where **Source Workstation** and **Computer** (where the event was generated and where the credentials are stored) have different values.
+- If a local account should be used only locally (for example, network logon or terminal services logon isn't allowed), you need to monitor for all events where **Source Workstation** and **Computer** (where the event was generated and where the credentials are stored) have different values.
- Consider tracking the following errors for the reasons listed:
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 2c4d16c520..21749ac3ac 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -2,7 +2,7 @@
title: 4777(F) The domain controller failed to validate the credentials for an account. (Windows 10)
description: Describes security event 4777(F) The domain controller failed to validate the credentials for an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4777(F): The domain controller failed to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index f0f007b611..f9f3175763 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -2,7 +2,7 @@
title: 4778(S) A session was reconnected to a Window Station. (Windows 10)
description: Describes security event 4778(S) A session was reconnected to a Window Station.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4778(S): A session was reconnected to a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 6968f7112c..4edf0f6668 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -2,7 +2,7 @@
title: 4779(S) A session was disconnected from a Window Station. (Windows 10)
description: Describes security event 4779(S) A session was disconnected from a Window Station.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4779(S): A session was disconnected from a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 4cdb52c09c..982fa983de 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -2,7 +2,7 @@
title: 4780(S) The ACL was set on accounts which are members of administrators groups. (Windows 10)
description: Describes security event 4780(S) The ACL was set on accounts which are members of administrators groups.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4780(S): The ACL was set on accounts which are members of administrators groups.
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index f983f65ab6..856cd7cb4b 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -2,7 +2,7 @@
title: 4781(S) The name of an account was changed. (Windows 10)
description: Describes security event 4781(S) The name of an account was changed. This event is generated every time a user or computer account name is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4781(S): The name of an account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index f99d8cfc38..3a6d312600 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -2,7 +2,7 @@
title: 4782(S) The password hash of an account was accessed. (Windows 10)
description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4782(S): The password hash of an account was accessed.
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index f09632d7ae..7c64bea4eb 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -2,7 +2,7 @@
title: 4793(S) The Password Policy Checking API was called. (Windows 10)
description: Describes security event 4793(S) The Password Policy Checking API was called.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4793(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index bce1242646..8519e79e9d 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -2,7 +2,7 @@
title: 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password. (Windows 10)
description: Describes security event 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 675ac8ae63..396f15d0b2 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -2,7 +2,7 @@
title: 4798(S) A user's local group membership was enumerated. (Windows 10)
description: Describes security event 4798(S) A user's local group membership was enumerated.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4798(S): A user's local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 0f06aa7f65..ad750b391e 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -2,7 +2,7 @@
title: 4799(S) A security-enabled local group membership was enumerated. (Windows 10)
description: Describes security event 4799(S) A security-enabled local group membership was enumerated.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4799(S): A security-enabled local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index d39ab6fe19..87f46d5a18 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -2,7 +2,7 @@
title: 4800(S) The workstation was locked. (Windows 10)
description: Describes security event 4800(S) The workstation was locked. This event is generated when a workstation is locked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4800(S): The workstation was locked.
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index c90c8fdea3..f94c08e08f 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -2,7 +2,7 @@
title: 4801(S) The workstation was unlocked. (Windows 10)
description: Describes security event 4801(S) The workstation was unlocked. This event is generated when workstation is unlocked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4801(S): The workstation was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 4c84f2bd52..6590d5bd4b 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -2,7 +2,7 @@
title: 4802(S) The screen saver was invoked. (Windows 10)
description: Describes security event 4802(S) The screen saver was invoked. This event is generated when screen saver is invoked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4802(S): The screen saver was invoked.
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 5f1894a8cf..2c0e8d441b 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -2,7 +2,7 @@
title: 4803(S) The screen saver was dismissed. (Windows 10)
description: Describes security event 4803(S) The screen saver was dismissed. This event is generated when screen saver is dismissed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4803(S): The screen saver was dismissed.
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 1d6ad4ae29..8d61ef6f9a 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -2,7 +2,7 @@
title: 4816(S) RPC detected an integrity violation while decrypting an incoming message. (Windows 10)
description: Describes security event 4816(S) RPC detected an integrity violation while decrypting an incoming message.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4816(S): RPC detected an integrity violation while decrypting an incoming message.
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 26a781d5fa..2cb3ae3794 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -2,7 +2,7 @@
title: 4817(S) Auditing settings on object were changed. (Windows 10)
description: Describes security event 4817(S) Auditing settings on object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4817(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index baf2779455..25c2111bd2 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -2,7 +2,7 @@
title: 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. (Windows 10)
description: Describes security event 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 4cbfab1be0..69743c28c7 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -2,7 +2,7 @@
title: 4819(S) Central Access Policies on the machine have been changed. (Windows 10)
description: Describes security event 4819(S) Central Access Policies on the machine have been changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4819(S): Central Access Policies on the machine have been changed.
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 220ee7a580..914961945b 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -2,7 +2,7 @@
title: 4826(S) Boot Configuration Data loaded. (Windows 10)
description: Describes security event 4826(S) Boot Configuration Data loaded. This event is generated every time system starts and loads Boot Configuration Data settings.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4826(S): Boot Configuration Data loaded.
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index 61eb307968..e70836a75b 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -2,7 +2,7 @@
title: 4864(S) A namespace collision was detected. (Windows 10)
description: Describes security event 4864(S) A namespace collision was detected. This event is generated when a namespace collision is detected.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4864(S): A namespace collision was detected.
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index bf45074afb..76624588fc 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -2,7 +2,7 @@
title: 4865(S) A trusted forest information entry was added. (Windows 10)
description: Describes security event 4865(S) A trusted forest information entry was added.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4865(S): A trusted forest information entry was added.
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 9386b9cba4..1e1b870506 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -2,7 +2,7 @@
title: 4866(S) A trusted forest information entry was removed. (Windows 10)
description: Describes security event 4866(S) A trusted forest information entry was removed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4866(S): A trusted forest information entry was removed.
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index 6873600fc5..24063dad9d 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -2,7 +2,7 @@
title: 4867(S) A trusted forest information entry was modified. (Windows 10)
description: Describes security event 4867(S) A trusted forest information entry was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4867(S): A trusted forest information entry was modified.
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index c95d24be90..5b2a94af52 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -2,7 +2,7 @@
title: 4902(S) The Per-user audit policy table was created. (Windows 10)
description: Describes security event 4902(S) The Per-user audit policy table was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4902(S): The Per-user audit policy table was created.
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index a7554ed6c4..fd9ee497a2 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -2,7 +2,7 @@
title: 4904(S) An attempt was made to register a security event source. (Windows 10)
description: Describes security event 4904(S) An attempt was made to register a security event source.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4904(S): An attempt was made to register a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index 11a3bf597b..c8ba9bb9c9 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -2,7 +2,7 @@
title: 4905(S) An attempt was made to unregister a security event source. (Windows 10)
description: Describes security event 4905(S) An attempt was made to unregister a security event source.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4905(S): An attempt was made to unregister a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 70848c2c2f..4913d0d431 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -2,7 +2,7 @@
title: 4906(S) The CrashOnAuditFail value has changed. (Windows 10)
description: Describes security event 4906(S) The CrashOnAuditFail value has changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4906(S): The CrashOnAuditFail value has changed.
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 64869d1958..70de13eecf 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -2,7 +2,7 @@
title: 4907(S) Auditing settings on object were changed. (Windows 10)
description: Describes security event 4907(S) Auditing settings on object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4907(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index 62a8a1992e..b5351ecbd4 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -2,7 +2,7 @@
title: 4908(S) Special Groups Logon table modified. (Windows 10)
description: Describes security event 4908(S) Special Groups Logon table modified. This event is generated when the Special Groups Logon table is modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4908(S): Special Groups Logon table modified.
@@ -70,7 +70,7 @@ For more information about Special Groups auditing, see [4908(S): Special Groups
***Field Descriptions:***
-**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
> [!NOTE]
> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
@@ -83,7 +83,7 @@ For more information about Special Groups auditing, see [4908(S): Special Groups
For 4908(S): Special Groups Logon table modified.
-- If you use the Special Groups feature, then this event should be always monitored, especially on high value assets or computers. If this change was not planned, investigate the reason for the change.
+- If you use the Special Groups feature, then this event should be always monitored, especially on high value assets or computers. If this change wasn't planned, investigate the reason for the change.
- If you don’t use the Special Groups feature, then this event should be always monitored because it indicates use of the Special Groups feature outside of your standard procedures.
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index f7e426beac..ab35104b88 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -2,7 +2,7 @@
title: 4909(-) The local policy settings for the TBS were changed. (Windows 10)
description: Describes security event 4909(-) The local policy settings for the TBS were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4909(-): The local policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index 8d9fb6ca5d..2e46e4e49e 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -2,7 +2,7 @@
title: 4910(-) The group policy settings for the TBS were changed. (Windows 10)
description: Describes security event 4910(-) The group policy settings for the TBS were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4910(-): The group policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index 5a07d7a28b..b72644a868 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -2,7 +2,7 @@
title: 4911(S) Resource attributes of the object were changed. (Windows 10)
description: Describes security event 4911(S) Resource attributes of the object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4911(S): Resource attributes of the object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index e3f2374f99..3ac8a96880 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -2,7 +2,7 @@
title: 4912(S) Per User Audit Policy was changed. (Windows 10)
description: Describes security event 4912(S) Per User Audit Policy was changed. This event is generated every time Per User Audit Policy is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4912(S): Per User Audit Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index dcaf7ca359..949b10bd58 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -2,7 +2,7 @@
title: 4913(S) Central Access Policy on the object was changed. (Windows 10)
description: Describes security event 4913(S) Central Access Policy on the object was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4913(S): Central Access Policy on the object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index 346beb3c4b..d39db3ef25 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -2,7 +2,7 @@
title: 4928(S, F) An Active Directory replica source naming context was established. (Windows 10)
description: Describes security event 4928(S, F) An Active Directory replica source naming context was established.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4928(S, F): An Active Directory replica source naming context was established.
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index f3fe7007a4..596b209eb4 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -2,7 +2,7 @@
title: 4929(S, F) An Active Directory replica source naming context was removed. (Windows 10)
description: Describes security event 4929(S, F) An Active Directory replica source naming context was removed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4929(S, F): An Active Directory replica source naming context was removed.
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index 05746193a7..e66843285f 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -2,7 +2,7 @@
title: 4930(S, F) An Active Directory replica source naming context was modified. (Windows 10)
description: Describes security event 4930(S, F) An Active Directory replica source naming context was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4930(S, F): An Active Directory replica source naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index a90d55c58a..27be6fe7ed 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -2,7 +2,7 @@
title: 4931(S, F) An Active Directory replica destination naming context was modified. (Windows 10)
description: Describes security event 4931(S, F) An Active Directory replica destination naming context was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4931(S, F): An Active Directory replica destination naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index 553b1554ab..71e22cd118 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -2,7 +2,7 @@
title: 4932(S) Synchronization of a replica of an Active Directory naming context has begun. (Windows 10)
description: Describes security event 4932(S) Synchronization of a replica of an Active Directory naming context has begun.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4932(S): Synchronization of a replica of an Active Directory naming context has begun.
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index 11c18320c3..3937b0e178 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -2,7 +2,7 @@
title: 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended. (Windows 10)
description: Describes security event 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index b44747fd69..90e2db1e04 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -2,7 +2,7 @@
title: 4934(S) Attributes of an Active Directory object were replicated. (Windows 10)
description: Describes security event 4934(S) Attributes of an Active Directory object were replicated.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4934(S): Attributes of an Active Directory object were replicated.
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index 570b01e598..79ef8d6e1c 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -2,7 +2,7 @@
title: 4935(F) Replication failure begins. (Windows 10)
description: Describes security event 4935(F) Replication failure begins. This event is generated when Active Directory replication failure begins.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4935(F): Replication failure begins.
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 3a7945bdd8..16a640d3bb 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -2,7 +2,7 @@
title: 4936(S) Replication failure ends. (Windows 10)
description: Describes security event 4936(S) Replication failure ends. This event is generated when Active Directory replication failure ends.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4936(S): Replication failure ends.
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index 058fa49bc8..731aceca7a 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -2,7 +2,7 @@
title: 4937(S) A lingering object was removed from a replica. (Windows 10)
description: Describes security event 4937(S) A lingering object was removed from a replica.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4937(S): A lingering object was removed from a replica.
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index 54a708cbbe..7db0bee853 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -2,7 +2,7 @@
title: 4944(S) The following policy was active when the Windows Firewall started. (Windows 10)
description: Describes security event 4944(S) The following policy was active when the Windows Firewall started.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4944(S): The following policy was active when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index b987b1c9a4..8d73c9f148 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -2,7 +2,7 @@
title: 4945(S) A rule was listed when the Windows Firewall started. (Windows 10)
description: Describes security event 4945(S) A rule was listed when the Windows Firewall started.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4945(S): A rule was listed when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index 05a92b02dd..d2fafe1dfc 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -2,7 +2,7 @@
title: 4946(S) A change has been made to Windows Firewall exception list. A rule was added. (Windows 10)
description: Describes security event 4946(S) A change has been made to Windows Firewall exception list. A rule was added.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4946(S): A change has been made to Windows Firewall exception list. A rule was added.
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index 2ba20c744c..674449382b 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -2,7 +2,7 @@
title: 4947(S) A change has been made to Windows Firewall exception list. A rule was modified. (Windows 10)
description: Describes security event 4947(S) A change has been made to Windows Firewall exception list. A rule was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 49a277cb7b..43acd0b7a9 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -2,7 +2,7 @@
title: 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted. (Windows 10)
description: Describes security event 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index 83050f4469..81db5c36c6 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -2,7 +2,7 @@
title: 4949(S) Windows Firewall settings were restored to the default values. (Windows 10)
description: Describes security event 4949(S) Windows Firewall settings were restored to the default values.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4949(S): Windows Firewall settings were restored to the default values.
diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index 9b94938a6b..b4bd969a10 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -2,7 +2,7 @@
title: 4950(S) A Windows Firewall setting has changed. (Windows 10)
description: Describes security event 4950(S) A Windows Firewall setting has changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4950(S): A Windows Firewall setting has changed.
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index 220d2954a4..f585ac4615 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -2,7 +2,7 @@
title: 4951(F) A rule has been ignored because its major version number wasn't recognized by Windows Firewall. (Windows 10)
description: Describes security event 4951(F) A rule has been ignored because its major version number wasn't recognized by Windows Firewall.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4951(F): A rule has been ignored because its major version number wasn't recognized by Windows Firewall.
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index 988c2fcd99..f95423f1c1 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -2,7 +2,7 @@
title: 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. (Windows 10)
description: Security event 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index a69ce28acc..dfce2c4545 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -2,7 +2,7 @@
title: 4953(F) Windows Firewall ignored a rule because it couldn't be parsed. (Windows 10)
description: Describes security event 4953(F) Windows Firewall ignored a rule because it couldn't be parsed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4953(F): Windows Firewall ignored a rule because it couldn't be parsed.
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index c2dedeab3b..09f0a2ce76 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -2,7 +2,7 @@
title: 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied. (Windows 10)
description: Describes security event 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index 1ae59f02ad..2344350879 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -2,7 +2,7 @@
title: 4956(S) Windows Firewall has changed the active profile. (Windows 10)
description: Describes security event 4956(S) Windows Firewall has changed the active profile.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4956(S): Windows Firewall has changed the active profile.
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index bb642deb1b..c408811451 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -2,7 +2,7 @@
title: 4957(F) Windows Firewall did not apply the following rule. (Windows 10)
description: Describes security event 4957(F) Windows Firewall didn't apply the following rule.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4957(F): Windows Firewall did not apply the following rule.
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index eeeab9b126..e05fc62bfa 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -2,7 +2,7 @@
title: 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
description: Describes security event 4958(F) Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index 4066f73396..6c8452f0d6 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -2,7 +2,7 @@
title: 4964(S) Special groups have been assigned to a new logon. (Windows 10)
description: Describes security event 4964(S) Special groups have been assigned to a new logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4964(S): Special groups have been assigned to a new logon.
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index 225d1d08a8..b5cdedc6a7 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -2,7 +2,7 @@
title: 4985(S) The state of a transaction has changed. (Windows 10)
description: Describes security event 4985(S) The state of a transaction has changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4985(S): The state of a transaction has changed.
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index 2c1c44e3fe..c6f473df75 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -2,7 +2,7 @@
title: 5024(S) The Windows Firewall Service has started successfully. (Windows 10)
description: Describes security event 5024(S) The Windows Firewall Service has started successfully.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5024(S): The Windows Firewall Service has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index e3fe8ec3be..4dd4c320c6 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -2,7 +2,7 @@
title: 5025(S) The Windows Firewall Service has been stopped. (Windows 10)
description: Describes security event 5025(S) The Windows Firewall Service has been stopped.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5025(S): The Windows Firewall Service has been stopped.
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index 1610a55ecb..652dac8c47 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -2,7 +2,7 @@
title: 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. (Windows 10)
description: Details on security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index 6bafd59bdf..6650d79ec5 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -2,7 +2,7 @@
title: 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. (Windows 10)
description: Describes security event 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index 0374f795d3..7ca1bb4522 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -2,7 +2,7 @@
title: 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. (Windows 10)
description: Describes security event 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index 785312b335..24660d6d45 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -2,7 +2,7 @@
title: 5030(F) The Windows Firewall Service failed to start. (Windows 10)
description: Describes security event 5030(F) The Windows Firewall Service failed to start.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5030(F): The Windows Firewall Service failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index 961e0a0e16..c328c46107 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -5,13 +5,13 @@ manager: aaroncz
ms.author: vinpa
description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index 810a8e3505..231acb67b1 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -2,7 +2,7 @@
title: 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. (Windows 10)
description: Describes security event 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index 07c9814a3b..ce127dad94 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -2,7 +2,7 @@
title: 5033(S) The Windows Firewall Driver has started successfully. (Windows 10)
description: Describes security event 5033(S) The Windows Firewall Driver has started successfully.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5033(S): The Windows Firewall Driver has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index 24d743030c..52c8c2522d 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -2,7 +2,7 @@
title: 5034(S) The Windows Firewall Driver was stopped. (Windows 10)
description: Describes security event 5034(S) The Windows Firewall Driver was stopped.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5034(S): The Windows Firewall Driver was stopped.
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index d7e93f5982..3cf63d5224 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -2,7 +2,7 @@
title: 5035(F) The Windows Firewall Driver failed to start. (Windows 10)
description: Describes security event 5035(F) The Windows Firewall Driver failed to start.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5035(F): The Windows Firewall Driver failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index 4ab5e11cee..bf6d42a9ef 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -2,7 +2,7 @@
title: 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating. (Windows 10)
description: Describes security event 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 30c1790eb9..3b4aa0d998 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -2,7 +2,7 @@
title: 5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10)
description: Describes security event 5038(F) Code integrity determined that the image hash of a file isn't valid.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index accfc3ae8f..e1f249411a 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -2,7 +2,7 @@
title: 5039(-) A registry key was virtualized. (Windows 10)
description: Describes security event 5039(-) A registry key was virtualized. This event is generated when a registry key is virtualized using LUAFV.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5039(-): A registry key was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index bf06c3d611..79d4e4b789 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -2,7 +2,7 @@
title: 5051(-) A file was virtualized. (Windows 10)
description: Describes security event 5051(-) A file was virtualized. This event is generated when a file is virtualized using LUAFV.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5051(-): A file was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index 5059d50c64..bac056b217 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -2,7 +2,7 @@
title: 5056(S) A cryptographic self-test was performed. (Windows 10)
description: Describes security event 5056(S) A cryptographic self-test was performed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5056(S): A cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index 04d22f10de..2013fda273 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -2,7 +2,7 @@
title: 5057(F) A cryptographic primitive operation failed. (Windows 10)
description: Describes security event 5057(F) A cryptographic primitive operation failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5057(F): A cryptographic primitive operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index 4d8c8989e1..2dae2d1e2f 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -2,7 +2,7 @@
title: 5058(S, F) Key file operation. (Windows 10)
description: Describes security event 5058(S, F) Key file operation. This event is generated when an operation is performed on a file that contains a KSP key.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 5058(S, F): Key file operation.
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index d7765406fd..26c41df186 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.technology: windows-sec
@@ -35,36 +35,36 @@ It typically generates when network adapter connects to new wireless network.
```
-
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. |
| DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10, Windows Server 2008 R2, and later operating systems don't support DES by default. |
| RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function
Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.|
-| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
-| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
+| AES128_HMAC_SHA1| Advanced Encryption Standard in 128-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
+| AES256_HMAC_SHA1| Advanced Encryption Standard in 256-bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).
Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003.
Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. |
| Future encryption types| Reserved by Microsoft for other encryption types that might be implemented.|
### Possible values
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 017c6efed4..6fb0bc171f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Do not store LAN Manager hash value on next password change
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
index 8a8e65589d..dc9aebbb8c 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
ms.assetid: 64d5dde4-58e4-4217-b2c4-73bd554ec926
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Force logoff when logon hours expire
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
index 290d68e275..af10a9974a 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
ms.assetid: bbe1a98c-420a-41e7-9d3c-3a2fe0f1843e
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: LAN Manager authentication level
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
index 649f86484d..4dcdc81aa0 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: LDAP client signing requirements
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index 499f48df37..9c3d1d2f2a 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, Network se
ms.assetid: 89903de8-23d0-4e0f-9bef-c00cb7aebf00
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/27/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index fc3ecf9874..469bd9cf39 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -4,7 +4,7 @@ description: Best practices and security considerations for the policy setting,
ms.assetid: c6a60c1b-bc8d-4d02-9481-f847a411b4fc
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index af088813c3..4ce6039624 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
ms.assetid: 9b017399-0a54-4580-bfae-614c2beda3a1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index 3da17e661a..61a85682bd 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
ms.assetid: 2f981b68-6aa7-4dd9-b53d-d88551277cc0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Add server exceptions in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index 121bd4e52c..b390537f8b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
ms.assetid: 37e380c2-22e1-44cd-9993-e12815b845cf
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Audit incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index f616cf866d..b7024f8999 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Audit NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index cd6e29ccca..21e4daa313 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index ec2ca5785a..02de52f636 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index f63a2f7737..4158c8dff7 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/15/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
@@ -94,7 +94,7 @@ There are no security audit event policies that can be configured to view event
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
-NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
+NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
### Vulnerability
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index b5e775ba1a..77c03aaea0 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Password must meet complexity requirements
diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index aa39b49609..d4894e3791 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -4,7 +4,7 @@ description: An overview of password policies for Windows and links to informati
ms.assetid: aec1220d-a875-4575-9050-f02f9c54a3b6
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Password Policy
diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
index e393a2ba86..310b057751 100644
--- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
ms.assetid: b6990813-3898-43e2-8221-c9c06d893244
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Perform volume maintenance tasks
diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
index 628658209d..a98135713c 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
ms.assetid: c0963de4-4f5e-430e-bfcd-dfd68e66a075
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Profile single process
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index 6e85e42483..f8db801710 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System set
ms.assetid: 2380d93b-b553-4e56-a0c0-d1ef740d089c
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# System settings: Use certificate rules on Windows executables for Software Restriction Policies
diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
index e2f1047e2a..563b7b38aa 100644
--- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
ms.assetid: cb8595d1-74cc-4176-bb15-d97663eebb2d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Take ownership of files or other objects
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index 01a701fa23..32ff199d90 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Admin Approval Mode for the Built-in Administrator account
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index 3c9892061b..bb6ff605e9 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -4,7 +4,7 @@ description: Best practices and more for the policy setting, User Account Contro
ms.assetid: fce20472-3c93-449d-b520-13c4c74a9892
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index b72a730982..867ff0c857 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, User Accou
ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index 4e9e8b0579..c80cd46fc4 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations, and more for t
ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/11/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Behavior of the elevation prompt for standard users
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index 516b0424de..157dbcb839 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the security policy setting
ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Detect application installations and prompt for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 25867ee997..94940efabd 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
ms.assetid: 64950a95-6985-4db6-9905-1db18557352d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Only elevate executables that are signed and validated
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index 6ac53e9a3c..59e27064f3 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the policy setting, User Ac
ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Only elevate UIAccess applications that are installed in secure locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index 23869703bb..b246a0c52c 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Run all administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index ebfed79966..bff51aac66 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
ms.assetid: 77a067db-c70d-4b02-9861-027503311b8b
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Switch to the secure desktop when prompting for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index 20f35bb912..2d7c126bdf 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the policy set
ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Account Control: Virtualize file and registry write failures to per-user locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index db266406f6..85b060886d 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -4,7 +4,7 @@ description: Provides an overview and links to information about the User Rights
ms.assetid: 99340252-60be-4c79-b0a5-56fbe1a9b0c5
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 12/16/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# User Rights Assignment
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
index cdf0f0ff3b..707538f309 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jsuther1974
ms.author: vinpa
manager: aaroncz
ms.date: 04/29/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Testing and Debugging AppId Tagging Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
index e248c9e0b0..ae3272781f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@@ -1,7 +1,7 @@
---
title: Deploying Windows Defender Application Control AppId tagging policies
description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
ms.collection: M365-security-compliance
author: jgeurten
@@ -9,7 +9,7 @@ ms.reviewer: jsuther1974
ms.author: vinpa
manager: aaroncz
ms.date: 04/29/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Deploying Windows Defender Application Control AppId tagging policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
index d6009f347f..cea2b2e0d7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jsuther1974
ms.author: vinpa
manager: aaroncz
ms.date: 04/29/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Creating your WDAC AppId Tagging Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
index 2e2b7b42ff..a2d2da6611 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
@@ -3,7 +3,7 @@ title: Designing, creating, managing and troubleshooting Windows Defender Applic
description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
keywords: security, malware, firewall
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jsuther1974
ms.author: vinpa
manager: aaroncz
ms.date: 04/27/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# WDAC Application ID (AppId) Tagging guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 51c7297d9b..7a948159c8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -3,7 +3,7 @@ title: Allow LOB Win32 Apps on Intune-Managed S Mode Devices (Windows)
description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S mode base policy on your Intune-managed devices.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 10/30/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Allow Line-of-Business Win32 Apps on Intune-Managed S Mode Devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index ea7572399f..af08583111 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy (Windows)
description: You can allow COM object registration in a Windows Defender Application Control policy.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ author: vinaypamnani-msft
ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Allow COM object registration in a Windows Defender Application Control policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 6c0f8cb8ce..999e12d065 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to update your existi
ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Add rules for packaged apps to existing AppLocker rule-set
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
index b9b2bad633..15f67c37ac 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals provides links to specific procedur
ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/28/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Administer AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
index 7e986fb781..d7fe255d6d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@@ -4,7 +4,7 @@ description: This topic for IT professional describes AppLocker’s basic archit
ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker architecture and components
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
index 1b538c2c51..1e52c126e4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
@@ -4,7 +4,7 @@ description: This article for the IT professional lists the functions and securi
ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker functions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index 4f3cd306be..b2435f908b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -4,7 +4,7 @@ description: This topic provides a description of AppLocker and can help you dec
ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/16/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index 34ee97d75b..3e68795be1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals introduces the concepts and describ
ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index 6a92928800..fa42cc82dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional introduces the design and planni
ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker design guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
index f5868aae15..1d908e2f8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists the various application co
ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker policy use scenarios
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
index 7836f6cb61..e70885a1a5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the process dependenci
ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker processes and interactions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
index 2b4b803773..a0c355bef9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists the settings used by AppLo
ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker settings
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
index c437de9b47..73fea32c43 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
@@ -4,7 +4,7 @@ description: This overview topic for IT professionals provides links to the topi
ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# AppLocker technical reference
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
index 43bf3a0b1b..149ca60ce9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to set AppLocker poli
ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/08/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Configure an AppLocker policy for audit only
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
index 1190773b0d..e151e8190f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to enable the A
ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Configure an AppLocker policy for enforce rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
index a4175fe3fb..212cde1127 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to specify whic
ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Add exceptions for an AppLocker rule
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
index fa0f8111b2..45720da1ec 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the steps to create an
ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Configure the AppLocker reference device
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index f2281e9d24..62e3f5bbe7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -5,7 +5,7 @@ ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
ms.reviewer:
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/01/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Configure the Application Identity service
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index 5ac6b88d03..ba45e341f1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -4,7 +4,7 @@ description: This article for IT professionals shows how to create an AppLocker
ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a rule for packaged apps
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index 0c5c51431d..3b7d3855c4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a rule that uses a file hash condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
index f594af17a2..11d5a05373 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a rule that uses a path condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
index f94bd92046..72e43ee33a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a rule that uses a publisher condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
index b5ec324e43..5efaa6ef5c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to create a sta
ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create AppLocker default rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index fd7ef676ab..d99ffe4b82 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -4,7 +4,7 @@ description: This topic describes the process of gathering app usage requirement
ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a list of apps deployed to each business group
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
index e54769e466..e32ce48432 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -4,7 +4,7 @@ description: This overview topic for the IT professional describes the steps to
ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create Your AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
index 40fd630f9e..6de23bb531 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes what you need to know
ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create Your AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index 93b5bfcce1..66f6c0a203 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -4,7 +4,7 @@ description: This article for IT professionals describes the steps to delete an
ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/09/2020
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Delete an AppLocker rule
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index d110f3dbab..5268d11b52 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to deploy AppLo
ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Deploy AppLocker policies by using the enforce rules setting
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
index 374248651d..4fd68a84b7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the tasks that should
ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Deploy the AppLocker policy into production
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
index f45c9348b4..d650a66317 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -4,7 +4,7 @@ description: This overview topic describes the process to follow when you're pla
ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Determine the Group Policy structure and rule enforcement
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index becadb7f0a..3b7faa4248 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to use AppLocker l
ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Determine which apps are digitally signed on a reference device
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index ab778e7e27..04f8f5ea63 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -4,7 +4,7 @@ description: Determine which applications to control and how to control them by
ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Determine your application control objectives
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index ed21869880..7a8f7e4cb7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -5,7 +5,7 @@ ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
ms.reviewer:
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Display a custom URL message when users try to run a blocked app
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index 87c6472d4b..78b0bc09bc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# DLL rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 076ca5099e..dea2bf1d1d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -4,7 +4,7 @@ description: This planning topic describes what you need to investigate, determi
ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
@@ -15,7 +15,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.pagetype: security
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Document the Group Policy structure and AppLocker rule enforcement
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index 313d459533..ff4be0a01c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -4,7 +4,7 @@ description: This planning topic describes the app information that you should d
ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Document your app list
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
index 8108aba233..6ea771b3b1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -4,7 +4,7 @@ description: Learn how to document your AppLocker rules and associate rule condi
ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Document your AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
index cbee3198d1..68e95db030 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps required to mod
ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Edit an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
index 012250699e..866659b54e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to edit a publi
ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Edit AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
index 342ef58154..ae11ea5a92 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to enable the D
ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Enable the DLL rule collection
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
index 2d5dcfa991..e614c2ebfd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to enforce applicatio
ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Enforce AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
index e693b917b0..bad5f25658 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Executable rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
index 1a8ecaf384..6c98a90cfb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to export an Ap
ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Export an AppLocker policy from a GPO
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
index b6f0fcba38..a5aef1b467 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to export an Ap
ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Export an AppLocker policy to an XML file
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
index 5852b201e6..ca2337fc34 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional provides links to topics about A
ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# How AppLocker works
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
index afedd848c3..1fd9ead2c1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to import an AppLocke
ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Import an AppLocker policy from another computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
index d215c84407..13d9a01b2a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to import an Ap
ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Import an AppLocker policy into a GPO
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 2e3059c857..2b4cef69e3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -4,7 +4,7 @@ description: Learn how to maintain rules within AppLocker policies. View common
ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
index 04206c6d54..4c2f33327f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
@@ -4,7 +4,7 @@ description: Learn concepts and lists procedures to help you manage packaged app
ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Manage packaged apps with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 85cc225094..56dcf21cac 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to merge AppLoc
ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Merge AppLocker policies by using Set-ApplockerPolicy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
index fd45a8a42c..fdb57686ce 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to manually mer
ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Merge AppLocker policies manually
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index a9092f169c..b38259298d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to monitor app usage
ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Monitor app usage with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
index f481f86ce2..182265d2e4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to optimize AppLocker
ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Optimize AppLocker performance
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index 25c01eb30d..f771463944 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker rule collection for packaged app
ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/13/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Packaged apps and packaged app installer rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 3106e7eb8c..c60158c407 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -4,7 +4,7 @@ description: This topic describes the decisions you need to make to establish th
ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Plan for AppLocker policy management
@@ -72,7 +72,7 @@ For steps to display a custom URL for the message, see [Display a custom URL mes
**AppLocker event management**
-Each time that a process requests permission to run, AppLocker creates an event in the AppLocker event log. The event details which was the file that tried to run, the attributes of that file, the user that initiated the request, and the rule GUID that was used to make the AppLocker execution decision. The
+Each time that a process requests permission to run, AppLocker creates an event in the AppLocker event log. The event details which was the file that tried to run, the attributes of that file, the user that initiated the request, and the rule GUID that was used to make the AppLocker execution decision. The
AppLocker event log is located in the following path: **Applications and Services Logs\\Microsoft\\Windows\\AppLocker**. The AppLocker log includes three logs:
1. **EXE and DLL**. Contains events for all files affected by the executable and DLL rule collections (.exe, .com, .dll, and .ocx).
@@ -85,11 +85,11 @@ Collecting these events in a central location can help you maintain your AppLock
As new apps are deployed or existing apps are updated by the software publisher, you'll need to make revisions to your rule collections to ensure that the policy is current.
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013).
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013).
> [!IMPORTANT]
> You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
-
+
**New version of a supported app**
When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you're using publisher conditions and the version isn't specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app hasn't altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version—the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied.
@@ -116,7 +116,7 @@ A file could be blocked for three reasons:
- There may be an existing rule that was created for the file that is too restrictive.
- A deny rule, which can't be overridden, is explicitly blocking the file.
-Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791793(v=ws.10)) (https://go.microsoft.com/fwlink/p/?LinkId=160269).
+Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791793(v=ws.10)).
## Record your findings
@@ -165,7 +165,7 @@ The following table is an example of what to consider and record.
|--- |--- |--- |--- |--- |
|Bank Tellers|Forwarded to: AppLocker Event Repository on srvBT093|Standard|None|Standard|
|Human Resources|DO NOT FORWARD. srvHR004|60 months|Yes, summary reports monthly to managers|Standard|
-
+
Policy maintenance policy
When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies.
The following table is an example of what to consider and record.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
index a0be9442c5..4b3bb3f464 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to force an upd
ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Refresh an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index c3de7dcc3e..e2d6dd1988 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -4,7 +4,7 @@ description: This deployment topic for the IT professional lists the requirement
ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Requirements for deploying AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index 2053dc727e..b92733030c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists software requirements to u
ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Requirements to use AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
index 6fd6a3a17a..d1c53d1412 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes steps to run the wizard t
ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Run the Automatically Generate Rules wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
index f73f481981..772023138c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This article describes the file formats and available default rules
ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/15/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Script rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
index 4ac9ca4172..70b10a3c46 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the security considera
ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Security considerations for AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
index 93a5f15fbe..a9a7edb8f8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
@@ -4,7 +4,7 @@ description: This topic lists resources you can use when selecting your applicat
ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Select the types of rules to create
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index c253a8cd0d..8580a543c2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to test an AppL
ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Test an AppLocker policy by using Test-AppLockerPolicy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
index 20c8807049..35e67a8b9a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic discusses the steps required to test an AppLocker policy
ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Test and update an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
index 26aa252ce6..11c1b53405 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the tools available to
ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Tools to use with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
index 34a4113aa1..6f70f979bd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
@@ -4,7 +4,7 @@ description: This topic describes the AppLocker enforcement settings for rule co
ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understand AppLocker enforcement settings
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index b9bd16f418..92d977ca6a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -4,7 +4,7 @@ description: Review some common considerations while you're planning to use AppL
ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/13/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understand AppLocker policy design decisions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index 3604d9fa73..80ca82b196 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how application contro
ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understand AppLocker rules and enforcement setting inheritance in Group Policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
index 2f4ad091be..3ea8eca627 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@@ -4,7 +4,7 @@ description: This planning and deployment topic for the IT professional describe
ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understand the AppLocker policy deployment process
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index 8cb3dbb534..8991037f4d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -4,7 +4,7 @@ description: This topic explains the differences between allow and deny actions
ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker allow and deny actions on rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
index ba9d28442d..359939ee32 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professional describes the set of rules that can
ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker default rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
index 9aa30d5871..303e8de3de 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
@@ -4,7 +4,7 @@ description: This topic describes how AppLocker rules are enforced by using the
ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker rule behavior
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
index 41c8ce1282..0b4db784ac 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
@@ -4,7 +4,7 @@ description: This topic explains the five different types of AppLocker rules use
ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker rule collections
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
index f6ad12a085..ae9f22bb2a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the three types of App
ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker rule condition types
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
index 08ec6175fd..0920f34c34 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
@@ -4,7 +4,7 @@ description: This topic describes the result of applying AppLocker rule exceptio
ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding AppLocker rule exceptions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 309413ceee..29453e1b5c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker file hash rule condition, the adv
ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding the file hash rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index 12c2b4fe3a..1760a6c905 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker path rule condition, the advantag
ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding the path rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index a9ded601fa..68e7b5b770 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker publisher rule condition, what co
ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding the publisher rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index 0c36d76a1f..77c83a4efb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -3,7 +3,7 @@ title: Use a reference device to create and maintain AppLocker policies (Windows
description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
ms.reviewer:
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use a reference device to create and maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 33fd27fc50..67142745ef 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes concepts and procedures t
ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use AppLocker and Software Restriction Policies in the same domain
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 89de902770..aca8d806d7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how each AppLocker Window
ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use the AppLocker Windows PowerShell cmdlets
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index 19458879ae..886cd66d27 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic lists AppLocker events and describes how to use Event Vi
ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Using Event Viewer with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index e066f48a28..c407320e8f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to use Software Re
ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use Software Restriction Policies and AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index 32770dbace..ecbdc3515e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes what AppLocker is and
ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# What Is AppLocker?
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
index 38655935cf..f6718a2f98 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Windows Installer rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
index 79ed0dd7e7..b2045a212e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals provides links to procedural topics
ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Working with AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index d7a8d5162f..e5b9ec21cc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -5,7 +5,7 @@ ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -13,7 +13,7 @@ author: vinaypamnani-msft
ms.localizationpriority: medium
msauthor: v-anbic
ms.date: 08/27/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Working with AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 4e2278d047..1aa3c8a019 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -3,7 +3,7 @@ title: Use audit events to create then enforce WDAC policy rules (Windows)
description: Learn how audits allow admins to discover apps, binaries, and scripts that should be added to a WDAC policy, then learn how to switch that WDAC policy from audit to enforced mode.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 05/03/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use audit events to create WDAC policy rules and Convert **base** policy from audits to enforced
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
index 5af247add0..2dc654001c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
@@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules (Windows)
description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 05/03/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use audit events to create WDAC policy rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 01ab300700..af84836ade 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer (Windows)
description: Explains how to configure a custom Managed Installer.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 08/26/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Automatically allow apps deployed by a managed installer with Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
index f3f83d27d4..9eb2d45bf5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
@@ -3,7 +3,7 @@ title: Managed installer and ISG technical reference and troubleshooting guide (
description: Explains how to configure a custom Manged Installer.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 08/14/2020
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Managed installer and ISG technical reference and troubleshooting guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 4e4f1658bb..6f065d01c8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -3,7 +3,7 @@ title: Create a code signing cert for Windows Defender Application Control (Wind
description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 02/28/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Optional: Create a code signing cert for Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
index eefa0fddb5..a7ea499e26 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer (Windows)
description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 08/08/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a WDAC policy using a reference computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
index 914f3e69f5..4e2096d5c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
@@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
description: Explains how to create WDAC deny policies
keywords: WDAC, policy
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -14,7 +14,7 @@ author: jgeurten
ms.reviewer: jsuther1974
ms.author: vinpa
manager: aaroncz
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Guidance on Creating WDAC Deny Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 9871b7cbf5..87d2d36eb1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -4,7 +4,7 @@ description: Windows Defender Application Control restricts which applications u
keywords: security, malware
ms.topic: conceptual
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -16,7 +16,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 11/20/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a WDAC policy for fully managed devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index e0d19fe8da..378ee082a0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -4,7 +4,7 @@ description: Windows Defender Application Control restricts which applications u
keywords: security, malware
ms.topic: conceptual
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -16,7 +16,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 08/10/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a WDAC policy for lightly managed devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index f6314a8424..2882d6d02c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -3,7 +3,7 @@ title: Deploy catalog files to support Windows Defender Application Control (Win
description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jgeurten
ms.author: vinpa
manager: aaroncz
ms.date: 02/28/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Deploy catalog files to support Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index d4dc55b27e..eb4d4fdceb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies (Windows)
description: Windows Defender Application Control supports multiple code integrity policies for one device.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 07/19/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Use multiple Windows Defender Application Control Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
index feb0895f8a..1702db9877 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
@@ -1,8 +1,8 @@
---
title: Deploy Windows Defender Application Control policies with Configuration Manager
description: You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
ms.collection: M365-security-compliance
author: jgeurten
ms.reviewer: aaroncz
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 369149227c..99481638a6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -2,7 +2,7 @@
title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows)
description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
keywords: security, malware
-ms.prod: m365-security
+ms.prod: windows-client
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
@@ -11,7 +11,7 @@ ms.author: jogeurte
ms.manager: jsuther
manager: aaroncz
ms.date: 10/06/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
ms.topic: article
ms.localizationpriority: medium
---
@@ -82,7 +82,7 @@ You should now have one or more WDAC policies converted into binary form. If not
## Deploying signed policies
-In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
+If you are using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the steps outlined above. Unsigned WDAC policies do not need to be present in the EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically.
1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt:
@@ -90,8 +90,9 @@ In addition to the steps outlined above, the binary policy file must also be cop
$MountPoint = 'C:\EFIMount'
$EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active"
$EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
+ if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
mountvol $MountPoint $EFIPartition
- mkdir $EFIDestinationFolder
+ if (-Not (Test-Path $EFIDestinationFolder)) { New-Item -Path $EFIDestinationFolder -Type Directory -Force }
```
2. Copy the signed policy to the created folder:
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
index 48ebdd4db4..3ff41f6ec0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
@@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy (Windows)
description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 10/06/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Deploy Windows Defender Application Control policies by using Group Policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index fc09a71c05..157e08e8e7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -3,7 +3,7 @@ title: Disable Windows Defender Application Control policies (Windows)
description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 05/03/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Disable Windows Defender Application Control policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
index da83fa7b8e..b7c381d70d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@@ -2,7 +2,7 @@
title: Enforce Windows Defender Application Control (WDAC) policies (Windows)
description: Learn how to switch a WDAC policy from audit to enforced mode.
keywords: security, malware
-ms.prod: m365-security
+ms.prod: windows-client
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
@@ -11,7 +11,7 @@ ms.author: jogeurte
ms.manager: jsuther
manager: aaroncz
ms.date: 04/22/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index f4a34af223..abe6093543 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -1,8 +1,8 @@
---
title: Understanding Application Control event IDs
description: Learn what different Windows Defender Application Control event IDs signify.
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
ms.localizationpriority: medium
ms.collection: M365-security-compliance
author: jsuther1974
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index c14d69350c..ee37a71bca 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -3,7 +3,7 @@ title: Understanding Application Control event tags (Windows)
description: Learn what different Windows Defender Application Control event tags signify.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 07/13/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Understanding Application Control event tags
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
index f5d4aaa3cd..6abeab5887 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@@ -4,7 +4,7 @@ description: When creating a WDAC policy for an organization, start from one of
keywords: security, malware
ms.topic: article
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -16,7 +16,7 @@ ms.reviewer: jogeurte
ms.author: vinpa
manager: aaroncz
ms.date: 08/05/2022
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Windows Defender Application Control (WDAC) example base policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 06470901cd..49ba15bfb5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -1,8 +1,8 @@
---
title: Windows Defender Application Control feature availability
description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability.
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
ms.localizationpriority: medium
ms.collection: M365-security-compliance
author: jgeurten
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
index 72d6dc93df..77933f3967 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC (Windows)
description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: vinpa
manager: aaroncz
ms.date: 05/29/2020
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Manage Packaged Apps with Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
index f31db0823f..19737f5a29 100644
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
@@ -2,7 +2,7 @@
title: Merge Windows Defender Application Control policies (WDAC) (Windows)
description: Learn how to merge WDAC policies as part of your policy lifecycle management.
keywords: security, malware
-ms.prod: m365-security
+ms.prod: windows-client
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
@@ -11,7 +11,7 @@ ms.author: jogeurte
ms.manager: jsuther
manager: aaroncz
ms.date: 04/22/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 18954c0597..c8830ac741 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -3,7 +3,7 @@ title: Microsoft recommended driver block rules (Windows)
description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
keywords: security, malware, kernel mode, driver
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -11,10 +11,10 @@ ms.localizationpriority: medium
audience: ITPro
ms.collection: M365-security-compliance
author: jgeurten
-ms.reviewer: isbrahm
+ms.reviewer: jsuther
ms.author: vinpa
manager: aaroncz
-ms.date: 10/07/2022
+ms.date: 10/18/2022
---
# Microsoft recommended driver block rules
@@ -36,25 +36,28 @@ Microsoft has strict requirements for code running in kernel. So, malicious acto
Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). For more information about driver submission, see [Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center](https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article.
+> [!NOTE]
+> Blocking drivers can cause devices or software to malfunction, and in rare cases, lead to blue screen. The vulnerable driver blocklist is not guaranteed to block every driver found to have vulnerabilities. Microsoft attempts to balance the security risks from vulnerable drivers with the potential impact on compatibility and reliability to produce the blocklist. As always, Microsoft recommends using an explicit allow list approach to security wherever possible.
+
## Microsoft vulnerable driver blocklist
-With Windows 11 2022 update, the vulnerable driver blocklist is enabled by default for all devices, and can be turned on or off via the [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2) app. The vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices.
+With Windows 11 2022 update, the vulnerable driver blocklist is enabled by default for all devices, and can be turned on or off via the [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2) app. Except on Windows Server 2016, the vulnerable driver blocklist is also enforced when either memory integrity (also known as hypervisor-protected code integrity or HVCI), Smart App Control, or S mode is active. Users can opt in to HVCI using the Windows Security app, and HVCI is on by-default for most new Windows 11 devices.
> [!NOTE]
> The option to turn Microsoft's vulnerable driver blocklist on or off using the [Windows Security](https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2) app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
-The blocklist is updated with each new major release of Windows. We plan to update the current blocklist for non-Windows 11 customers in an upcoming servicing release and will occasionally publish future updates through regular Windows servicing.
+The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.
Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies.
## Blocking vulnerable drivers using WDAC
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
> [!IMPORTANT]
-> Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from being loaded, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy prevents the existing driver from being loaded.
+> Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy will prevent the existing driver from loading.
| September 2022
|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows 10 | [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
[21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353)
[20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
[1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
[1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| December 2021
May 2021
December 2020
October 2018
October 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724)
[21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
[21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353)
[20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
[1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
[1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022
December 2021
May 2021
December 2020
October 2018
October 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 3fb82ea906..3b281b0dbb 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -1,7 +1,7 @@
---
title: Microsoft Security Compliance Toolkit 1.0 Guide
description: This article describes how to use Security Compliance Toolkit 1.0 in your organization
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
ms.author: vinpa
author: vinaypamnani-msft
@@ -10,7 +10,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/14/2022
ms.reviewer: rmunck
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Microsoft Security Compliance Toolkit 1.0 - How to use
@@ -28,6 +28,7 @@ The Security Compliance Toolkit consists of:
- Windows 11, version 22H2
- Windows 11, version 21H2
- Windows 10 security baselines
+ - Windows 10, version 22H2
- Windows 10, version 21H2
- Windows 10, version 21H1
- Windows 10, version 20H2
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index 20a7602001..160acacf0a 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -1,7 +1,7 @@
---
title: Security baselines guide
description: Learn how to use security baselines in your organization.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
ms.author: vinpa
author: vinaypamnani-msft
@@ -10,7 +10,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/26/2022
ms.reviewer: jmunck
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Security baselines
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 5d691021f8..faa61e8726 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -1,7 +1,7 @@
---
title: Windows 10 Enterprise LTSC
description: New and updated IT Pro content about new features in Windows 10, LTSC (also known as Windows 10 LTSB).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index 94de09d07a..cddd5c8950 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -4,7 +4,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2015 (also known as Windows 10 Enterprise 2015 LTSB).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 74fe44632b..2f55f78bd5 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -4,7 +4,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2016 (also known as Windows 10 Enterprise 2016 LTSB).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: low
ms.topic: article
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index f915846669..48729619f0 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -4,7 +4,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2019 (also known as Windows 10 Enterprise 2019 LTSB).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index d79885ad46..d45131b809 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -4,7 +4,7 @@ ms.reviewer:
manager: dougeby
ms.author: aaroncz
description: New and updated IT Pro content about new features in Windows 10 Enterprise LTSC 2021.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.localizationpriority: low
ms.topic: article
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index 5078ed991a..f96c6387bf 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -2,7 +2,7 @@
title: What's new in Windows 10, versions 1507 and 1511 (Windows 10)
description: What's new in Windows 10 for Windows 10 (versions 1507 and 1511)?
ms.reviewer:
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
manager: dougeby
ms.author: aaroncz
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index 981388e744..61009f9d89 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1607 (Windows 10)
description: What's new in Windows 10 for Windows 10 (version 1607)?
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.reviewer:
author: aczechowski
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index c6f958b3fe..f91dd12313 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1703
description: New and updated features in Windows 10, version 1703 (also known as the Creators Updated).
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.reviewer:
author: aczechowski
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index 4e26d46510..ee7222900f 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1709
description: New and updated features in Windows 10, version 1709 (also known as the Fall Creators Update).
-ms.prod: w10
+ms.prod: windows-client
ms.reviewer:
author: aczechowski
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 1067c47c88..b1aaf69503 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1803
description: New and updated features in Windows 10, version 1803 (also known as the Windows 10 April 2018 Update).
-ms.prod: w10
+ms.prod: windows-client
ms.reviewer:
author: aczechowski
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index 92e1871b97..7f151bdfcf 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -2,7 +2,7 @@
title: What's new in Windows 10, version 1809
ms.reviewer:
description: Learn about features for Windows 10, version 1809, including features and fixes included in previous cumulative updates to Windows 10, version 1803.
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
manager: dougeby
ms.author: aaroncz
diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md
index 4dbfe4141b..048526a784 100644
--- a/windows/whats-new/whats-new-windows-10-version-1903.md
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1903
description: New and updated features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md
index 4ca266485c..6c1efb18d1 100644
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 1909
description: New and updated features in Windows 10, version 1909 (also known as the Windows 10 November 2019 Update).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index e0d940dbf9..ce5cb2cd4b 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 2004
description: New and updated features in Windows 10, version 2004 (also known as the Windows 10 May 2020 Update).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md
index 14b2588859..3a35dafa98 100644
--- a/windows/whats-new/whats-new-windows-10-version-20H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-20H2.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 20H2
description: New and updated features in Windows 10, version 20H2 (also known as the Windows 10 October 2020 Update).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md
index f598d1913b..1edaf57d80 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H1.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H1.md
@@ -1,7 +1,7 @@
---
title: What's new in Windows 10, version 21H1
description: New and updated features in Windows 10, version 21H1 (also known as the Windows 10 May 2021 Update).
-ms.prod: w10
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
index da72022d30..3e965fd0a1 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H2.md
@@ -2,7 +2,7 @@
title: What's new in Windows 10, version 21H2 for IT pros
description: Learn more about what's new in Windows 10 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
manager: dougeby
-ms.prod: w10
+ms.prod: windows-client
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index 0af8ec6113..ba75d6dbc6 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -2,7 +2,7 @@
title: What's new in Windows 11, version 22H2 for IT pros
description: Learn more about what's new in Windows 11 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
manager: dougeby
-ms.prod: w10
+ms.prod: windows-client
ms.author: mstewart
author: mestew
ms.localizationpriority: medium
diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md
index 61a499904f..9f9114f7ef 100644
--- a/windows/whats-new/windows-10-insider-preview.md
+++ b/windows/whats-new/windows-10-insider-preview.md
@@ -1,7 +1,7 @@
---
title: Documentation for Windows 10 Insider Preview (Windows 10)
description: Preliminary documentation for some Windows 10 features in Insider Preview.
-ms.prod: w10
+ms.prod: windows-client
author: dansimp
ms.date: 04/14/2017
ms.reviewer:
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 2c6b25ecff..8184fe2b9e 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -1,7 +1,7 @@
---
title: Plan for Windows 11
description: Windows 11 deployment planning, IT Pro content.
-ms.prod: w11
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 7967b76c83..7cf00b9522 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -1,7 +1,7 @@
---
title: Prepare for Windows 11
description: Prepare your infrastructure and tools to deploy Windows 11, IT Pro content.
-ms.prod: w11
+ms.prod: windows-client
author: aczechowski
ms.author: aaroncz
manager: dougeby
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index fe1621a610..f7a02bf116 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -1,10 +1,10 @@
---
title: Windows 11 requirements
description: Hardware requirements to deploy Windows 11
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
-ms.prod: w11
+manager: aaroncz
+author: mestew
+ms.author: mstewart
+ms.prod: windows-client
ms.localizationpriority: medium
ms.topic: article
ms.custom: seo-marvel-apr2020
@@ -82,7 +82,10 @@ The following configuration requirements apply to VMs running Windows 11.
- Generation: 2 \*
- Storage: 64 GB or greater
-- Security: Secure Boot capable, virtual TPM enabled
+- Security:
+ - Azure: [Trusted launch](/azure/virtual-machines/trusted-launch) with vTPM and secure boot enabled
+ - Hyper-V: [Secure boot and TPM enabled](/windows-server/virtualization/hyper-v/learn-more/Generation-2-virtual-machine-security-settings-for-Hyper-V#secure-boot-setting-in-hyper-v-manager)
+ - General settings: Secure boot capable, virtual TPM enabled
- Memory: 4 GB or greater
- Processor: Two or more virtual processors
@@ -91,7 +94,7 @@ The VM host CPU must also meet Windows 11 [processor requirements](/windows-hard
\* In-place upgrade of existing generation 1 VMs to Windows 11 isn't possible.
> [!NOTE]
-> Procedures to configure required VM settings depend on the VM host type. For VM hosts running Hyper-V, virtualization (VT-x, VT-d) must be enabled in BIOS. Virtual TPM 2.0 is emulated in the guest VM independent of the Hyper-V host TPM presence or version.
+> Procedures to configure required VM settings depend on the VM host type. For example, VM hosts running Hyper-V, virtualization (VT-x, VT-d) must be enabled in BIOS. Virtual TPM 2.0 is emulated in the guest VM independent of the Hyper-V host TPM presence or version.
## Next steps