deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
jsuther1974 2019-11-05 09:04:59 -08:00 committed by GitHub
commit dae6c96bc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
128 changed files with 2178 additions and 925 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.openpublishing.publish.config.json
View File

@ -8,7 +8,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -40,7 +40,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -56,7 +56,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -88,7 +88,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -120,7 +120,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -136,7 +136,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -200,7 +200,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -232,7 +232,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
@ -280,7 +280,7 @@
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": true,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",

20
.openpublishing.redirection.json
View File

@ -786,11 +786,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction",
"redirect_document_id": true
@ -881,11 +876,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-exploit-guard/prerelease.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prerelease",
"redirect_document_id": true
@ -6046,6 +6036,11 @@
"redirect_url": "/hololens/hololens-recovery",
"redirect_document_id": false
},
{
"source_path": "devices/hololens/holographic-photos-and-video.md",
"redirect_url": "/hololens/holographic-photos-and-videos",
"redirect_document_id": false
},
{
"source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
"redirect_url": "https://docs.microsoft.com/surface-hub/provisioning-packages-for-surface-hub",
@ -15340,6 +15335,11 @@
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
"redirect_document_id": false
}
]
}

1
browsers/edge/docfx.json
View File

@ -35,6 +35,7 @@
"manager": "laurawi",
"ms.prod": "edge",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.microsoft-edge",

1
browsers/internet-explorer/docfx.json
View File

@ -31,6 +31,7 @@
"manager": "laurawi",
"ms.date": "04/05/2017",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.internet-explorer",

14
devices/hololens/TOC.md
View File

@ -23,16 +23,16 @@
## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
# User management and access management
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)
# Navigating Windows Holographic
## [Start menu and mixed reality home](holographic-home.md)
## [Use your voice with HoloLens](hololens-cortana.md)
## [Find and save files](hololens-find-and-save-files.md)
## [Create, share, and view photos and video](holographic-photos-and-video.md)
## [Create, share, and view photos and video](holographic-photos-and-videos.md)
# User management and access management
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)
# Holographic Applications
## [Try 3D Viewer](holographic-3d-viewer-beta.md)
@ -53,6 +53,8 @@
# Update and recovery
## [Join the Windows Insider program](hololens-insider.md)
## [Restart, reset, or recover](hololens-recovery.md)
## [Known issues](hololens-known-issues.md)
## [Frequently asked questions](hololens-faq.md)
# [Give us feedback](hololens-feedback.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

3
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -6,8 +6,9 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
audience: ITPro
ms.localizationpriority: medium
ms.date: 9/3/19
ms.date: 10/30/2019
ms.reviewer:
manager: jarrettr
appliesto:

2
devices/hololens/holographic-custom-apps.md
View File

@ -35,7 +35,6 @@ You can install your own applications on HoloLens either by using the Device Por
> Make sure to reference any associated dependency and certificate files.
1. Select **Go**.
![Install app form in Windows Device Portal on Microsoft HoloLens](images/deviceportal-appmanager.jpg)
### Deploying from Microsoft Visual Studio 2015
@ -44,7 +43,6 @@ You can install your own applications on HoloLens either by using the Device Por
1. Open the project's **Properties**.
1. Select the following build configuration: **Master/x86/Remote Machine**.
1. When you select **Remote Machine**:
- Make sure the address points to the Wi-Fi IP address of your HoloLens.
- Set authentication to **Universal (Unencrypted Protocol)**.
1. Build your solution.

53
devices/hololens/holographic-photos-and-video.md
View File

@ -1,53 +0,0 @@
---
title: Create, share, and view photos and video
description: Create, share, and view photos and video
ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
keywords: hololens
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.localizationpriority: high
ms.date: 8/12/19
ms.reviewer:
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Create, share, and view photos and video
Use your HoloLens to take photos and videos that capture the holograms you've placed in your world.
To sync your photos and videos to OneDrive, open the OneDrive app and select **Settings** > **Camera upload**, and then turn on **Camera upload**.
## Take a photo on HoloLens (1st gen)
Use the open the **Start** menu, and then select the Photos app.
Use gaze to position the photo frame, then air tap to take the picture. The picture will be saved to your collection in the Photos app.</p>
Want to snap a quick picture? Press the [volume up and volume down buttons](hololens1-hardware.md#hololens-components) at the same time.
## Take a video on HoloLens (1st gen)
Use the bloom gesture to go to **Start**, then select **Video**. Use gaze to position the video frame, then air tap to start recording. To stop recording, use bloom once. The video will be saved to your collection in the Photos app.
To start recording more quickly, press and hold the volume up and volume down buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons.
> [!TIP]
> You can always have Cortana take a photo or a video for you. Just say "Hey Cortana, take a photo" or "Hey Cortana, take a video." [What else can I say to Cortana?](hololens-cortana.md)
## Find your photos and videos
To see your photos from OneDrive, select **More** > **Settings**, and then turn on **Show my cloud-only content from OneDrive**. (You'll need to sign in to the Photos app with your Microsoft account, if you haven't already.)
To pin a photo or video in your world, open it, then select **Place in mixed world**. Use tap and hold to move it to where you want it.
## Share photos and videos
To share images to a social network, in the Collection view, tap and hold the photo you want to share, then select **Share**. Select **Share Assistant**, then select the app that you want to share to.
You can also share directly from the camera app right after you take a photo&mdash;at the top of the image, select **Share**.

150
devices/hololens/holographic-photos-and-videos.md Normal file
View File

@ -0,0 +1,150 @@
---
title: Capture and manage mixed reality photos and videos
description: Learn how to capture, view, and share mixed reality photos and videos, using HoloLens.
keywords: hololens, photo, video, capture, mrc, mixed reality capture, photos, camera, stream, livestream, demo
ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
ms.prod: hololens
ms.sitesec: library
author: mattzmsft
ms.author: mazeller
ms.topic: article
audience: ITPro
ms.localizationpriority: medium
ms.date: 10/28/2019
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Create mixed reality photos and videos
HoloLens gives users the experience of mixing the real world with the digital world. Mixed reality capture (MRC) lets you capture that experience as a photo or video, or share what you see with others in real-time.
Mixed reality capture uses a first-person point of view so other people can see holograms as you see them. For a third-person point of view, use [spectator view](https://docs.microsoft.com/windows/mixed-reality/spectator-view). Spectator view is especially useful for demos.
While it's fun to share videos amongst friends and colleagues, videos can also help teach other people to use an app or to communicate problems with apps and experiences.
> [!NOTE]
> If you can't launch mixed reality capture experiences and your HoloLens is a work device, check with your system administrator. Access to the camera can be restricted through company policy.
## Capture a mixed reality photo
There are several ways to take a photo of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
### Hardware buttons to take photos
To take a quick photo of your current view, press the volume up and volume down buttons at the same time. This is a bit like the HoloLens version of a screenshot or print screen.
- [Button locations on HoloLens 2](hololens2-hardware.md)
- [Button locations on HoloLens (1st gen)](hololens1-hardware.md#hololens-components)
> [!NOTE]
> Holding the **volume up** and **volume down** buttons for three seconds will start recording a video rather than taking a photo. To stop recording, tap both **volume up** and **volume down** buttons simultaneously.
### Voice commands to take photos
Cortana can also take a picture. Say: "Hey Cortana, take a picture."
### Start menu to take photos
Use the Start gesture to go to **Start**, then select the **camera** icon.
Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to take a photo. You can continue to air tap and capture additional photos. Any photos you capture will be saved to your device.
Use the Start gesture again to end photo capture.
## Capture a mixed reality video
There are several ways to record a video of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
### Hardware buttons to record videos
The quickest way to record a video is to press and hold the **volume up** and **volume down** buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons simultaneously.
> [!NOTE]
> Quickly pressing the **volume up** and **volume down** buttons at the same time will take a photo rather than recording a video.
### Voice to record videos
Cortana can also record a video. Say: "Hey Cortana, start recording." To stop a video, say "Hey Cortana, stop recording."
### Start menu to record videos
Use the Start gesture to go to **Start**, then select the **video** icon. Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to start recording. There will be a three second countdown and your recording will begin.
To stop recording, use the Start gesture and select the highlighted **video** icon. The video will be saved to your device.
> [!NOTE]
> **Applies to HoloLens (1st gen) only**
> The [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018) changes how the Start gesture and Windows button behave on HoloLens (1st gen). Before the update, the Start gesture or Windows button would stop a video recording. After the update, however, the Start gesture or Windows button opens the **Start** menu (or the **quick actions menu** if you are in an immersive app), from which you can select the highlighted **video** icon to stop recording.
## Share what you see in real-time
You can share what you see in HoloLens with friends and colleagues in real-time. There are a few methods available:
1. Connecting to a Miracast-enabled device or adapter to watch on a TV.
1. Using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to watch on a PC
1. Using the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) to watch on a PC.
1. Deploying the [Microsoft Dynamics 365 Remote Assist](https://dynamics.microsoft.com/en-us/mixed-reality/remote-assist) app, which enables front-line workers to stream what they see to a remote expert. The remote expert can then guide the front-line worker verbally or by annotating in their world.
> [!NOTE]
> Sharing what you see via Windows Device Portal or Microsoft HoloLens companion app requires your HoloLens to be in [Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal).
### Stream video with Miracast
Use the Start gesture to go to **Start**, then select the **connect** icon. From the picker that appears, select the Miracast-enabled device or adapter to which you want to connect.
To stop sharing, use the Start gesture and select the highlighted **connect** icon. Because you were streaming, nothing will be saved to your device.
> [!NOTE]
> Miracast support was enabled on HoloLens (1st gen) beginning with the [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018).
### Real time video with Windows Device Portal
Because sharing via Windows Device Portal requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode and navigate Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
### Microsoft HoloLens companion app
Because sharing via the Microsoft HoloLens companion app requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). Then, download the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) and follow the instructions within the app to connect to your HoloLens.
Once the app is set up with your HoloLens, select the **Live stream** option from the app's main menu.
## View your mixed reality photos and videos
Mixed reality photos and videos are saved to the device's "Camera Roll". You can browse the contents of this folder on your HoloLens with the File Explorer app (navigate to Pictures > Camera Roll).
You can also view your mixed reality photos and videos in the Photos app, which is pre-installed on HoloLens. To pin a photo in your world, select it in the Photos app and choose **Place in mixed world**. You can move the photo around your world after it's been placed.
To view and/or save your mixed reality photos and videos on a PC connected to HoloLens, you can use [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture) or your [PC's File Explorer via MTP](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018#new-features-for-hololens).
## Share your mixed reality photos and videos
After capturing a mixed reality photo or video, a preview will appear. Select the **share** icon above the preview to bring up the share assistant. From there, you can select the end point to which you'd like to share that photo or video.
You can also share mixed reality photos and videos from OneDrive, by automatically uploading your mixed reality photos and videos. Open the OneDrive app on HoloLens and sign in with a personal [Microsoft account](https://account.microsoft.com) if you haven't already. Select the **settings** icon and choose **Camera upload**. Turn Camera upload on. Your mixed reality photos and videos will now be uploaded to OneDrive each time you launch the app on HoloLens.
> [!NOTE]
> You can only enable camera upload in OneDrive if youre signed into OneDrive with a personal Microsoft account. If you set up HoloLens with a work or school account, you can add a personal Microsoft account in the OneDrive app to enable this feature.
## Limitations of mixed reality capture
- While using mixed reality capture, the framerate of HoloLens will be halved to 30 Hz.
- Videos have a maximum length of five minutes.
- The resolution of photos and videos may be reduced if the photo/video camera is already in use by another application, while live streaming, or when system resources are low.
## Default file format and resolution
### Default photo format and resolution
| Device | Format | Extension | Resolution |
|----------|----------|----------|----------|
| HoloLens 2 | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 3904x2196px |
| HoloLens (1st gen) | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 1408x792px |
### Recorded video format and resolution
| Device | Format | Extension | Resolution | Speed | Audio |
|----------|----------|----------|----------|----------|----------|
| HoloLens 2 | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1920x1080px | 30fps | 48kHz Stereo |
| HoloLens (1st gen) | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1216x684px | 24fps | 48kHz Stereo |

217
devices/hololens/hololens-FAQ.md Normal file
View File

@ -0,0 +1,217 @@
---
title: Frequently asked questions about HoloLens and holograms
description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources.
keywords: hololens, faq, known issue, help
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
audience: ITPro
ms.localizationpriority: medium
ms.date: 10/30/2019
ms.reviewer:
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# HoloLens and holograms: Frequently asked questions
Here are some answers to questions you might have about using HoloLens, placing holograms, working with spaces, and more.
Any time you're having problems, make sure HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see if that fixes things. And please use the Feedback app to send us info about the issue&mdash;you'll find it on the [**Start** menu](holographic-home.md).
For tips about wearing your HoloLens, see [HoloLens fit and comfort: FAQ](https://support.microsoft.com/help/13405/hololens-fit-and-comfort-faq).
This FAQ addresses the following questions and issues:
<a id="list"></a>
- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around)
- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space)
- [I'm not seeing the holograms I expect to see in my space](#im-not-seeing-the-holograms-i-expect-to-see-in-my-space)
- [I can't place holograms where I want](#i-cant-place-holograms-where-i-want)
- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects)
- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall)
- [When I place a hologram on a wall, it seems to float](#when-i-place-a-hologram-on-a-wall-it-seems-to-float)
- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them)
- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error)
- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures)
- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice)
- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device)
- [I'm having problems with the HoloLens clicker](#im-having-problems-with-the-hololens-clicker)
- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
## My holograms don't look right or are moving around
If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes:
- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors.
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Try walking around and gazing at your surroundings so HoloLens can scan them more completely.
- If you've placed a lot of holograms, try removing some.
If you're still having problems, trying running the Calibration app, which calibrates your HoloLens just for you, to help keep your holograms looking their best. Go to **Settings **>** System **>** Utilities**. Under Calibration, select **Open Calibration**.
[Back to list](#list)
## I see a message that says Finding your space
When HoloLens is learning or loading a space, you might see a brief message that says "Finding your space." If this message continues for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
These messages mean that HoloLens is having trouble mapping your space. When this happens, you'll be able to open apps, but you won't be able to place holograms in your environment.
If you see these messages often, try the following:
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Make sure your device visor is clean. [Learn how](hololens1-hardware.md#care-and-cleaning).
- Make sure you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings **> **Network &amp; Internet** >** Wi-Fi**.
- Try moving more slowly.
[Back to list](#list)
## I'm not seeing the holograms I expect to see in my space
If you don't see holograms you placed, or you're seeing some you don't expect, try the following:
- Try turning on some lights. HoloLens works best in a well-lit space.
- Remove holograms you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
> [!NOTE]
> If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms.
[Back to list](#list)
## I can't place holograms where I want
Here are some things to try if you're having trouble placing holograms:
- Stand about 1 to 3 meters from where you're trying to place the hologram.
- Don't place holograms on black or reflective surfaces.
- Make sure you're in a well-lit room without a lot of direct sunlight.
- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic.
[Back to list](#list)
## Holograms disappear or are encased in other holograms or objects
If you get too close to a hologram, it will temporarily disappear&mdash;just move away from it. Also, if you've placed a lot of holograms close together, some may disappear. Try removing a few.
Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following:
- If the hologram is encased in another hologram, move it to another location: select **Adjust**, then tap and hold to position it.
- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall.
- If you can't move the hologram with gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen it and place it in a new location.
[Back to list](#list)
## I can see holograms that are on the other side of a wall
If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you'll be able to see holograms that are in the next room. Stand 1 to 3 meters from the wall and gaze to scan it.
If HoloLens has problems scanning the wall, it might be because there's a black or reflective object nearby (for example, a black couch or a stainless steel refrigerator). If there is, scan the other side of the wall.
[Back to list](#list)
## When I place a hologram on a wall, it seems to float
Holograms placed on walls will appear to be an inch or so away from the wall. If they appear farther away, try the following:
- Stand 1 to 3 meters from the wall when you place a hologram and face the wall straight on.
- Air tap the wall to reveal the mapping mesh graphic. Make sure the mesh is lined up with the wall. If it isn't, remove the hologram, rescan the wall, and try again.
- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**.
[Back to list](#list)
## Apps appear too close to me when I'm trying to move them
Try walking around and looking at the area where you're placing the app so HoloLens will scan it from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
[Back to list](#list)
## I'm getting a low disk space error
Free up some storage space by doing one or more of the following:
- Remove some of the holograms you've placed, or remove some saved data from within apps. [How do I find my data?](hololens-find-and-save-files.md)
- Delete some pictures and videos in the Photos app.
- Uninstall some apps from your HoloLens. In the All apps list, tap and hold the app you want to uninstall, then select **Uninstall**. (This will also delete any of the app's data stored on the device.)
[Back to list](#list)
## HoloLens doesn't respond to my gestures
To make sure HoloLens can see your gestures, keep your hand in the gesture frame, which extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor will change from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
[Back to list](#list)
## HoloLens doesn't respond to my voice
If Cortana isn't responding to your voice, make sure Cortana is on. In the **All apps** list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
[Back to list](#list)
## I'm having problems pairing or using a Bluetooth device
If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following:
- Go to **Settings** > **Devices** and make sure Bluetooth is turned on. If it is, try turning if off and on again.
- Make sure your Bluetooth device is fully charged or has fresh batteries.
- If you still can't connect, [restart your HoloLens](hololens-recovery.md).
If you're having trouble using a Bluetooth device, make sure it's a supported device. Supported devices include:
- English-language QWERTY Bluetooth keyboards, which can be used anywhere you use the holographic keyboard.
- Bluetooth mice.
- The [HoloLens clicker](hololens1-clicker.md).
Other Bluetooth HID and GATT devices can be paired, but they might require a companion app from Microsoft Store to work with HoloLens.
HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
[Back to list](#list)
## I'm having problems with the HoloLens clicker
Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Additional clicker gestures may vary from app to app.
If you're having trouble using the clicker, make sure its charged and paired with your HoloLens. If the battery is low, the indicator light will blink amber. To see if its paired, go to **Settings** > **Devices** and see if it shows up there. [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again.
If that doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
[Back to list](#list)
## I can't connect to Wi-Fi
Here are some things to try if you can't connect to Wi-Fi on HoloLens:
- Make sure Wi-Fi is turned on. Bloom to go to Start, then select **Settings** > **Network &amp; Internet** > **Wi-Fi** to check. If Wi-Fi is on, try turning it off and on again.
- Move closer to the router or access point.
- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again.
- If none of these things work, check to make sure your router is using the latest firmware. You can find this information on the manufacturers website.
[Back to list](#list)
## My HoloLens isn't running well, is unresponsive, or won't start
If your device isn't performing properly, see [Restart, reset, or recover HoloLens](hololens-recovery.md).
[Back to list](#list)
## How do I delete all spaces?
*Coming soon*
[Back to list](#list)
## I cannot find or use the keyboard to type in the HoloLens 2 Emulator
*Coming soon*
[Back to list](#list)

7
devices/hololens/hololens-commercial-features.md
View File

@ -1,11 +1,12 @@
---
title: Commercial features
description: The Microsoft HoloLens Commercial Suite includes features that make it easier for businesses to manage HoloLens devices. HoloLens 2 devices are equipped with commercial features by default.
keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
author: scooley
ms.author: scooley
ms.date: 08/26/19
ms.date: 08/26/2019
ms.topic: article
keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
audience: ITPro
ms.prod: hololens
ms.sitesec: library
ms.localizationpriority: high
@ -53,7 +54,7 @@ HoloLens (1st gen) came with two licensing options, the developer license and a
|Ability to block unenrollment | |✔️ |✔️ |
|Cert-based corporate Wi-Fi access | |✔️ |✔️ |
|Microsoft Store (Consumer) |Consumer |Filter by using MDM |Filter by using MDM |
[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
|[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
|**Security and identity** | | | |
|Sign in by using Azure Active Directory (AAD) account |✔️ |✔️ |✔️ |
|Sign in by using Microsoft Account (MSA) |✔️ |✔️ |✔️ |

1
devices/hololens/hololens-encryption.md
View File

@ -50,6 +50,7 @@ Provisioning packages are files created by the Windows Configuration Designer to
1. Find the XML license file that was provided when you purchased the Commercial Suite.
1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).

17
devices/hololens/hololens-enroll-mdm.md
View File

@ -1,16 +1,19 @@
---
title: Enroll HoloLens in MDM (HoloLens)
title: Enroll HoloLens in MDM
description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices.
ms.prod: hololens
ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.assetid: 2a9b3fca-8370-44ec-8b57-fb98b8d317b0
author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.date: 07/15/2019
ms.reviewer:
manager: dansimp
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Enroll HoloLens in MDM
@ -39,3 +42,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When
1. Upon successful authentication to the MDM server, a success message is shown.
Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management.
## Unenroll HoloLens from Intune
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.

2
devices/hololens/hololens-environment-considerations.md
View File

@ -77,7 +77,7 @@ The cameras can see no closer than 15cm from an object.
### Surfaces in a space
Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car&mdash;when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car - when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
Less shiny objects are easier to track against.

1
devices/hololens/hololens-feedback.md
View File

@ -80,4 +80,3 @@ To easily direct other people (such as co-workers, Microsoft staff, [forum](http
1. Enter your feedback.
1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **Im done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
1. Select **Post feedback**, and youre done.

3
devices/hololens/hololens-find-and-save-files.md
View File

@ -12,6 +12,9 @@ author: v-miegge
ms.author: v-miegge
ms.topic: article
ms.localizationpriority: medium
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Find and save files on HoloLens

3
devices/hololens/hololens-insider.md
View File

@ -10,6 +10,9 @@ ms.localizationpriority: medium
ms.date: 10/23/2018
ms.reviewer:
manager: dansimp
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# Insider preview for Microsoft HoloLens

169
devices/hololens/hololens-known-issues.md Normal file
View File

@ -0,0 +1,169 @@
---
title: HoloLens known issues
description: This is the list of known issues that may affect HoloLens developers.
keywords: troubleshoot, known issue, help
author: mattzmsft
ms.author: mazeller
ms.date: 8/30/2019
ms.topic: article
HoloLens and holograms: Frequently asked questions
manager: jarrettr
ms.prod: hololens
appliesto:
- HoloLens 1
---
# HoloLens known issues
This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
## Unable to connect and deploy to HoloLens through Visual Studio
>[!NOTE]
>Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \<ip\> due to error 80004005.
### Workaround
Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:
1. Open Visual Studio
1. Select **File** > **New** > **Project**.
1. Select **Visual C#** > **Windows Desktop** > **Console App (.NET Framework)**.
1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**.
1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**):
``` CMD
C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll
C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll
C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll
```
>[!NOTE]
>If you don't have 10.0.18362.0 installed, use the most recent version that you have.
1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**.
1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**.
1. Select both SirepClient.dll and SshClient.dll, and Select **Add**.
1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**.
1. At the top of the file, add the following to the existing list of `using` statements:
``` CMD
using Microsoft.Tools.Deploy;
using System.Net;
```
1. Inside of `static void Main(...)`, add the following code:
``` PowerShell
RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient();
client.Connect(new ConnectionOptions()
{
Credentials = new NetworkCredential("DevToolsUser", string.Empty),
IPAddress = IPAddress.Parse(args[0])
});
client.RemoteDevice.DeleteFile(@"C:\Data\Users\DefaultAccount\AppData\Local\DevelopmentFiles\VSRemoteTools\x86\CoreCLR\mscorlib.ni.dll");
```
1. Select **Build** > **Build Solution**.
1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug)
1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the devices Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary.
We will provide further updates as they become available.
## Issues launching the Microsoft Store and apps on HoloLens
> [!NOTE]
> Last Update: 4/2 @ 10 AM - Issue resolved.
You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows:
1. The new framework package is downloaded from the store and installed
1. All apps using the older framework are updated to use the newer version
If step 2 is interrupted before completion then any apps for which the newer framework wasnt registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them&mdash;however, this does not work 100% of the time.
We have root caused that this issue was not caused the update itself, but a bug in the OS that resulted in the .NET Native framework update being handled incorrectly. We are pleased to announce that we have identified a fix and have released an update (OS version 17763.380) containing the fix.
To see if your device can take the update, please:
1. Go to the Settings app and open **Update & Security**.
1. Select **Check for Updates**.
1. If update to 17763.380 is available, please update to this build to receive the fix for the App Hang bug
1. Upon updating to this version of the OS, the Apps should work as expected.
Additionally, as we do with every HoloLens OS release, we have posted the FFU image to the [Microsoft Download Center](https://aka.ms/hololensdownload/10.0.17763.380).
If you would not like to take the update, we have released a new version of the Microsoft Store UWP app as of 3/29. After you have the updated version of the Store:
1. Open the Store and confirm that it loads.
1. Use the bloom gesture to open the menu.
1. Attempt to open previously broken apps.
1. If it still cannot be launched, tap and hold the icon of the broken app and select uninstall.
1. Resinstall these apps from the store.
If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps:
1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx
1. Please verify that your device is dev unlocked. If you havent done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser.
1. After you have the Windows Device Portal up we need you to “side load” the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on “Go” under the Deploy section. Then do this for the second APPX file.
![Windows Device Portal to Install Side-Loaded app](images/20190322-DevicePortal.png)
1. At this point we believe your applications should start working again and that you can also get to the Store.
1. In some cases, it is necessary run the additional step of launching the 3D Viewer app before affected apps will launch.
We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
## Connecting to WiFi
During HoloLens Setup, there is a credential timeout of 2 minutes. The username/password needs to be entered within 2 minutes otherwise the username field will be automatically cleared.
We recommend using a Bluetooth keyboard for entering long passwords.
> [!NOTE]
> If the wrong network is selected during HoloLens Setup, the device will need to be fully reset. Instructions can be found [here.](hololens-restart-recover.md)
## Device Update
- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
## Visual Studio
- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
## Emulator
- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
- You cannot use the PC webcam in the Emulator.
- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
## Unity
- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
## Windows Device Portal
- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
## API
- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
## Xbox Wireless Controller
- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.

2
devices/hololens/hololens-multiple-users.md
View File

@ -21,6 +21,8 @@ It's common to share one HoloLens with many people or to have many people share
## Share with multiple people, each using their own account
**Prerequisite**: The HoloLens device must be running Windows 10, version 1803 or later. HoloLens (1st gen) also need to be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
When they use their own Azure Active Directory (Azure AD) accounts, multiple users can each keep their own user settings and user data on the device.
To make sure that multiple people can use their own accounts on your HoloLens, follow these steps to configure it:

4
devices/hololens/hololens-status.md
View File

@ -27,10 +27,10 @@ Area|HoloLens (1st gen)|HoloLens 2
## Notes and related topics
[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/en/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/status/).
For more details about current known issues, see [HoloLens known issues](https://docs.microsoft.com/windows/mixed-reality/hololens-known-issues).
For more details about current known issues, see [HoloLens known issues](hololens-known-issues.md).
Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/).

10
devices/hololens/hololens2-basic-usage.md
View File

@ -28,7 +28,7 @@ This guide provides an intro to:
On HoloLens, holograms blend the digital world with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can always see your surroundings, move freely, and interact with people and objects. We call this experience "mixed reality".
The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision unobscured. With spatial sound, you can pinpoint a hologram by listening, even if its behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision clear. With spatial sound, you can pinpoint a hologram by listening, even if its behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
Getting around HoloLens is a lot like using your smart phone. You can use your hands to touch and manipulate holographic windows, menus, and buttons.
@ -54,6 +54,8 @@ To bring up a **context menu**, like the ones you'll find on an app tile in the
## Use hand ray for holograms out of reach
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZOum]
When there are no holograms near your hands, the **touch cursor** will hide automatically and **hand rays** will appear from the palm of your hands. Hand rays allow you to interact with holograms from a distance.
> [!TIP]
@ -71,6 +73,8 @@ To select something using **hand ray**, follow these steps:
### Grab using air tap and hold
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxnh]
To grab a hologram or scroll app window content using **hand ray**, start with an **air tap**, but keep your fingers together instead of releasing them.
Use **air tap and hold** to perform the following actions with hand ray:
@ -81,6 +85,8 @@ Use **air tap and hold** to perform the following actions with hand ray:
## Start gesture
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxng]
The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. Youll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where youre looking**.
> [!TIP]
@ -135,6 +141,8 @@ Move a hologram or app by following these steps:
### Resizing holograms
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZYIb]
Grab and use the **resize handles** that appear on the corners of 3D holograms and app windows to resize them.
For an app window, when resized this way the window content correspondingly increases in size and becomes easier to read.

5
devices/hololens/hololens2-setup.md
View File

@ -1,6 +1,7 @@
---
title: Prepare a new HoloLens 2
description: This guide walks through first time set up and hardware guide.
keywords: hololens, lights, fit, comfort, parts
ms.assetid: 02692dcf-aa22-4d1e-bd00-f89f51048e32
ms.date: 9/17/2019
keywords: hololens
@ -75,7 +76,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL
| ON | Plug in USB Cable | Device starts charging
| SLEEP | Plug in USB Cable | Device starts charging
| SLEEP | Remove USB Cable | Device stops charging
| ON with USB cable pluged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
| ON with USB cable plugged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
### Lights that indicate the battery level
@ -100,7 +101,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL
| When you do this | The lights do this | It means this |
| - | - | - |
| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. |
| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. |
| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. |
## Safety and comfort

BIN
devices/hololens/images/20190322-DevicePortal.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

33
devices/hololens/index.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft HoloLens (HoloLens)
description: Landing page for HoloLens commercial and enterprise management.
title: Microsoft HoloLens
description: Landing page Microsoft HoloLens.
ms.prod: hololens
ms.sitesec: library
ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040
@ -8,7 +8,12 @@ author: scooley
ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/14/2019
ms.date: 10/14/2019
audience: ITPro
appliesto:
- HoloLens 1
- HoloLens 2
---
# Microsoft HoloLens
@ -21,33 +26,33 @@ ms.date: 07/14/2019
<p>To learn more about HoloLens 2 for developers, check out the <a href="https://docs.microsoft.com/windows/mixed-reality/">mixed reality developer documentation</a>.</p>
</td><td align="left" style="border: 0px"><img alt="HoloLens 2 side view" src="images/hololens2-side-render-xs.png"/></td></tr>
<p>To buy HoloLens, check out <a href="https://www.microsoft.com/hololens/buy">HoloLens pricing and sales</a> on <a href="https://www.microsoft.com/hololens">microsoft.com/HoloLens</a>.</p>
</td>
<td align="left" style="border: 0px"><img alt="HoloLens 2 side view" src="images/hololens2-side-render-xs.png"/></td></tr>
</tbody></table>
## Guides in this section
| Guide | Description |
| --- | --- |
| [Get started with HoloLens](hololens1-setup.md) | Set up HoloLens for the first time. |
| [Deploy HoloLens in a commercial environment](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. |
| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. |
| [Get started with HoloLens 2](hololens2-setup.md) | Set up HoloLens 2 for the first time. |
| [Get started with HoloLens (1st gen)](hololens1-setup.md) | Set up HoloLens (1st gen) for the first time. |
| [Get started with HoloLens in a commercial or classroom environment](hololens-requirements.md) | Plan for a multi-device HoloLens deployment and create a strategy for ongoing device management.</br>This section is tailored to IT professionals managing devices with existing device management infrastructure. |
## Quick reference by topic
| Topic | Description |
| --- | --- |
| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. |
| [What's new in HoloLens](hololens-whats-new.md) | Discover new features in the latest updates via HoloLens release notes. |
| [Install and manage applications on HoloLens](hololens-install-apps.md) | Install and manage important applications on HoloLens at scale. |
| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. |
| [Install localized version of HoloLens](hololens1-install-localized.md) | Configure HoloLens for different locale. |
| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
| [Get support](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in enterprise. |
## Related resources
* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes)

10
devices/surface/battery-limit.md
View File

@ -6,22 +6,26 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: dansimp
ms.date: 10/02/2018
ms.date: 10/31/2019
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
---
# Battery Limit setting
Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in cases in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions.
## Battery Limit information
## How Battery Limit works
Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity.
Adding the Battery Limit option to Surface UEFI requires a [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device. Currently, Battery Limit is supported on a subset of Surface devices and will be available in the future on other Surface device models.
## Supported devices
The Battery Limit UEFI setting is built into the latest Surface devices including Surface Pro 7 and Surface Laptop 3. Earlier devices require a
[Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the [Surface Support site](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device.
## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later)

16
devices/surface/deploy.md
View File

@ -11,6 +11,8 @@ ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
---
# Deploy Surface devices
@ -39,19 +41,7 @@ Learn about about deploying ARM- and Intel-based Surface devices.
| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. |
[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity.
 
## Related topics
[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
 
 
[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)

54
devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
View File

@ -9,12 +9,15 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
ms.date: 10/2/2019
ms.date: 10/31/2019
ms.reviewer: scottmca
ms.localizationpriority: medium
ms.audience: itpro
manager: jarrettr
appliesto:
- Surface Laptop (1st Gen)
- Surface Laptop 2
- Surface Laptop 3
---
# How to enable the Surface Laptop keyboard during MDT deployment
@ -32,26 +35,38 @@ To add the keyboard drivers to the selection profile, follow these steps:
1. Download the latest Surface Laptop MSI file from the appropriate locations:
- [Surface Laptop (1st Gen) Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=55489)
- [Surface Laptop 2 Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=57515)
- [Surface Laptop 3 with Intel Processor Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=100429)
1. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the following command:
2. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the command from the following example:
```cmd
Msiexec.exe /a SurfaceLaptop_Win10_15063_1703008_1.msi targetdir=c:\surface_laptop_drivers /qn
```
1. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder.
3. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder.
![Image that shows the location of the WindowsPEX64 folder in the Deployment Workbench](./images/surface-laptop-keyboard-1.png)
1. Right-click the **WindowsPEX64** folder and select **Import Drivers**.
1. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder.
4. Right-click the **WindowsPEX64** folder and select **Import Drivers**.
5. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder.
> [!NOTE]
> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.
To support Surface Laptop (1st Gen), import the following folders:
- SurfacePlatformInstaller\Drivers\System\GPIO
- SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
- SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\SerialIOGPIO
- SurfaceUpdate\SurfaceHidMiniDriver
- SurfaceUpdate\SurfaceSerialHubDriver
To support Surface Laptop 2, import the following folders:
- SurfacePlatformInstaller\Drivers\System\GPIO
- SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
- SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
@ -59,15 +74,36 @@ To add the keyboard drivers to the selection profile, follow these steps:
- SurfacePlatformInstaller\Drivers\System\SPI
- SurfacePlatformInstaller\Drivers\System\UART
1. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
Or for newer MSI files beginning with "SurfaceUpdate", use:
- SurfaceUpdate\SerialIOGPIO
- SurfaceUpdate\IclSerialIOI2C
- SurfaceUpdate\IclSerialIOSPI
- SurfaceUpdate\IclSerialIOUART
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
To support Surface Laptop 3 with Intel Processor, import the following folders:
- SurfaceUpdate\IclSerialIOGPIO
- SurfaceUpdate\IclSerialIOI2C
- SurfaceUpdate\IclSerialIOSPI
- SurfaceUpdate\IclSerialIOUART
- SurfaceUpdate\SurfaceHidMini
- SurfaceUpdate\SurfaceSerialHub
- SurfaceUpdate\SurfaceHotPlug
6. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
![Image that shows the newly imported drivers in the WindowsPEX64 folder of the Deployment Workbench](./images/surface-laptop-keyboard-2.png)
1. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following:
7. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following:
![Image that shows the WindowsPEX64 folder selected as part of a selection profile](./images/surface-laptop-keyboard-3.png)
1. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows:
8. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows:
- For **Platform**, select **x64**.
- For **Selection profile**, select the new profile.
@ -75,7 +111,7 @@ To add the keyboard drivers to the selection profile, follow these steps:
![Image that shows the Windows PE properties of the MDT Deployment Share](./images/surface-laptop-keyboard-4.png)
1. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
9. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
- For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list.
- For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.

BIN
devices/surface/images/manage-surface-uefi-fig5a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
devices/surface/images/manage-surface-uefi-fig7a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

20
devices/surface/ltsb-for-surface.md
View File

@ -10,6 +10,8 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# Long-Term Servicing Channel (LTSC) for Surface devices
@ -28,23 +30,7 @@ General-purpose Surface devices are intended to run on the Semi-Annual Channel t
Surface devices in specialized scenariossuch as PCs that control medical equipment, point-of-sale systems, and ATMsmight consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
## Related topics
- [Surface TechCenter](https://technet.microsoft.com/windows/surface)
- [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
 
 
- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)

8
devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
View File

@ -1,6 +1,6 @@
---
title: Best practice power settings for Surface devices
description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -9,7 +9,9 @@ ms.author: dansimp
ms.topic: article
ms.reviewer:
manager: dansimp
ms.date: 08/21/2019
ms.localizationpriority: medium
ms.audience: itpro
ms.date: 10/28/2019
---
# Best practice power settings for Surface devices
@ -49,7 +51,7 @@ module (SAM). The SAM chip functions as the Surface device power-policy
owner, using algorithms to calculate optimal power requirements. It
works in conjunction with Windows power manager to allocate or throttle
only the exact amount of power required for hardware components to
function.
function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Utilizing the custom power profile in Surface

88
devices/surface/manage-surface-uefi-settings.md
View File

@ -17,22 +17,25 @@ manager: dansimp
# Manage Surface UEFI settings
Current and future generations of Surface devices, including Surface Pro 7, Surface Book 2, and Surface Studio 2,use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the devices operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
>[!NOTE]
>Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings.
## Support for cloud-based management
With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
## Open Surface UEFI menu
## PC information
To adjust UEFI settings during system startup:
On the **PC information** page, detailed information about your Surface device is provided:
1. Shut down your Surface and wait about 10 seconds to make sure it's off.
2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.**
3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears.
- **Model** Your Surface devices model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
## UEFI PC information page
The PC information page includes detailed information about your Surface device:
- **Model** Your Surface devices model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
- **UUID** This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
- **Serial Number** This number is used to identify this specific Surface device for asset tagging and support scenarios.
@ -56,9 +59,9 @@ You will also find detailed information about the firmware of your Surface devic
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
## Security
## UEFI Security page
On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
- Uppercase letters: A-Z
@ -74,21 +77,21 @@ The password must be at least 6 characters and is case sensitive.
*Figure 2. Add a password to protect Surface UEFI settings*
On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
![Configure Secure Boot](images/manage-surface-uefi-fig3.png "Configure Secure Boot")
*Figure 3. Configure Secure Boot*
You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your devices data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
You can also enable or disable the Trusted Platform Module (TPM) device on the Security page, as shown in Figure 4. The TPM is used to authenticate encryption for your devices data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings")
*Figure 4. Configure Surface UEFI security settings*
## Devices
## UEFI menu: Devices
On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
The Devices page allows you to enable or disable specific devices and components including:
- Docking and USB Ports
@ -106,13 +109,13 @@ On the **Devices** page you can enable or disable specific devices and component
Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5.
![Enable and disable specific devices](images/manage-surface-uefi-fig5.png "Enable and disable specific devices")
![Enable and disable specific devices](images/manage-surface-uefi-fig5a.png "Enable and disable specific devices")
*Figure 5. Enable and disable specific devices*
## Boot configuration
## UEFI menu: Boot configuration
On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices:
- Windows Boot Manager
@ -132,68 +135,83 @@ For the specified boot order to take effect, you must set the **Enable Alternate
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
## UEFI menu: Management
The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Exit
![Manage access to Zero Touch UEFI Management and other features](images/manage-surface-uefi-fig7a.png "Manage access to Zero Touch UEFI Management and other features")
*Figure 7. Manage access to Zero Touch UEFI Management and other features*
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 7.
Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**.
> [!NOTE]
> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3.
For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
## UEFI menu: Exit
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.
![Exit Surface UEFI and restart the device](images/manage-surface-uefi-fig7.png "Exit Surface UEFI and restart the device")
*Figure 7. Click Restart Now to exit Surface UEFI and restart the device*
*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
## Surface UEFI boot screens
When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each components progress bar is shown in Figures 8 through 17.
When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each components progress bar is shown in Figures 9 through 18.
![Surface UEFI firmware update with blue progress bar](images/manage-surface-uefi-fig8.png "Surface UEFI firmware update with blue progress bar")
*Figure 8. The Surface UEFI firmware update displays a blue progress bar*
*Figure 9. The Surface UEFI firmware update displays a blue progress bar*
![System Embedded Controller firmware with green progress bar](images/manage-surface-uefi-fig9.png "System Embedded Controller firmware with green progress bar")
*Figure 9. The System Embedded Controller firmware update displays a green progress bar*
*Figure 10. The System Embedded Controller firmware update displays a green progress bar*
![SAM Controller firmware update with orange progress bar](images/manage-surface-uefi-fig10.png "SAM Controller firmware update with orange progress bar")
*Figure 10. The SAM Controller firmware update displays an orange progress bar*
*Figure 11. The SAM Controller firmware update displays an orange progress bar*
![Intel Management Engine firmware with red progress bar](images/manage-surface-uefi-fig11.png "Intel Management Engine firmware with red progress bar")
*Figure 11. The Intel Management Engine firmware update displays a red progress bar*
*Figure 12. The Intel Management Engine firmware update displays a red progress bar*
![Surface touch firmware with gray progress bar](images/manage-surface-uefi-fig12.png "Surface touch firmware with gray progress bar")
*Figure 12. The Surface touch firmware update displays a gray progress bar*
*Figure 13. The Surface touch firmware update displays a gray progress bar*
![Surface KIP firmware with light green progress bar](images/manage-surface-uefi-fig13.png "Surface touch firmware with light green progress bar")
*Figure 13. The Surface KIP firmware update displays a light green progress bar*
*Figure 14. The Surface KIP firmware update displays a light green progress bar*
![Surface ISH firmware with pink progress bar](images/manage-surface-uefi-fig14.png "Surface ISH firmware with pink progress bar")
*Figure 14. The Surface ISH firmware update displays a light pink progress bar*
*Figure 15. The Surface ISH firmware update displays a light pink progress bar*
![Surface Trackpad firmware with gray progress bar](images/manage-surface-uefi-fig15.png "Surface Trackpad firmware with gray progress bar")
*Figure 15. The Surface Trackpad firmware update displays a pink progress bar*
*Figure 16. The Surface Trackpad firmware update displays a pink progress bar*
![Surface TCON firmware with light gray progress bar](images/manage-surface-uefi-fig16.png "Surface TCON firmware with light gray progress bar")
*Figure 16. The Surface TCON firmware update displays a light gray progress bar*
*Figure 17. The Surface TCON firmware update displays a light gray progress bar*
![Surface TPM firmware with light purple progress bar](images/manage-surface-uefi-fig17.png "Surface TPM firmware with purple progress bar")
*Figure 17. The Surface TPM firmware update displays a purple progress bar*
*Figure 18. The Surface TPM firmware update displays a purple progress bar*
>[!NOTE]
>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 18.
>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19.
![Surface boot screen that indicates Secure Boot has been disabled](images/manage-surface-uefi-fig18.png "Surface boot screen that indicates Secure Boot has been disabled")
*Figure 18. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
*Figure 19. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
## Related topics
[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

4
devices/surface/microsoft-surface-brightness-control.md
View File

@ -8,9 +8,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 1/15/2019
ms.date: 10/31/2019
ms.reviewer: hachidan
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# Surface Brightness Control

3
devices/surface/microsoft-surface-deployment-accelerator.md
View File

@ -4,7 +4,7 @@ description: Microsoft Surface Deployment Accelerator provides a quick and simpl
ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
ms.reviewer: hachidan
manager: dansimp
ms.date: 07/27/2017
ms.date: 10/31/2019
ms.localizationpriority: medium
keywords: deploy, install, tool
ms.prod: w10
@ -19,7 +19,6 @@ ms.audience: itpro
# Microsoft Surface Deployment Accelerator
Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
> [!NOTE]

2
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -13,7 +13,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.date: 10/31/2019
---
# Step by step: Surface Deployment Accelerator

1
devices/surface/support-solutions-surface.md
View File

@ -14,6 +14,7 @@ ms.author: dansimp
ms.topic: article
ms.date: 09/26/2019
ms.localizationpriority: medium
ms.audience: itpro
---
# Top support solutions for Surface devices

5
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -3,12 +3,12 @@ title: Deploy Surface Diagnostic Toolkit for Business
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: normal
ms.localizationpriority: medium
ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 09/27/2019
ms.date: 10/31/2019
ms.reviewer: hachidan
manager: dansimp
ms.audience: itpro
@ -173,6 +173,7 @@ You can select to run a wide range of logs across applications, drivers, hardwar
### Version 2.43.139.0
*Release date: October 21, 2019*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:
- Surface Pro 7
- Surface Laptop 3

2
devices/surface/surface-diagnostic-toolkit-command-line.md
View File

@ -16,7 +16,7 @@ ms.audience: itpro
# Run Surface Diagnostic Toolkit for Business using commands
Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features.
Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
>[!NOTE]
>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.

22
devices/surface/surface-diagnostic-toolkit-desktop-mode.md
View File

@ -7,35 +7,33 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 11/15/2018
ms.date: 10/31/2019
ms.reviewer: hachidan
manager: dansimp
ms.localizationpriority: normal
ms.localizationpriority: medium
ms.audience: itpro
---
# Use Surface Diagnostic Toolkit for Business in desktop mode
This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, youre ready to guide the user through a series of tests.
2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
![Start SDT in desktop mode](images/sdt-desk-1.png)
*Figure 1. SDT in desktop mode*
3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2.
![Select from SDT options](images/sdt-desk-2.png)
*Figure 2. Select from SDT options*
4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test.
![Select hardware tests](images/sdt-desk-3.png)
*Figure 3. Select hardware tests*
Hardware test | Description
@ -55,6 +53,7 @@ This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help user
<span id="multiple" />
## Running multiple hardware tests to troubleshoot issues
SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4.
@ -62,7 +61,6 @@ SDT is designed as an interactive tool that runs a series of tests. For each tes
For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it.
![Running hardware diagnostics](images/sdt-desk-4.png)
*Figure 4. Running hardware diagnostics*
1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
@ -75,24 +73,18 @@ For each test, if functionality does not work as expected and the user clicks **
SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5.
![Running repairs](images/sdt-desk-5.png)
*Figure 5. Running repairs*
<span id="logs" />
### Generating logs for analyzing issues
SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6.
![Generating logs](images/sdt-desk-6.png)
*Figure 6. Generating logs*
<span id="detailed-report" />
### Generating detailed report comparing device vs. optimal configuration
Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location.

2
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.date: 06/11/2019
ms.reviewer: cottmca
manager: dansimp
ms.localizationpriority: normal
ms.localizationpriority: medium
ms.audience: itpro
---

2
devices/surface/surface-dock-firmware-update.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 09/18/2019
ms.date: 10/09/2019
ms.reviewer: scottmca
manager: dansimp
ms.audience: itpro

67
devices/surface/surface-enterprise-management-mode.md
View File

@ -9,9 +9,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 01/06/2017
ms.reviewer:
ms.date: 10/31/2019
ms.reviewer: scottmca
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# Microsoft Surface Enterprise Management Mode
@ -19,12 +21,14 @@ manager: dansimp
Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
>[!NOTE]
>SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
>SEMM is only available on devices with Surface UEFI firmware.
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
There are two administrative options you can use to manage SEMM and enrolled Surface devices a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
## Microsoft Surface UEFI Configurator
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
@ -33,8 +37,6 @@ The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown i
*Figure 1. Microsoft Surface UEFI Configurator*
>[!NOTE]
>Windows 10 is required to run Microsoft Surface UEFI Configurator
You can use the Microsoft Surface UEFI Configurator tool in three modes:
@ -62,17 +64,9 @@ See the [Surface Enterprise Management Mode certificate requirements](#surface-e
After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
### Enable or disable devices in Surface UEFI with SEMM
![Enable or disable devices in Surface UEFI with SEMM](images/surface-ent-mgmt-fig3-enabledisable.png "Enable or disable devices in Surface UEFI with SEMM")
*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
![Configure advanced settings in SEMM](images/surface-ent-mgmt-fig4-advancedsettings.png "Configure advanced settings in SEMM")
*Figure 4. Configure advanced settings with SEMM*
You can enable or disable the following devices with SEMM:
The following list shows all the available devices you can manage in SEMM:
* Docking USB Port
* On-board Audio
@ -86,31 +80,40 @@ You can enable or disable the following devices with SEMM:
* Wi-Fi and Bluetooth
* LTE
You can configure the following advanced settings with SEMM:
>[!NOTE]
>The built-in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment. For example, the UEFI Devices page is not supported on Surface Pro X; LTE only appears on LTE-equipped devices.
### Configure advanced settings with SEMM
**Table 1. Advanced settings**
| Setting | Description |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. |
| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. |
| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. |
| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is enabled. |
| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. |
| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. |
|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
* IPv6 support for PXE boot
* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
* Lock the boot order to prevent changes
* Support for booting to USB devices
* Enable Network Stack boot settings
* Enable Auto Power On boot settings
* Display of the Surface UEFI **Security** page
* Display of the Surface UEFI **Devices** page
* Display of the Surface UEFI **Boot** page
* Display of the Surface UEFI **DateTime** page
>[!NOTE]
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3.
![Certificate thumbprint display](images/surface-ent-mgmt-fig5-success.png "Certificate thumbprint display")
*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page*
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4.
![Enrollment confirmation in SEMM](images/surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM")
*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
>[!NOTE]
>Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@ -132,11 +135,11 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
### Recovery request
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation.
![Initiate a SEMM recovery request](images/surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request")
*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page*
When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM.

5
devices/surface/surface-manage-dfci-guide.md
View File

@ -17,7 +17,7 @@ ms.audience: itpro
## Introduction
The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future.
The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For answers to frequently asked questions, see [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
### Background
@ -167,6 +167,7 @@ If the original DFCI profile has been deleted, you can remove policy settings by
6. Validate DFCI is removed from the device in the UEFI.
## Learn more
- [Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot)
- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333)
[Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot)
- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)

9
devices/surface/surface-system-sku-reference.md
View File

@ -9,9 +9,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 03/20/2019
ms.date: 10/31/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# System SKU reference
@ -39,6 +41,11 @@ System Model and System SKU are variables that are stored in the System Manageme
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |
| Surface Pro X | Surface Pro X | Surface_Pro_X_1876 |
| Surface Laptop 3 13" Intel | Surface Laptop 3 | Surface_Laptop_3_1867:1868 |
| Surface Laptop 3 15" Intel | Surface Laptop 3 | Surface_Laptop_3_1872 |
| Surface Laptop 3 15" AMD | Surface Laptop 3 | Surface_Laptop_3_1873 |
## Examples

7
devices/surface/surface-wireless-connect.md
View File

@ -6,16 +6,15 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.audience: itpro
ms.localizationpriority: normal
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 08/15/2019
ms.date: 10/31/2019
ms.reviewer: tokatz
manager: dansimp
---
# Optimize Wi-Fi connectivity for Surface devices
## Introduction
To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings.
@ -32,7 +31,7 @@ If youre managing a wireless network thats typically accessed by many diff
- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device.
- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization.
Surface Go devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs.
Specific Surface devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs. These include Surface Go, Surface Pro 7, Surface Pro X, and Surface Laptop 3.
## Managing user settings

2
devices/surface/unenroll-surface-devices-from-semm.md
View File

@ -12,6 +12,8 @@ ms.topic: article
ms.date: 01/06/2017
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# Unenroll Surface devices from SEMM

6
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -9,9 +9,11 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 02/01/2017
ms.date: 10/31/2019
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium
ms.audience: itpro
---
# Use System Center Configuration Manager to manage devices with SEMM
@ -382,7 +384,7 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
The following tables show the available settings for Surface Pro 4 and Surface Book:
The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go.
*Table 1. Surface UEFI settings for Surface Pro 4*

1
education/docfx.json
View File

@ -33,6 +33,7 @@
"breadcrumb_path": "/education/breadcrumb/toc.json",
"ms.date": "05/09/2017",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "Win.education",

2
mdop/agpm/whats-new-in-agpm-40-sp3.md
View File

@ -189,7 +189,7 @@ The following table describes the behavior of AGPM 4.0 SP3 Client and Server in
## How to Get MDOP Technologies
AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP) since MDOP 2015. MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Related topics

1
smb/docfx.json
View File

@ -31,6 +31,7 @@
"globalMetadata": {
"breadcrumb_path": "/windows/smb/breadcrumb/toc.json",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "TechNet.smb",

1
store-for-business/docfx.json
View File

@ -41,6 +41,7 @@
"Store"
],
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.store-for-business",

3
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -32,7 +32,8 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
- Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC that you are using to connect to the remote PC.
- Your local PC (where you are connecting from) must be either Azure AD joined or Hybrid Azure AD joined. Remote connection to an Azure AD joined PC from an unjoined device or a non-Windows 10 device is not supported.
Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC that you are using to connect to the remote PC.
- On the PC that you want to connect to:
1. Open system properties for the remote PC.
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.

4
windows/client-management/mdm/get-product-details.md
View File

@ -1,6 +1,6 @@
---
title: Get product details
description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application.
description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
ms.reviewer:
manager: dansimp
@ -14,7 +14,7 @@ ms.date: 09/18/2017
# Get product details
The **Get product details** operation retrieves the product information from the Micosoft Store for Business for a specific application.
The **Get product details** operation retrieves the product information from the Microsoft Store for Business for a specific application.
## Request

14
windows/client-management/mdm/reboot-csp.md
View File

@ -38,9 +38,11 @@ The following diagram shows the Reboot configuration service provider management
<p style="margin-left: 20px">The supported operation is Get.</p>
<a href="" id="schedule-single"></a>**Schedule/Single**
<p style="margin-left: 20px">This node will execute a reboot at a scheduled date and time. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. </br>
<p style="margin-left: 20px">This node will execute a reboot at a scheduled date and time. The date and time value is **ISO 8601**, and both the date and time are required. </br>
Example to configure: 2018-10-25T18:00:00</p>
Setting a null (empty) date will delete the existing schedule. In accordance with the ISO 8601 format, the date and time representation needs to be 0000-00-00T00:00:00.
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
<a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent**
@ -53,13 +55,3 @@ Example to configure: 2018-10-25T18:00:00</p>
[Configuration service provider reference](configuration-service-provider-reference.md)

1
windows/configuration/docfx.json
View File

@ -36,6 +36,7 @@
"audience": "ITPro",
"ms.topic": "article",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-configuration",

1
windows/configure/docfx.json
View File

@ -31,6 +31,7 @@
"externalReference": [],
"globalMetadata": {
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.windows-configure"

3
windows/deployment/update/olympia/olympia-enrollment-guidelines.md
View File

@ -88,6 +88,9 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
- This method will upgrade your Windows 10 Pro license to Enterprise and create a new account. See [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup) for more information.
> [!NOTE]
> Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-edition-upgrades#upgrade-by-manually-entering-a-product-key).
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
![Settings -> Accounts](images/1-1.png)

14
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -46,14 +46,14 @@ Windows Update for Business provides management policies for several types of up
## Offering
You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period of time.
You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
### Manage which updates are offered
Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.
- Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
- Microsoft product updates (on/off): When "on" this policy will install udpates for other Microsoft products.
- Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.
### Manage when updates are offered
@ -90,11 +90,19 @@ The branch readiness level enables administrators to specify which channel of fe
Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days will be calculated against a releases Semi-annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
### Recommendations
For the best experience with Windows Update, follow these guidelines:
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
- Make sure that devices have at least 10 GB of free space.
- Give devices unobstructed access to the Windows Update service.
## Monitor Windows Updates by using Update Compliance
Update Compliance provides a holistic view of operating system update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
Update Compliance provides a holistic view of operating system update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without extra infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
![Update Compliance Dashboard](images/waas-wufb-update-compliance.png)

562
windows/deployment/update/windows-update-error-reference.md
View File

@ -25,343 +25,343 @@ This section lists the error codes for Microsoft Windows Update.
## Automatic Update Errors
| Error code | Message | Description |
|------------|-------------------------------|--------------------------------------------------------------------------------------------------------|
| 0x80243FFF | WU_E_AUCLIENT_UNEXPECTED | There was a user interface error not covered by another WU_E_AUCLIENT_\* error code. |
| 0x8024A000 | WU_E_AU_NOSERVICE | Automatic Updates was unable to service incoming requests. |
| 0x8024A002 | WU_E_AU_NONLEGACYSERVER | The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded. |
| 0x8024A003 | WU_E_AU_LEGACYCLIENTDISABLED | The old version of the Automatic Updates client was disabled. |
| 0x8024A004 | WU_E_AU_PAUSED | Automatic Updates was unable to process incoming requests because it was paused. |
| 0x8024A005 | WU_E_AU_NO_REGISTERED_SERVICE | No unmanaged service is registered with AU. |
| 0x8024AFFF | WU_E_AU_UNEXPECTED | An Automatic Updates error not covered by another WU_E_AU \* code. |
|------------|---------------------------------|--------------------------------------------------------------------------------------------------------|
| 0x80243FFF | `WU_E_AUCLIENT_UNEXPECTED` | There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code. |
| 0x8024A000 | `WU_E_AU_NOSERVICE` | Automatic Updates was unable to service incoming requests. |
| 0x8024A002 | `WU_E_AU_NONLEGACYSERVER` | The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded. |
| 0x8024A003 | `WU_E_AU_LEGACYCLIENTDISABLED` | The old version of the Automatic Updates client was disabled. |
| 0x8024A004 | `WU_E_AU_PAUSED` | Automatic Updates was unable to process incoming requests because it was paused. |
| 0x8024A005 | `WU_E_AU_NO_REGISTERED_SERVICE` | No unmanaged service is registered with `AU`. |
| 0x8024AFFF | `WU_E_AU_UNEXPECTED` | An Automatic Updates error not covered by another `WU_E_AU*` code. |
## Windows Update UI errors
| Error code | Message | Description |
|------------|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
| 0x80243001 | WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION | The results of download and installation could not be read from the registry due to an unrecognized data format version. |
| 0x80243002 | WU_E_INSTALLATION_RESULTS_INVALID_DATA | The results of download and installation could not be read from the registry due to an invalid data format. |
| 0x80243003 | WU_E_INSTALLATION_RESULTS_NOT_FOUND | The results of download and installation are not available; the operation may have failed to start. |
| 0x80243004 | WU_E_TRAYICON_FAILURE | A failure occurred when trying to create an icon in the taskbar notification area. |
| 0x80243FFD | WU_E_NON_UI_MODE | Unable to show UI when in non-UI mode; WU client UI modules may not be installed. |
| 0x80243FFE | WU_E_WUCLTUI_UNSUPPORTED_VERSION | Unsupported version of WU client UI exported functions. |
| 0x80243FFF | WU_E_AUCLIENT_UNEXPECTED | There was a user interface error not covered by another WU_E_AUCLIENT_\* error code. |
|------------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
| 0x80243001 | `WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION` | The results of download and installation could not be read from the registry due to an unrecognized data format version. |
| 0x80243002 | `WU_E_INSTALLATION_RESULTS_INVALID_DATA` | The results of download and installation could not be read from the registry due to an invalid data format. |
| 0x80243003 | `WU_E_INSTALLATION_RESULTS_NOT_FOUND` | The results of download and installation are not available; the operation may have failed to start. |
| 0x80243004 | `WU_E_TRAYICON_FAILURE` | A failure occurred when trying to create an icon in the taskbar notification area. |
| 0x80243FFD | `WU_E_NON_UI_MODE` | Unable to show UI when in non-UI mode; WU client UI modules may not be installed. |
| 0x80243FFE | `WU_E_WUCLTUI_UNSUPPORTED_VERSION` | Unsupported version of WU client UI exported functions. |
| 0x80243FFF | `WU_E_AUCLIENT_UNEXPECTED` | There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code. |
## Inventory errors
| Error code | Message | Description |
|------------|-------------------------------------------|-------------------------------------------------------------------------------|
| 0x80249001 | WU_E_INVENTORY_PARSEFAILED | Parsing of the rule file failed. |
| 0x80249002 | WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED | Failed to get the requested inventory type from the server. |
| 0x80249003 | WU_E_INVENTORY_RESULT_UPLOAD_FAILED | Failed to upload inventory result to the server. |
| 0x80249004 | WU_E_INVENTORY_UNEXPECTED | There was an inventory error not covered by another error code. |
| 0x80249005 | WU_E_INVENTORY_WMI_ERROR | A WMI error occurred when enumerating the instances for a particular class. |
|------------|--------------------------------------------|-------------------------------------------------------------------------------|
| 0x80249001 | `WU_E_INVENTORY_PARSEFAILED` | Parsing of the rule file failed. |
| 0x80249002 | `WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED` | Failed to get the requested inventory type from the server. |
| 0x80249003 | `WU_E_INVENTORY_RESULT_UPLOAD_FAILED` | Failed to upload inventory result to the server. |
| 0x80249004 | `WU_E_INVENTORY_UNEXPECTED` | There was an inventory error not covered by another error code. |
| 0x80249005 | `WU_E_INVENTORY_WMI_ERROR` | A WMI error occurred when enumerating the instances for a particular class. |
## Expression evaluator errors
| Error code | Message | Description |
|-------------|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------|
| 0x8024E001 | WU_E_EE_UNKNOWN_EXPRESSION | An expression evaluator operation could not be completed because an expression was unrecognized. |
| 0x8024E002 | WU_E_EE_INVALID_EXPRESSION | An expression evaluator operation could not be completed because an expression was invalid. |
| 0x8024E003 | WU_E_EE_MISSING_METADATA | An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. |
| 0x8024E004 | WU_E_EE_INVALID_VERSION | An expression evaluator operation could not be completed because the version of the serialized expression data is invalid. |
| 0x8024E005 | WU_E_EE_NOT_INITIALIZED | The expression evaluator could not be initialized. |
| 0x8024E006 | WU_E_EE_INVALID_ATTRIBUTEDATA | An expression evaluator operation could not be completed because there was an invalid attribute. |
| 0x8024E007 | WU_E_EE_CLUSTER_ERROR | An expression evaluator operation could not be completed because the cluster state of the computer could not be determined. |
| 0x8024EFFF | WU_E_EE_UNEXPECTED | There was an expression evaluator error not covered by another WU_E_EE_\* error code. |
|------------|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| 0x8024E001 | `WU_E_EE_UNKNOWN_EXPRESSION` | An expression evaluator operation could not be completed because an expression was unrecognized. |
| 0x8024E002 | `WU_E_EE_INVALID_EXPRESSION` | An expression evaluator operation could not be completed because an expression was invalid. |
| 0x8024E003 | `WU_E_EE_MISSING_METADATA` | An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. |
| 0x8024E004 | `WU_E_EE_INVALID_VERSION` | An expression evaluator operation could not be completed because the version of the serialized expression data is invalid. |
| 0x8024E005 | `WU_E_EE_NOT_INITIALIZED` | The expression evaluator could not be initialized. |
| 0x8024E006 | `WU_E_EE_INVALID_ATTRIBUTEDATA` | An expression evaluator operation could not be completed because there was an invalid attribute. |
| 0x8024E007 | `WU_E_EE_CLUSTER_ERROR` | An expression evaluator operation could not be completed because the cluster state of the computer could not be determined. |
| 0x8024EFFF | `WU_E_EE_UNEXPECTED` | There was an expression evaluator error not covered by another `WU_E_EE_*` error code. |
## Reporter errors
| Error code | Message | Description |
|-------------|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0x80247001 | WU_E_OL_INVALID_SCANFILE | An operation could not be completed because the scan package was invalid. |
| 0x80247002 | WU_E_OL_NEWCLIENT_REQUIRED | An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. |
| 0x80247FFF | WU_E_OL_UNEXPECTED | Search using the scan package failed. |
| 0x8024F001 | WU_E_REPORTER_EVENTCACHECORRUPT | The event cache file was defective. |
| 0x8024F002 | WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F003 | WU_E_INVALID_EVENT | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F004 | WU_E_SERVER_BUSY | The server rejected an event because the server was too busy. |
| 0x8024FFFF | WU_E_REPORTER_UNEXPECTED | There was a reporter error not covered by another error code. |
|------------|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| 0x80247001 | `WU_E_OL_INVALID_SCANFILE` | An operation could not be completed because the scan package was invalid. |
| 0x80247002 | `WU_E_OL_NEWCLIENT_REQUIRED` | An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. |
| 0x80247FFF | `WU_E_OL_UNEXPECTED` | Search using the scan package failed. |
| 0x8024F001 | `WU_E_REPORTER_EVENTCACHECORRUPT` | The event cache file was defective. |
| 0x8024F002 | `WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED` | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F003 | `WU_E_INVALID_EVENT` | The XML in the event namespace descriptor could not be parsed. |
| 0x8024F004 | `WU_E_SERVER_BUSY` | The server rejected an event because the server was too busy. |
| 0x8024FFFF | `WU_E_REPORTER_UNEXPECTED` | There was a reporter error not covered by another error code. |
## Redirector errors
The components that download the Wuredir.cab file and then parse the Wuredir.cab file generate the following errors.
The components that download the `Wuredir.cab` file and then parse the `Wuredir.cab` file generate the following errors.
| Error code | Message | Description |
|-|-|-|
|0x80245001|WU_E_REDIRECTOR_LOAD_XML|The redirector XML document could not be loaded into the DOM class. |
|0x80245002|WU_E_REDIRECTOR_S_FALSE|The redirector XML document is missing some required information.|
|0x80245003|WU_E_REDIRECTOR_ID_SMALLER|The redirectorId in the downloaded redirector cab is less than in the cached cab. |
|0x80245FFF|WU_E_REDIRECTOR_UNEXPECTED|The redirector failed for reasons not covered by another WU_E_REDIRECTOR_* error code. |
|----------- |------------------------------|------------------------------------------------------------------------------------------|
| 0x80245001 | `WU_E_REDIRECTOR_LOAD_XML` | The redirector XML document could not be loaded into the DOM class. |
| 0x80245002 | `WU_E_REDIRECTOR_S_FALSE` | The redirector XML document is missing some required information. |
| 0x80245003 | `WU_E_REDIRECTOR_ID_SMALLER` | The redirectorId in the downloaded redirector cab is less than in the cached cab. |
| 0x80245FFF | `WU_E_REDIRECTOR_UNEXPECTED` | The redirector failed for reasons not covered by another `WU_E_REDIRECTOR_*` error code. |
## Protocol Talker errors
The following errors map to SOAPCLIENT_ERRORs through the Atlsoap.h file. These errors are obtained when the CClientWebService object calls the GetClientError() method.
The following errors map to `SOAPCLIENT_ERROR`s through the `Atlsoap.h` file. These errors are obtained when the `CClientWebService` object calls the `GetClientError()` method.
| Error code | Message | Description |
|-------------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------|
| 0x80244000 | WU_E_PT_SOAPCLIENT_BASE | WU_E_PT_SOAPCLIENT_\* error codes map to the SOAPCLIENT_ERROR enum of the ATL Server Library. |
| 0x80244001 | WU_E_PT_SOAPCLIENT_INITIALIZE | Same as SOAPCLIENT_INITIALIZE_ERROR - initialization of the SOAP client failed possibly because of an MSXML installation failure. |
| 0x80244002 | WU_E_PT_SOAPCLIENT_OUTOFMEMORY | Same as SOAPCLIENT_OUTOFMEMORY - SOAP client failed because it ran out of memory. |
| 0x80244003 | WU_E_PT_SOAPCLIENT_GENERATE | Same as SOAPCLIENT_GENERATE_ERROR - SOAP client failed to generate the request. |
| 0x80244004 | WU_E_PT_SOAPCLIENT_CONNECT | Same as SOAPCLIENT_CONNECT_ERROR - SOAP client failed to connect to the server. |
| 0x80244005 | WU_E_PT_SOAPCLIENT_SEND | Same as SOAPCLIENT_SEND_ERROR - SOAP client failed to send a message for reasons of WU_E_WINHTTP_\* error codes. |
| 0x80244006 | WU_E_PT_SOAPCLIENT_SERVER | Same as SOAPCLIENT_SERVER_ERROR - SOAP client failed because there was a server error. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | Same as SOAPCLIENT_SOAPFAULT - SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |
| 0x80244008 | WU_E_PT_SOAPCLIENT_PARSEFAULT | Same as SOAPCLIENT_PARSEFAULT_ERROR - SOAP client failed to parse a SOAP fault. |
| 0x80244009 | WU_E_PT_SOAPCLIENT_READ | Same as SOAPCLIENT_READ_ERROR - SOAP client failed while reading the response from the server. |
| 0x8024400A | WU_E_PT_SOAPCLIENT_PARSE | Same as SOAPCLIENT_PARSE_ERROR - SOAP client failed to parse the response from the server. |
|------------|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
| 0x80244000 | `WU_E_PT_SOAPCLIENT_BASE` | `WU_E_PT_SOAPCLIENT_*` error codes map to the `SOAPCLIENT_ERROR` enum of the ATL Server Library. |
| 0x80244001 | `WU_E_PT_SOAPCLIENT_INITIALIZE` | Same as `SOAPCLIENT_INITIALIZE_ERROR` - initialization of the `SOAP` client failed possibly because of an MSXML installation failure. |
| 0x80244002 | `WU_E_PT_SOAPCLIENT_OUTOFMEMORY` | Same as `SOAPCLIENT_OUTOFMEMORY` - `SOAP` client failed because it ran out of memory. |
| 0x80244003 | `WU_E_PT_SOAPCLIENT_GENERATE` | Same as `SOAPCLIENT_GENERATE_ERROR` - `SOAP` client failed to generate the request. |
| 0x80244004 | `WU_E_PT_SOAPCLIENT_CONNECT` | Same as `SOAPCLIENT_CONNECT_ERROR` - `SOAP` client failed to connect to the server. |
| 0x80244005 | `WU_E_PT_SOAPCLIENT_SEND` | Same as `SOAPCLIENT_SEND_ERROR` - `SOAP` client failed to send a message for reasons of `WU_E_WINHTTP_*` error codes. |
| 0x80244006 | `WU_E_PT_SOAPCLIENT_SERVER` | Same as `SOAPCLIENT_SERVER_ERROR` - `SOAP` client failed because there was a server error. |
| 0x80244007 | `WU_E_PT_SOAPCLIENT_SOAPFAULT` | Same as `SOAPCLIENT_SOAPFAULT` - `SOAP` client failed because there was a SOAP fault for reasons of `WU_E_PT_SOAP_*` error codes. |
| 0x80244008 | `WU_E_PT_SOAPCLIENT_PARSEFAULT` | Same as `SOAPCLIENT_PARSEFAULT_ERROR` - `SOAP` client failed to parse a `SOAP` fault. |
| 0x80244009 | `WU_E_PT_SOAPCLIENT_READ` | Same as `SOAPCLIENT_READ_ERROR` - `SOAP` client failed while reading the response from the server. |
| 0x8024400A | `WU_E_PT_SOAPCLIENT_PARSE` | Same as `SOAPCLIENT_PARSE_ERROR` - `SOAP` client failed to parse the response from the server. |
## Other Protocol Talker errors
The following errors map to SOAP_ERROR_CODEs from the Atlsoap.h file. These errors are obtained from the m_fault.m_soapErrCode member of the CClientWebService object when GetClientError() returns SOAPCLIENT_SOAPFAULT.
The following errors map to `SOAP_ERROR_CODE`s from the `Atlsoap.h` file. These errors are obtained from the `m_fault.m_soapErrCode` member of the `CClientWebService` object when `GetClientError()` returns `SOAPCLIENT_SOAPFAULT`.
| Error code | Message | Description |
|-------------|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x8024400B | WU_E_PT_SOAP_VERSION | Same as SOAP_E_VERSION_MISMATCH - SOAP client found an unrecognizable namespace for the SOAP envelope. |
| 0x8024400C | WU_E_PT_SOAP_MUST_UNDERSTAND | Same as SOAP_E_MUST_UNDERSTAND - SOAP client was unable to understand a header. |
| 0x8024400D | WU_E_PT_SOAP_CLIENT | Same as SOAP_E_CLIENT - SOAP client found the message was malformed; fix before resending. |
| 0x8024400E | WU_E_PT_SOAP_SERVER | Same as SOAP_E_SERVER - The SOAP message could not be processed due to a server error; resend later. |
| 0x8024400F | WU_E_PT_WMI_ERROR | There was an unspecified Windows Management Instrumentation (WMI) error. |
| 0x80244010 | WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS | The number of round trips to the server exceeded the maximum limit. |
| 0x80244011 | WU_E_PT_SUS_SERVER_NOT_SET | WUServer policy value is missing in the registry. |
| 0x80244012 | WU_E_PT_DOUBLE_INITIALIZATION | Initialization failed because the object was already initialized. |
| 0x80244013 | WU_E_PT_INVALID_COMPUTER_NAME | The computer name could not be determined. |
| 0x80244015 | WU_E_PT_REFRESH_CACHE_REQUIRED | The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry. |
| 0x80244016 | WU_E_PT_HTTP_STATUS_BAD_REQUEST | Same as HTTP status 400 - the server could not process the request due to invalid syntax. |
| 0x80244017 | WU_E_PT_HTTP_STATUS_DENIED | Same as HTTP status 401 - the requested resource requires user authentication. |
| 0x80244018 | WU_E_PT_HTTP_STATUS_FORBIDDEN | Same as HTTP status 403 - server understood the request but declined to fulfill it. |
| 0x80244019 | WU_E_PT_HTTP_STATUS_NOT_FOUND | Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier). |
| 0x8024401A | WU_E_PT_HTTP_STATUS_BAD_METHOD | Same as HTTP status 405 - the HTTP method is not allowed. |
| 0x8024401B | WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ | Same as HTTP status 407 - proxy authentication is required. |
| 0x8024401C | WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT | Same as HTTP status 408 - the server timed out waiting for the request. |
| 0x8024401D | WU_E_PT_HTTP_STATUS_CONFLICT | Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource. |
| 0x8024401E | WU_E_PT_HTTP_STATUS_GONE | Same as HTTP status 410 - requested resource is no longer available at the server. |
| 0x8024401F | WU_E_PT_HTTP_STATUS_SERVER_ERROR | Same as HTTP status 500 - an error internal to the server prevented fulfilling the request. |
| 0x80244020 | WU_E_PT_HTTP_STATUS_NOT_SUPPORTED | Same as HTTP status 500 - server does not support the functionality required to fulfill the request. |
| 0x80244021 | WU_E_PT_HTTP_STATUS_BAD_GATEWAY | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfil the request. |
| 0x80244022 | WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL | Same as HTTP status 503 - the service is temporarily overloaded. |
| 0x80244023 | WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT | Same as HTTP status 503 - the request was timed out waiting for a gateway. |
| 0x80244024 | WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP | Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request. |
| 0x80244025 | WU_E_PT_FILE_LOCATIONS_CHANGED | Operation failed due to a changed file location; refresh internal state and resend. |
| 0x80244026 | WU_E_PT_REGISTRATION_NOT_SUPPORTED | Operation failed because Windows Update Agent does not support registration with a non-WSUS server. |
| 0x80244027 | WU_E_PT_NO_AUTH_PLUGINS_REQUESTED | The server returned an empty authentication information list. |
| 0x80244028 | WU_E_PT_NO_AUTH_COOKIES_CREATED | Windows Update Agent was unable to create any valid authentication cookies. |
| 0x80244029 | WU_E_PT_INVALID_CONFIG_PROP | A configuration property value was wrong. |
| 0x8024402A | WU_E_PT_CONFIG_PROP_MISSING | A configuration property value was missing. |
| 0x8024402B | WU_E_PT_HTTP_STATUS_NOT_MAPPED | The HTTP request could not be completed and the reason did not correspond to any of the WU_E_PT_HTTP_\* error codes. |
| 0x8024402C | WU_E_PT_WINHTTP_NAME_NOT_RESOLVED | Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved. |
| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors. |
| 0x80244030 | WU_E_PT_ECP_INIT_FAILED | The external cab processor initialization did not complete. |
| 0x80244031 | WU_E_PT_ECP_INVALID_FILE_FORMAT | The format of a metadata file was invalid. |
| 0x80244032 | WU_E_PT_ECP_INVALID_METADATA | External cab processor found invalid metadata. |
| 0x80244033 | WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST | The file digest could not be extracted from an external cab file. |
| 0x80244034 | WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE | An external cab file could not be decompressed. |
| 0x80244035 | WU_E_PT_ECP_FILE_LOCATION_ERROR | External cab processor was unable to get file locations. |
| 0x80244FFF | WU_E_PT_UNEXPECTED | A communication error not covered by another WU_E_PT_\* error code. |
| 0x8024502D | WU_E_PT_SAME_REDIR_ID | Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery. |
| 0x8024502E | WU_E_PT_NO_MANAGED_RECOVER | A redirector recovery action did not complete because the server is managed. |
|------------|----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x8024400B | `WU_E_PT_SOAP_VERSION` | Same as `SOAP_E_VERSION_MISMATCH` - `SOAP` client found an unrecognizable namespace for the `SOAP` envelope. |
| 0x8024400C | `WU_E_PT_SOAP_MUST_UNDERSTAND` | Same as `SOAP_E_MUST_UNDERSTAND` - `SOAP` client was unable to understand a header. |
| 0x8024400D | `WU_E_PT_SOAP_CLIENT` | Same as `SOAP_E_CLIENT` - `SOAP` client found the message was malformed; fix before resending. |
| 0x8024400E | `WU_E_PT_SOAP_SERVER` | Same as `SOAP_E_SERVER` - The `SOAP` message could not be processed due to a server error; resend later. |
| 0x8024400F | `WU_E_PT_WMI_ERROR` | There was an unspecified Windows Management Instrumentation (WMI) error. |
| 0x80244010 | `WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS` | The number of round trips to the server exceeded the maximum limit. |
| 0x80244011 | `WU_E_PT_SUS_SERVER_NOT_SET` | WUServer policy value is missing in the registry. |
| 0x80244012 | `WU_E_PT_DOUBLE_INITIALIZATION` | Initialization failed because the object was already initialized. |
| 0x80244013 | `WU_E_PT_INVALID_COMPUTER_NAME` | The computer name could not be determined. |
| 0x80244015 | `WU_E_PT_REFRESH_CACHE_REQUIRED` | The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry. |
| 0x80244016 | `WU_E_PT_HTTP_STATUS_BAD_REQUEST` | Same as HTTP status 400 - the server could not process the request due to invalid syntax. |
| 0x80244017 | `WU_E_PT_HTTP_STATUS_DENIED` | Same as HTTP status 401 - the requested resource requires user authentication. |
| 0x80244018 | `WU_E_PT_HTTP_STATUS_FORBIDDEN` | Same as HTTP status 403 - server understood the request but declined to fulfill it. |
| 0x80244019 | `WU_E_PT_HTTP_STATUS_NOT_FOUND` | Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier). |
| 0x8024401A | `WU_E_PT_HTTP_STATUS_BAD_METHOD` | Same as HTTP status 405 - the HTTP method is not allowed. |
| 0x8024401B | `WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ` | Same as HTTP status 407 - proxy authentication is required. |
| 0x8024401C | `WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT` | Same as HTTP status 408 - the server timed out waiting for the request. |
| 0x8024401D | `WU_E_PT_HTTP_STATUS_CONFLICT` | Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource. |
| 0x8024401E | `WU_E_PT_HTTP_STATUS_GONE` | Same as HTTP status 410 - requested resource is no longer available at the server. |
| 0x8024401F | `WU_E_PT_HTTP_STATUS_SERVER_ERROR` | Same as HTTP status 500 - an error internal to the server prevented fulfilling the request. |
| 0x80244020 | `WU_E_PT_HTTP_STATUS_NOT_SUPPORTED` | Same as HTTP status 500 - server does not support the functionality required to fulfill the request. |
| 0x80244021 | `WU_E_PT_HTTP_STATUS_BAD_GATEWAY` | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfill the request. |
| 0x80244022 | `WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL` | Same as HTTP status 503 - the service is temporarily overloaded. |
| 0x80244023 | `WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT` | Same as HTTP status 503 - the request was timed out waiting for a gateway. |
| 0x80244024 | `WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP` | Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request. |
| 0x80244025 | `WU_E_PT_FILE_LOCATIONS_CHANGED` | Operation failed due to a changed file location; refresh internal state and resend. |
| 0x80244026 | `WU_E_PT_REGISTRATION_NOT_SUPPORTED` | Operation failed because Windows Update Agent does not support registration with a non-WSUS server. |
| 0x80244027 | `WU_E_PT_NO_AUTH_PLUGINS_REQUESTED` | The server returned an empty authentication information list. |
| 0x80244028 | `WU_E_PT_NO_AUTH_COOKIES_CREATED` | Windows Update Agent was unable to create any valid authentication cookies. |
| 0x80244029 | `WU_E_PT_INVALID_CONFIG_PROP` | A configuration property value was wrong. |
| 0x8024402A | `WU_E_PT_CONFIG_PROP_MISSING` | A configuration property value was missing. |
| 0x8024402B | `WU_E_PT_HTTP_STATUS_NOT_MAPPED` | The HTTP request could not be completed and the reason did not correspond to any of the `WU_E_PT_HTTP_*` error codes. |
| 0x8024402C | `WU_E_PT_WINHTTP_NAME_NOT_RESOLVED` | Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved. |
| 0x8024402F | `WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS` | External cab file processing completed with some errors. |
| 0x80244030 | `WU_E_PT_ECP_INIT_FAILED` | The external cab processor initialization did not complete. |
| 0x80244031 | `WU_E_PT_ECP_INVALID_FILE_FORMAT` | The format of a metadata file was invalid. |
| 0x80244032 | `WU_E_PT_ECP_INVALID_METADATA` | External cab processor found invalid metadata. |
| 0x80244033 | `WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST` | The file digest could not be extracted from an external cab file. |
| 0x80244034 | `WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE` | An external cab file could not be decompressed. |
| 0x80244035 | `WU_E_PT_ECP_FILE_LOCATION_ERROR` | External cab processor was unable to get file locations. |
| 0x80244FFF | `WU_E_PT_UNEXPECTED` | A communication error not covered by another `WU_E_PT_*` error code. |
| 0x8024502D | `WU_E_PT_SAME_REDIR_ID` | Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery. |
| 0x8024502E | `WU_E_PT_NO_MANAGED_RECOVER` | A redirector recovery action did not complete because the server is managed. |
## Download Manager errors
| Error code | Message | Description |
|-------------|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80246001 | WU_E_DM_URLNOTAVAILABLE | A download manager operation could not be completed because the requested file does not have a URL. |
| 0x80246002 | WU_E_DM_INCORRECTFILEHASH | A download manager operation could not be completed because the file digest was not recognized. |
| 0x80246003 | WU_E_DM_UNKNOWNALGORITHM | A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm. |
| 0x80246004 | WU_E_DM_NEEDDOWNLOADREQUEST | An operation could not be completed because a download request is required from the download handler. |
| 0x80246005 | WU_E_DM_NONETWORK | A download manager operation could not be completed because the network connection was unavailable. |
| 0x80246006 | WU_E_DM_WRONGBITSVERSION | A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
| 0x80246007 | WU_E_DM_NOTDOWNLOADED | The update has not been downloaded. |
| 0x80246008 | WU_E_DM_FAILTOCONNECTTOBITS | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
| 0x80246009 | WU_E_DM_BITSTRANSFERERROR | A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error. |
| 0x8024600A | WU_E_DM_DOWNLOADLOCATIONCHANGED | A download must be restarted because the location of the source of the download has changed. |
| 0x8024600B | WU_E_DM_CONTENTCHANGED | A download must be restarted because the update content changed in a new revision. |
| 0x80246FFF | WU_E_DM_UNEXPECTED | There was a download manager error not covered by another WU_E_DM_\* error code. |
|------------|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80246001 | `WU_E_DM_URLNOTAVAILABLE` | A download manager operation could not be completed because the requested file does not have a URL. |
| 0x80246002 | `WU_E_DM_INCORRECTFILEHASH` | A download manager operation could not be completed because the file digest was not recognized. |
| 0x80246003 | `WU_E_DM_UNKNOWNALGORITHM` | A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm. |
| 0x80246004 | `WU_E_DM_NEEDDOWNLOADREQUEST` | An operation could not be completed because a download request is required from the download handler. |
| 0x80246005 | `WU_E_DM_NONETWORK` | A download manager operation could not be completed because the network connection was unavailable. |
| 0x80246006 | `WU_E_DM_WRONGBITSVERSION` | A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
| 0x80246007 | `WU_E_DM_NOTDOWNLOADED` | The update has not been downloaded. |
| 0x80246008 | `WU_E_DM_FAILTOCONNECTTOBITS` | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
| 0x80246009 | `WU_E_DM_BITSTRANSFERERROR` | A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error. |
| 0x8024600A | `WU_E_DM_DOWNLOADLOCATIONCHANGED` | A download must be restarted because the location of the source of the download has changed. |
| 0x8024600B | `WU_E_DM_CONTENTCHANGED` | A download must be restarted because the update content changed in a new revision. |
| 0x80246FFF | `WU_E_DM_UNEXPECTED` | There was a download manager error not covered by another `WU_E_DM_*` error code. |
## Update Handler errors
| Error code | Message | Description |
|-------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80242000 | WU_E_UH_REMOTEUNAVAILABLE | 9A request for a remote update handler could not be completed because no remote process is available. |
| 0x80242001 | WU_E_UH_LOCALONLY | A request for a remote update handler could not be completed because the handler is local only. |
| 0x80242002 | WU_E_UH_UNKNOWNHANDLER | A request for an update handler could not be completed because the handler could not be recognized. |
| 0x80242003 | WU_E_UH_REMOTEALREADYACTIVE | A remote update handler could not be created because one already exists. |
| 0x80242004 | WU_E_UH_DOESNOTSUPPORTACTION | A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). |
| 0x80242005 | WU_E_UH_WRONGHANDLER | An operation did not complete because the wrong handler was specified. |
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. |
| 0x80242007 | WU_E_UH_INSTALLERHUNG | An operation could not be completed because the installer exceeded the time limit. |
| 0x80242008 | WU_E_UH_OPERATIONCANCELLED | An operation being done by the update handler was cancelled. |
| 0x80242009 | WU_E_UH_BADHANDLERXML | An operation could not be completed because the handler-specific metadata is invalid. |
| 0x8024200A | WU_E_UH_CANREQUIREINPUT | A request to the handler to install an update could not be completed because the update requires user input. |
| 0x8024200B | WU_E_UH_INSTALLERFAILURE | The installer failed to install (uninstall) one or more updates. |
| 0x8024200C | WU_E_UH_FALLBACKTOSELFCONTAINED | The update handler should download self-contained content rather than delta-compressed content for the update. |
| 0x8024200D | WU_E_UH_NEEDANOTHERDOWNLOAD | The update handler did not install the update because it needs to be downloaded again. |
| 0x8024200E | WU_E_UH_NOTIFYFAILURE | The update handler failed to send notification of the status of the install (uninstall) operation. |
| 0x8024200F | WU_E_UH_INCONSISTENT_FILE_NAMES | The file names contained in the update metadata and in the update package are inconsistent. |
| 0x80242010 | WU_E_UH_FALLBACKERROR | The update handler failed to fall back to the self-contained content. |
| 0x80242011 | WU_E_UH_TOOMANYDOWNLOADREQUESTS | The update handler has exceeded the maximum number of download requests. |
| 0x80242012 | WU_E_UH_UNEXPECTEDCBSRESPONSE | The update handler has received an unexpected response from CBS. |
| 0x80242013 | WU_E_UH_BADCBSPACKAGEID | The update metadata contains an invalid CBS package identifier. |
| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-reboot operation for the update is still in progress. |
| 0x80242015 | WU_E_UH_POSTREBOOTRESULTUNKNOWN | The result of the post-reboot operation for the update could not be determined. |
| 0x80242016 | WU_E_UH_POSTREBOOTUNEXPECTEDSTATE | The state of the update after its post-reboot operation has completed is unexpected. |
| 0x80242017 | WU_E_UH_NEW_SERVICING_STACK_REQUIRED | The OS servicing stack must be updated before this update is downloaded or installed. |
| 0x80242FFF | WU_E_UH_UNEXPECTED | An update handler error not covered by another WU_E_UH_\* code. |
|------------|----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80242000 | `WU_E_UH_REMOTEUNAVAILABLE` | A request for a remote update handler could not be completed because no remote process is available. |
| 0x80242001 | `WU_E_UH_LOCALONLY` | A request for a remote update handler could not be completed because the handler is local only. |
| 0x80242002 | `WU_E_UH_UNKNOWNHANDLER` | A request for an update handler could not be completed because the handler could not be recognized. |
| 0x80242003 | `WU_E_UH_REMOTEALREADYACTIVE` | A remote update handler could not be created because one already exists. |
| 0x80242004 | `WU_E_UH_DOESNOTSUPPORTACTION` | A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). |
| 0x80242005 | `WU_E_UH_WRONGHANDLER` | An operation did not complete because the wrong handler was specified. |
| 0x80242006 | `WU_E_UH_INVALIDMETADATA` | A handler operation could not be completed because the update contains invalid metadata. |
| 0x80242007 | `WU_E_UH_INSTALLERHUNG` | An operation could not be completed because the installer exceeded the time limit. |
| 0x80242008 | `WU_E_UH_OPERATIONCANCELLED` | An operation being done by the update handler was canceled. |
| 0x80242009 | `WU_E_UH_BADHANDLERXML` | An operation could not be completed because the handler-specific metadata is invalid. |
| 0x8024200A | `WU_E_UH_CANREQUIREINPUT` | A request to the handler to install an update could not be completed because the update requires user input. |
| 0x8024200B | `WU_E_UH_INSTALLERFAILURE` | The installer failed to install (uninstall) one or more updates. |
| 0x8024200C | `WU_E_UH_FALLBACKTOSELFCONTAINED` | The update handler should download self-contained content rather than delta-compressed content for the update. |
| 0x8024200D | `WU_E_UH_NEEDANOTHERDOWNLOAD` | The update handler did not install the update because it needs to be downloaded again. |
| 0x8024200E | `WU_E_UH_NOTIFYFAILURE` | The update handler failed to send notification of the status of the install (uninstall) operation. |
| 0x8024200F | `WU_E_UH_INCONSISTENT_FILE_NAMES` | The file names contained in the update metadata and in the update package are inconsistent. |
| 0x80242010 | `WU_E_UH_FALLBACKERROR` | The update handler failed to fall back to the self-contained content. |
| 0x80242011 | `WU_E_UH_TOOMANYDOWNLOADREQUESTS` | The update handler has exceeded the maximum number of download requests. |
| 0x80242012 | `WU_E_UH_UNEXPECTEDCBSRESPONSE` | The update handler has received an unexpected response from CBS. |
| 0x80242013 | `WU_E_UH_BADCBSPACKAGEID` | The update metadata contains an invalid CBS package identifier. |
| 0x80242014 | `WU_E_UH_POSTREBOOTSTILLPENDING` | The post-reboot operation for the update is still in progress. |
| 0x80242015 | `WU_E_UH_POSTREBOOTRESULTUNKNOWN` | The result of the post-reboot operation for the update could not be determined. |
| 0x80242016 | `WU_E_UH_POSTREBOOTUNEXPECTEDSTATE` | The state of the update after its post-reboot operation has completed is unexpected. |
| 0x80242017 | `WU_E_UH_NEW_SERVICING_STACK_REQUIRED` | The OS servicing stack must be updated before this update is downloaded or installed. |
| 0x80242FFF | `WU_E_UH_UNEXPECTED` | An update handler error not covered by another `WU_E_UH_*` code. |
## Data Store errors
| Error code | Message | Description |
|-------------|-------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80248000 | WU_E_DS_SHUTDOWN | An operation failed because Windows Update Agent is shutting down. |
| 0x80248001 | WU_E_DS_INUSE | An operation failed because the data store was in use. |
| 0x80248002 | WU_E_DS_INVALID | The current and expected states of the data store do not match. |
| 0x80248003 | WU_E_DS_TABLEMISSING | The data store is missing a table. |
| 0x80248004 | WU_E_DS_TABLEINCORRECT | The data store contains a table with unexpected columns. |
| 0x80248005 | WU_E_DS_INVALIDTABLENAME | A table could not be opened because the table is not in the data store. |
| 0x80248006 | WU_E_DS_BADVERSION | The current and expected versions of the data store do not match. |
| 0x80248007 | WU_E_DS_NODATA | The information requested is not in the data store. |
| 0x80248008 | WU_E_DS_MISSINGDATA | The data store is missing required information or has a NULL in a table column that requires a non-null value. |
| 0x80248009 | WU_E_DS_MISSINGREF | The data store is missing required information or has a reference to missing license terms file localized property or linked row. |
| 0x8024800A | WU_E_DS_UNKNOWNHANDLER | The update was not processed because its update handler could not be recognized. |
| 0x8024800B | WU_E_DS_CANTDELETE | The update was not deleted because it is still referenced by one or more services. |
| 0x8024800C | WU_E_DS_LOCKTIMEOUTEXPIRED | The data store section could not be locked within the allotted time. |
| 0x8024800D | WU_E_DS_NOCATEGORIES | The category was not added because it contains no parent categories and is not a top-level category itself. |
| 0x8024800E | WU_E_DS_ROWEXISTS | The row was not added because an existing row has the same primary key. |
| 0x8024800F | WU_E_DS_STOREFILELOCKED | The data store could not be initialized because it was locked by another process. |
| 0x80248010 | WU_E_DS_CANNOTREGISTER | The data store is not allowed to be registered with COM in the current process. |
| 0x80248011 | WU_E_DS_UNABLETOSTART | Could not create a data store object in another process. |
| 0x80248013 | WU_E_DS_DUPLICATEUPDATEID | The server sent the same update to the client with two different revision IDs. |
| 0x80248014 | WU_E_DS_UNKNOWNSERVICE | An operation did not complete because the service is not in the data store. |
| 0x80248015 | WU_E_DS_SERVICEEXPIRED | An operation did not complete because the registration of the service has expired. |
| 0x80248016 | WU_E_DS_DECLINENOTALLOWED | A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline. |
| 0x80248017 | WU_E_DS_TABLESESSIONMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248018 | WU_E_DS_SESSIONLOCKMISMATCH | A table was not closed because it is not associated with the session. |
| 0x80248019 | WU_E_DS_NEEDWINDOWSSERVICE | A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service. |
| 0x8024801A | WU_E_DS_INVALIDOPERATION | A request was declined because the operation is not allowed. |
| 0x8024801B | WU_E_DS_SCHEMAMISMATCH | The schema of the current data store and the schema of a table in a backup XML document do not match. |
| 0x8024801C | WU_E_DS_RESETREQUIRED | The data store requires a session reset; release the session and retry with a new session. |
| 0x8024801D | WU_E_DS_IMPERSONATED | A data store operation did not complete because it was requested with an impersonated identity. |
| 0x80248FFF | WU_E_DS_UNEXPECTED | A data store error not covered by another WU_E_DS_\* code. |
|------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x80248000 | `WU_E_DS_SHUTDOWN` | An operation failed because Windows Update Agent is shutting down. |
| 0x80248001 | `WU_E_DS_INUSE` | An operation failed because the data store was in use. |
| 0x80248002 | `WU_E_DS_INVALID` | The current and expected states of the data store do not match. |
| 0x80248003 | `WU_E_DS_TABLEMISSING` | The data store is missing a table. |
| 0x80248004 | `WU_E_DS_TABLEINCORRECT` | The data store contains a table with unexpected columns. |
| 0x80248005 | `WU_E_DS_INVALIDTABLENAME` | A table could not be opened because the table is not in the data store. |
| 0x80248006 | `WU_E_DS_BADVERSION` | The current and expected versions of the data store do not match. |
| 0x80248007 | `WU_E_DS_NODATA` | The information requested is not in the data store. |
| 0x80248008 | `WU_E_DS_MISSINGDATA` | The data store is missing required information or has a NULL in a table column that requires a non-null value. |
| 0x80248009 | `WU_E_DS_MISSINGREF` | The data store is missing required information or has a reference to missing license terms file localized property or linked row. |
| 0x8024800A | `WU_E_DS_UNKNOWNHANDLER` | The update was not processed because its update handler could not be recognized. |
| 0x8024800B | `WU_E_DS_CANTDELETE` | The update was not deleted because it is still referenced by one or more services. |
| 0x8024800C | `WU_E_DS_LOCKTIMEOUTEXPIRED` | The data store section could not be locked within the allotted time. |
| 0x8024800D | `WU_E_DS_NOCATEGORIES` | The category was not added because it contains no parent categories and is not a top-level category itself. |
| 0x8024800E | `WU_E_DS_ROWEXISTS` | The row was not added because an existing row has the same primary key. |
| 0x8024800F | `WU_E_DS_STOREFILELOCKED` | The data store could not be initialized because it was locked by another process. |
| 0x80248010 | `WU_E_DS_CANNOTREGISTER` | The data store is not allowed to be registered with COM in the current process. |
| 0x80248011 | `WU_E_DS_UNABLETOSTART` | Could not create a data store object in another process. |
| 0x80248013 | `WU_E_DS_DUPLICATEUPDATEID` | The server sent the same update to the client with two different revision IDs. |
| 0x80248014 | `WU_E_DS_UNKNOWNSERVICE` | An operation did not complete because the service is not in the data store. |
| 0x80248015 | `WU_E_DS_SERVICEEXPIRED` | An operation did not complete because the registration of the service has expired. |
| 0x80248016 | `WU_E_DS_DECLINENOTALLOWED` | A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline. |
| 0x80248017 | `WU_E_DS_TABLESESSIONMISMATCH` | A table was not closed because it is not associated with the session. |
| 0x80248018 | `WU_E_DS_SESSIONLOCKMISMATCH` | A table was not closed because it is not associated with the session. |
| 0x80248019 | `WU_E_DS_NEEDWINDOWSSERVICE` | A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service. |
| 0x8024801A | `WU_E_DS_INVALIDOPERATION` | A request was declined because the operation is not allowed. |
| 0x8024801B | `WU_E_DS_SCHEMAMISMATCH` | The schema of the current data store and the schema of a table in a backup XML document do not match. |
| 0x8024801C | `WU_E_DS_RESETREQUIRED` | The data store requires a session reset; release the session and retry with a new session. |
| 0x8024801D | `WU_E_DS_IMPERSONATED` | A data store operation did not complete because it was requested with an impersonated identity. |
| 0x80248FFF | `WU_E_DS_UNEXPECTED` | A data store error not covered by another `WU_E_DS_*` code. |
## Driver Util errors
The PnP enumerated device is removed from the System Spec because one of the hardware IDs or the compatible IDs matches an installed printer driver. This is not a fatal error, and the device is merely skipped.
|Error code|Message|Description
|-|-|-|
| 0x8024C001 |WU_E_DRV_PRUNED|A driver was skipped.
| 0x8024C002 |WU_E_DRV_NOPROP_OR_LEGACY|A property for the driver could not be found. It may not conform with required specifications.
| 0x8024C003 |WU_E_DRV_REG_MISMATCH|The registry type read for the driver does not match the expected type.
| 0x8024C004 |WU_E_DRV_NO_METADATA|The driver update is missing metadata.
| 0x8024C005 |WU_E_DRV_MISSING_ATTRIBUTE|The driver update is missing a required attribute.
| 0x8024C006|WU_E_DRV_SYNC_FAILED|Driver synchronization failed.
| 0x8024C007 |WU_E_DRV_NO_PRINTER_CONTENT|Information required for the synchronization of applicable printers is missing.
| 0x8024CFFF |WU_E_DRV_UNEXPECTED|A driver error not covered by another WU_E_DRV_* code.
| Error code | Message | Description |
|------------|-------------------------------|------------------------------------------------------------------------------------------------|
| 0x8024C001 | `WU_E_DRV_PRUNED` | A driver was skipped. |
| 0x8024C002 | `WU_E_DRV_NOPROP_OR_LEGACY` | A property for the driver could not be found. It may not conform with required specifications. |
| 0x8024C003 | `WU_E_DRV_REG_MISMATCH` | The registry type read for the driver does not match the expected type. |
| 0x8024C004 | `WU_E_DRV_NO_METADATA` | The driver update is missing metadata. |
| 0x8024C005 | `WU_E_DRV_MISSING_ATTRIBUTE` | The driver update is missing a required attribute. |
| 0x8024C006 | `WU_E_DRV_SYNC_FAILED` | Driver synchronization failed. |
| 0x8024C007 | `WU_E_DRV_NO_PRINTER_CONTENT` | Information required for the synchronization of applicable printers is missing. |
| 0x8024CFFF | `WU_E_DRV_UNEXPECTED` | A driver error not covered by another `WU_E_DRV_*` code. |
## Windows Update error codes
|Error code|Message|Description
|-|-|-|
| 0x80240001 |WU_E_NO_SERVICE|Windows Update Agent was unable to provide the service.
| 0x80240002 |WU_E_MAX_CAPACITY_REACHED |The maximum capacity of the service was exceeded.
| 0x80240003 |WU_E_UNKNOWN_ID|An ID cannot be found.
| 0x80240004 |WU_E_NOT_INITIALIZED|The object could not be initialized.
| 0x80240005 |WU_E_RANGEOVERLAP |The update handler requested a byte range overlapping a previously requested range.
| 0x80240006 |WU_E_TOOMANYRANGES|The requested number of byte ranges exceeds the maximum number (2^31 - 1).
| 0x80240007 |WU_E_INVALIDINDEX|The index to a collection was invalid.
| 0x80240008 |WU_E_ITEMNOTFOUND|The key for the item queried could not be found.
| 0x80240009 |WU_E_OPERATIONINPROGRESS|Another conflicting operation was in progress. Some operations such as installation cannot be performed twice simultaneously.
| 0x8024000A |WU_E_COULDNOTCANCEL|Cancellation of the operation was not allowed.
| 0x8024000B |WU_E_CALL_CANCELLED|Operation was cancelled.
| 0x8024000C |WU_E_NOOP|No operation was required.
| 0x8024000D |WU_E_XML_MISSINGDATA|Windows Update Agent could not find required information in the update's XML data.
| 0x8024000E |WU_E_XML_INVALID|Windows Update Agent found invalid information in the update's XML data.
| 0x8024000F |WU_E_CYCLE_DETECTED |Circular update relationships were detected in the metadata.
| 0x80240010 |WU_E_TOO_DEEP_RELATION|Update relationships too deep to evaluate were evaluated.
| 0x80240011 |WU_E_INVALID_RELATIONSHIP|An invalid update relationship was detected.
| 0x80240012 |WU_E_REG_VALUE_INVALID|An invalid registry value was read.
| 0x80240013 |WU_E_DUPLICATE_ITEM|Operation tried to add a duplicate item to a list.
| 0x80240016 |WU_E_INSTALL_NOT_ALLOWED|Operation tried to install while another installation was in progress or the system was pending a mandatory restart.
| 0x80240017 |WU_E_NOT_APPLICABLE|Operation was not performed because there are no applicable updates.
| 0x80240018 |WU_E_NO_USERTOKEN|Operation failed because a required user token is missing.
| 0x80240019 |WU_E_EXCLUSIVE_INSTALL_CONFLICT|An exclusive update cannot be installed with other updates at the same time.
| 0x8024001A |WU_E_POLICY_NOT_SET |A policy value was not set.
| 0x8024001B |WU_E_SELFUPDATE_IN_PROGRESS|The operation could not be performed because the Windows Update Agent is self-updating.
| 0x8024001D |WU_E_INVALID_UPDATE|An update contains invalid metadata.
| 0x8024001E |WU_E_SERVICE_STOP|Operation did not complete because the service or system was being shut down.
| 0x8024001F |WU_E_NO_CONNECTION|Operation did not complete because the network connection was unavailable.
| 0x80240020 |WU_E_NO_INTERACTIVE_USER|Operation did not complete because there is no logged-on interactive user.
| 0x80240021 |WU_E_TIME_OUT|Operation did not complete because it timed out.
| 0x80240022 |WU_E_ALL_UPDATES_FAILED|Operation failed for all the updates.
| 0x80240023 |WU_E_EULAS_DECLINED|The license terms for all updates were declined.
| 0x80240024 |WU_E_NO_UPDATE|There are no updates.
| 0x80240025 |WU_E_USER_ACCESS_DISABLED|Group Policy settings prevented access to Windows Update.
| 0x80240026 |WU_E_INVALID_UPDATE_TYPE|The type of update is invalid.
| 0x80240027 |WU_E_URL_TOO_LONG|The URL exceeded the maximum length.
| 0x80240028 |WU_E_UNINSTALL_NOT_ALLOWED|The update could not be uninstalled because the request did not originate from a WSUS server.
| 0x80240029 |WU_E_INVALID_PRODUCT_LICENSE|Search may have missed some updates before there is an unlicensed application on the system.
| 0x8024002A |WU_E_MISSING_HANDLER|A component required to detect applicable updates was missing.
| 0x8024002B |WU_E_LEGACYSERVER|An operation did not complete because it requires a newer version of server.
| 0x8024002C |WU_E_BIN_SOURCE_ABSENT|A delta-compressed update could not be installed because it required the source.
| 0x8024002D |WU_E_SOURCE_ABSENT|A full-file update could not be installed because it required the source.
| 0x8024002E |WU_E_WU_DISABLED|Access to an unmanaged server is not allowed.
| 0x8024002F |WU_E_CALL_CANCELLED_BY_POLICY|Operation did not complete because the DisableWindowsUpdateAccess policy was set.
| 0x80240030 |WU_E_INVALID_PROXY_SERVER|The format of the proxy list was invalid.
| 0x80240031 |WU_E_INVALID_FILE|The file is in the wrong format.
| 0x80240032 |WU_E_INVALID_CRITERIA|The search criteria string was invalid.
| 0x80240033 |WU_E_EULA_UNAVAILABLE|License terms could not be downloaded.
| 0x80240034 |WU_E_DOWNLOAD_FAILED|Update failed to download.
| 0x80240035 | WU_E_UPDATE_NOT_PROCESSED|The update was not processed.
| 0x80240036 |WU_E_INVALID_OPERATION|The object's current state did not allow the operation.
| 0x80240037 |WU_E_NOT_SUPPORTED|The functionality for the operation is not supported.
| 0x80240038 |WU_E_WINHTTP_INVALID_FILE|The downloaded file has an unexpected content type.
| 0x80240039 |WU_E_TOO_MANY_RESYNC|Agent is asked by server to resync too many times.
| 0x80240040 |WU_E_NO_SERVER_CORE_SUPPORT|WUA API method does not run on Server Core installation.
| 0x80240041 |WU_E_SYSPREP_IN_PROGRESS|Service is not available while sysprep is running.
| 0x80240042 |WU_E_UNKNOWN_SERVICE|The update service is no longer registered with AU.
| 0x80240043 |WU_E_NO_UI_SUPPORT|There is no support for WUA UI.
| 0x80240FFF |WU_E_UNEXPECTED|An operation failed due to reasons not covered by another error code.
| Error code | Message | Description |
|------------|-----------------------------------|--------------------------------------------------------------|
| 0x80240001 | `WU_E_NO_SERVICE` | Windows Update Agent was unable to provide the service.
| 0x80240002 | `WU_E_MAX_CAPACITY_REACHED` | The maximum capacity of the service was exceeded.
| 0x80240003 | `WU_E_UNKNOWN_ID` | An ID cannot be found.
| 0x80240004 | `WU_E_NOT_INITIALIZED` | The object could not be initialized.
| 0x80240005 | `WU_E_RANGEOVERLAP` | The update handler requested a byte range overlapping a previously requested range.
| 0x80240006 | `WU_E_TOOMANYRANGES` | The requested number of byte ranges exceeds the maximum number (2^31 - 1).
| 0x80240007 | `WU_E_INVALIDINDEX` | The index to a collection was invalid.
| 0x80240008 | `WU_E_ITEMNOTFOUND` | The key for the item queried could not be found.
| 0x80240009 | `WU_E_OPERATIONINPROGRESS` | Another conflicting operation was in progress. Some operations such as installation cannot be performed twice simultaneously.
| 0x8024000A | `WU_E_COULDNOTCANCEL` | Cancellation of the operation was not allowed.
| 0x8024000B | `WU_E_CALL_CANCELLED` | Operation was canceled.
| 0x8024000C | `WU_E_NOOP` | No operation was required.
| 0x8024000D | `WU_E_XML_MISSINGDATA` | Windows Update Agent could not find required information in the update's XML data.
| 0x8024000E | `WU_E_XML_INVALID` | Windows Update Agent found invalid information in the update's XML data.
| 0x8024000F | `WU_E_CYCLE_DETECTED` | Circular update relationships were detected in the metadata.
| 0x80240010 | `WU_E_TOO_DEEP_RELATION` | Update relationships too deep to evaluate were evaluated.
| 0x80240011 | `WU_E_INVALID_RELATIONSHIP` | An invalid update relationship was detected.
| 0x80240012 | `WU_E_REG_VALUE_INVALID` | An invalid registry value was read.
| 0x80240013 | `WU_E_DUPLICATE_ITEM` | Operation tried to add a duplicate item to a list.
| 0x80240016 | `WU_E_INSTALL_NOT_ALLOWED` | Operation tried to install while another installation was in progress or the system was pending a mandatory restart.
| 0x80240017 | `WU_E_NOT_APPLICABLE` | Operation was not performed because there are no applicable updates.
| 0x80240018 | `WU_E_NO_USERTOKEN` | Operation failed because a required user token is missing.
| 0x80240019 | `WU_E_EXCLUSIVE_INSTALL_CONFLICT` | An exclusive update cannot be installed with other updates at the same time.
| 0x8024001A | `WU_E_POLICY_NOT_SET` | A policy value was not set.
| 0x8024001B | `WU_E_SELFUPDATE_IN_PROGRESS` | The operation could not be performed because the Windows Update Agent is self-updating.
| 0x8024001D | `WU_E_INVALID_UPDATE` | An update contains invalid metadata.
| 0x8024001E | `WU_E_SERVICE_STOP` | Operation did not complete because the service or system was being shut down.
| 0x8024001F | `WU_E_NO_CONNECTION` | Operation did not complete because the network connection was unavailable.
| 0x80240020 | `WU_E_NO_INTERACTIVE_USER` | Operation did not complete because there is no logged-on interactive user.
| 0x80240021 | `WU_E_TIME_OUT` | Operation did not complete because it timed out.
| 0x80240022 | `WU_E_ALL_UPDATES_FAILED` | Operation failed for all the updates.
| 0x80240023 | `WU_E_EULAS_DECLINED` | The license terms for all updates were declined.
| 0x80240024 | `WU_E_NO_UPDATE` | There are no updates.
| 0x80240025 | `WU_E_USER_ACCESS_DISABLED` | Group Policy settings prevented access to Windows Update.
| 0x80240026 | `WU_E_INVALID_UPDATE_TYPE` | The type of update is invalid.
| 0x80240027 | `WU_E_URL_TOO_LONG` | The URL exceeded the maximum length.
| 0x80240028 | `WU_E_UNINSTALL_NOT_ALLOWED` | The update could not be uninstalled because the request did not originate from a WSUS server.
| 0x80240029 | `WU_E_INVALID_PRODUCT_LICENSE` | Search may have missed some updates before there is an unlicensed application on the system.
| 0x8024002A | `WU_E_MISSING_HANDLER` | A component required to detect applicable updates was missing.
| 0x8024002B | `WU_E_LEGACYSERVER` | An operation did not complete because it requires a newer version of server.
| 0x8024002C | `WU_E_BIN_SOURCE_ABSENT` | A delta-compressed update could not be installed because it required the source.
| 0x8024002D | `WU_E_SOURCE_ABSENT` | A full-file update could not be installed because it required the source.
| 0x8024002E | `WU_E_WU_DISABLED` | Access to an unmanaged server is not allowed.
| 0x8024002F | `WU_E_CALL_CANCELLED_BY_POLICY` | Operation did not complete because the DisableWindowsUpdateAccess policy was set.
| 0x80240030 | `WU_E_INVALID_PROXY_SERVER` | The format of the proxy list was invalid.
| 0x80240031 | `WU_E_INVALID_FILE` | The file is in the wrong format.
| 0x80240032 | `WU_E_INVALID_CRITERIA` | The search criteria string was invalid.
| 0x80240033 | `WU_E_EULA_UNAVAILABLE` | License terms could not be downloaded.
| 0x80240034 | `WU_E_DOWNLOAD_FAILED` | Update failed to download.
| 0x80240035 | `WU_E_UPDATE_NOT_PROCESSED` | The update was not processed.
| 0x80240036 | `WU_E_INVALID_OPERATION` | The object's current state did not allow the operation.
| 0x80240037 | `WU_E_NOT_SUPPORTED` | The functionality for the operation is not supported.
| 0x80240038 | `WU_E_WINHTTP_INVALID_FILE` | The downloaded file has an unexpected content type.
| 0x80240039 | `WU_E_TOO_MANY_RESYNC` | Agent is asked by server to resync too many times.
| 0x80240040 | `WU_E_NO_SERVER_CORE_SUPPORT` | `WUA API` method does not run on Server Core installation.
| 0x80240041 | `WU_E_SYSPREP_IN_PROGRESS` | Service is not available while sysprep is running.
| 0x80240042 | `WU_E_UNKNOWN_SERVICE` | The update service is no longer registered with `AU`.
| 0x80240043 | `WU_E_NO_UI_SUPPORT` | There is no support for `WUA UI`.
| 0x80240FFF | `WU_E_UNEXPECTED` | An operation failed due to reasons not covered by another error code.
## Windows Update success codes
|Error code|Message|Description
|-|-|-|
| 0x00240001|WU_S_SERVICE_STOP|Windows Update Agent was stopped successfully.
| 0x00240002 |WU_S_SELFUPDATE|Windows Update Agent updated itself.
| 0x00240003 |WU_S_UPDATE_ERROR|Operation completed successfully but there were errors applying the updates.
| 0x00240004 |WU_S_MARKED_FOR_DISCONNECT|A callback was marked to be disconnected later because the request to disconnect the operation came while a callback was executing.
| 0x00240005 |WU_S_REBOOT_REQUIRED|The system must be restarted to complete installation of the update.
| 0x00240006 |WU_S_ALREADY_INSTALLED|The update to be installed is already installed on the system.
| 0x00240007 |WU_S_ALREADY_UNINSTALLED |The update to be removed is not installed on the system.
| 0x00240008 |WU_S_ALREADY_DOWNLOADED|The update to be downloaded has already been downloaded.
| Error code | Message | Description |
|------------|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
| 0x00240001 | `WU_S_SERVICE_STOP` | Windows Update Agent was stopped successfully. |
| 0x00240002 | `WU_S_SELFUPDATE` | Windows Update Agent updated itself. |
| 0x00240003 | `WU_S_UPDATE_ERROR` | Operation completed successfully but there were errors applying the updates. |
| 0x00240004 | `WU_S_MARKED_FOR_DISCONNECT` | A callback was marked to be disconnected later because the request to disconnect the operation came while a callback was executing. |
| 0x00240005 | `WU_S_REBOOT_REQUIRED` | The system must be restarted to complete installation of the update. |
| 0x00240006 | `WU_S_ALREADY_INSTALLED` | The update to be installed is already installed on the system. |
| 0x00240007 | `WU_S_ALREADY_UNINSTALLED` | The update to be removed is not installed on the system. |
| 0x00240008 | `WU_S_ALREADY_DOWNLOADED` | The update to be downloaded has already been downloaded. |
## Windows Installer minor errors
The following errors are used to indicate that part of a search fails because of Windows Installer problems. Another part of the search may successfully return updates. All Windows Installer minor codes must share the same error code range so that the caller can tell that they are related to Windows Installer.
|Error code|Message|Description
|-|-|-|
| 0x80241001 |WU_E_MSI_WRONG_VERSION|Search may have missed some updates because the Windows Installer is less than version 3.1.
| 0x80241002 |WU_E_MSI_NOT_CONFIGURED|Search may have missed some updates because the Windows Installer is not configured.
| 0x80241003 |WU_E_MSP_DISABLED|Search may have missed some updates because policy has disabled Windows Installer patching.
| 0x80241004 |WU_E_MSI_WRONG_APP_CONTEXT|An update could not be applied because the application is installed per-user.
| 0x80241FFF |WU_E_MSP_UNEXPECTED|Search may have missed some updates because there was a failure of the Windows Installer.
| Error code | Message | Description |
|------------|------------------------------|---------------------------------------------------------------------------------------------|
| 0x80241001 | `WU_E_MSI_WRONG_VERSION` | Search may have missed some updates because the Windows Installer is less than version 3.1. |
| 0x80241002 | `WU_E_MSI_NOT_CONFIGURED` | Search may have missed some updates because the Windows Installer is not configured. |
| 0x80241003 | `WU_E_MSP_DISABLED` | Search may have missed some updates because policy has disabled Windows Installer patching. |
| 0x80241004 | `WU_E_MSI_WRONG_APP_CONTEXT` | An update could not be applied because the application is installed per-user. |
| 0x80241FFF | `WU_E_MSP_UNEXPECTED` | Search may have missed some updates because there was a failure of the Windows Installer. |
## Windows Update Agent update and setup errors
|Error code|Message|Description
|-|-|-|
| 0x8024D001 |WU_E_SETUP_INVALID_INFDATA|Windows Update Agent could not be updated because an INF file contains invalid information.
| 0x8024D002 |WU_E_SETUP_INVALID_IDENTDATA|Windows Update Agent could not be updated because the wuident.cab file contains invalid information.
| 0x8024D003 |WU_E_SETUP_ALREADY_INITIALIZED|Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice.
| 0x8024D004 |WU_E_SETUP_NOT_INITIALIZED|Windows Update Agent could not be updated because setup initialization never completed successfully.
| 0x8024D005 |WU_E_SETUP_SOURCE_VERSION_MISMATCH|Windows Update Agent could not be updated because the versions specified in the INF do not match the actual source file versions.
| 0x8024D006 |WU_E_SETUP_TARGET_VERSION_GREATER|Windows Update Agent could not be updated because a WUA file on the target system is newer than the corresponding source file.
| 0x8024D007 |WU_E_SETUP_REGISTRATION_FAILED|Windows Update Agent could not be updated because regsvr32.exe returned an error.
| 0x8024D009 |WU_E_SETUP_SKIP_UPDATE|An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file.
| 0x8024D00A |WU_E_SETUP_UNSUPPORTED_CONFIGURATION|Windows Update Agent could not be updated because the current system configuration is not supported.
| 0x8024D00B |WU_E_SETUP_BLOCKED_CONFIGURATION|Windows Update Agent could not be updated because the system is configured to block the update.
| 0x8024D00C |WU_E_SETUP_REBOOT_TO_FIX|Windows Update Agent could not be updated because a restart of the system is required.
| 0x8024D00D |WU_E_SETUP_ALREADYRUNNING|Windows Update Agent setup is already running.
| 0x8024D00E |WU_E_SETUP_REBOOTREQUIRED|Windows Update Agent setup package requires a reboot to complete installation.
| 0x8024D00F |WU_E_SETUP_HANDLER_EXEC_FAILURE|Windows Update Agent could not be updated because the setup handler failed during execution.
| 0x8024D010 |WU_E_SETUP_INVALID_REGISTRY_DATA|Windows Update Agent could not be updated because the registry contains invalid information.
| 0x8024D013 |WU_E_SETUP_WRONG_SERVER_VERSION|Windows Update Agent could not be updated because the server does not contain update information for this version.
| 0x8024DFFF |WU_E_SETUP_UNEXPECTED|Windows Update Agent could not be updated because of an error not covered by another WU_E_SETUP_* error code.
| Error code | Message | Description |
|------------|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| 0x8024D001 | `WU_E_SETUP_INVALID_INFDATA` | Windows Update Agent could not be updated because an INF file contains invalid information. |
| 0x8024D002 | `WU_E_SETUP_INVALID_IDENTDATA` | Windows Update Agent could not be updated because the `wuident.cab` file contains invalid information. |
| 0x8024D003 | `WU_E_SETUP_ALREADY_INITIALIZED` | Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice. |
| 0x8024D004 | `WU_E_SETUP_NOT_INITIALIZED` | Windows Update Agent could not be updated because setup initialization never completed successfully. |
| 0x8024D005 | `WU_E_SETUP_SOURCE_VERSION_MISMATCH` | Windows Update Agent could not be updated because the versions specified in the INF do not match the actual source file versions. |
| 0x8024D006 | `WU_E_SETUP_TARGET_VERSION_GREATER` | Windows Update Agent could not be updated because a WUA file on the target system is newer than the corresponding source file. |
| 0x8024D007 | `WU_E_SETUP_REGISTRATION_FAILED` | Windows Update Agent could not be updated because `regsvr32.exe` returned an error. |
| 0x8024D009 | `WU_E_SETUP_SKIP_UPDATE` | An update to the Windows Update Agent was skipped due to a directive in the `wuident.cab` file. |
| 0x8024D00A | `WU_E_SETUP_UNSUPPORTED_CONFIGURATION` | Windows Update Agent could not be updated because the current system configuration is not supported. |
| 0x8024D00B | `WU_E_SETUP_BLOCKED_CONFIGURATION` | Windows Update Agent could not be updated because the system is configured to block the update. |
| 0x8024D00C | `WU_E_SETUP_REBOOT_TO_FIX` | Windows Update Agent could not be updated because a restart of the system is required. |
| 0x8024D00D | `WU_E_SETUP_ALREADYRUNNING` | Windows Update Agent setup is already running. |
| 0x8024D00E | `WU_E_SETUP_REBOOTREQUIRED` | Windows Update Agent setup package requires a reboot to complete installation. |
| 0x8024D00F | `WU_E_SETUP_HANDLER_EXEC_FAILURE` | Windows Update Agent could not be updated because the setup handler failed during execution. |
| 0x8024D010 | `WU_E_SETUP_INVALID_REGISTRY_DATA` | Windows Update Agent could not be updated because the registry contains invalid information. |
| 0x8024D013 | `WU_E_SETUP_WRONG_SERVER_VERSION` | Windows Update Agent could not be updated because the server does not contain update information for this version. |
| 0x8024DFFF | `WU_E_SETUP_UNEXPECTED` | Windows Update Agent could not be updated because of an error not covered by another `WU_E_SETUP_*` error code. |

18
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -48,7 +48,7 @@ The update that is offered to a device depends on several factors. Some of the m
If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a Windows as a Service deployment ring, that your admin is intentionally slowing the rollout of updates. Since the WaaS rollout is slow and measured to begin with, all devices will not receive the update on the same day.
## My machine is frozen at scan. Why?
## My device is frozen at scan. Why?
The Settings UI is talking to the Update Orchestrator service which in turn is talking to Windows Update service. If these services stop unexpectedly then you might see this behavior. In such cases, do the following:
1. Close the Settings app and reopen it.
2. Launch Services.msc and check if the following services are running:
@ -146,6 +146,22 @@ Windows Update provides a wide range configuration policies to control the behav
See [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
## Device cannot access update files
Check that your device can access these Windows Update endpoints:
- http://windowsupdate.microsoft.com
- http://*.windowsupdate.microsoft.com
- https://*.windowsupdate.microsoft.com
- http://*.update.microsoft.com
- https://*.update.microsoft.com
- http://*.windowsupdate.com
- http://download.windowsupdate.com
- https://download.microsoft.com
- http://*.download.windowsupdate.com
- http://wustat.windows.com
- http://ntservicepack.microsoft.com
Whitelist these endpoints for future use.
## Updates aren't downloading from the intranet endpoint (WSUS/SCCM)
Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:

15
windows/deployment/upgrade/resolution-procedures.md
View File

@ -9,7 +9,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
@ -294,7 +295,7 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
0x80073BC3 - 0x20009<br>
0x8007002 - 0x20009<br>
0x80070002 - 0x20009<br>
0x80073B92 - 0x20009
</table>
@ -593,7 +594,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
<tr>
<td>0x80240FFF </td>
<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a>, WSUS doesn&#39;t recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
<td> You can prevent this by installing <a href="http://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
<td> You can prevent this by installing <a href="https://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
<ol>
<li>Disable the Upgrades classification.</li>
@ -602,7 +603,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
<li>Enable the Upgrades classification.</li>
<li>Perform a full synch.</li>
</ol>
<br>For detailed information on how to run these steps check out <a href="http://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
<br>For detailed information on how to run these steps check out <a href="https://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
</td>
</tr>
@ -698,12 +699,12 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
| 0XC1900105 | MOSETUP_E_TEST_MODE | The installation process is being used in a test environment. |
| 0XC1900106 | MOSETUP_E_TERMINATE_PROCESS | The installation process was terminated. |
| 0XC1900107 | MOSETUP_E_CLEANUP_PENDING | A cleanup operation from a previous installation attempt is still pending. A system reboot is required. |
| 0XC1900108 | MOSETUP_E_REPORTING | An error has occured and the result value must be consolidated for telemetry purposes. |
| 0XC1900108 | MOSETUP_E_REPORTING | An error has occurred and the result value must be consolidated for telemetry purposes. |
| 0XC1900109 | MOSETUP_E_COMPAT_TERMINATE | The installation process was terminated during the actionable compatibility phase. |
| 0XC190010a | MOSETUP_E_UNKNOWN_CMD_LINE | The installation process was launched with an unknown command line argument. |
| 0XC190010a | MOSETUP_E_UNKNOWN_CMD_LINE | The installation process was launched with an unknown command-line argument. |
| 0XC190010b | MOSETUP_E_INSTALL_IMAGE_NOT_FOUND | The installation image was not found. |
| 0XC190010c | MOSETUP_E_AUTOMATION_INVALID | The provided automation information was invalid. |
| 0XC190010d | MOSETUP_E_INVALID_CMD_LINE | The installation process was launched with an invalid command line argument. |
| 0XC190010d | MOSETUP_E_INVALID_CMD_LINE | The installation process was launched with an invalid command-line argument. |
| 0XC190010e | MOSETUP_E_EULA_ACCEPT_REQUIRED | The installation process requires that the user accept the license agreement. |
| 0XC1900110 | MOSETUP_E_EULA_CANCEL | The user has chosen to cancel for license agreement. |
| 0XC1900111 | MOSETUP_E_ADVERTISE_CANCEL | The user has chosen to cancel for advertisement. |

5
windows/deployment/upgrade/windows-error-reporting.md
View File

@ -9,7 +9,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
@ -29,7 +30,7 @@ When Windows Setup fails, the result and extend code are recorded as an informat
To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
> [!IMPORTANT]
>}The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
> The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
```Powershell
$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}

6
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -653,7 +653,7 @@ Before we can pull an application into Intune to make it part of our AP profile,
For the purposes of this lab, well use the Notepad++ tool as our Win32 app.
Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then opy the file to a known location, such as C:\Notepad++msi.
Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then copy the file to a known location, such as C:\Notepad++msi.
Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
@ -736,7 +736,7 @@ In the **Intune > Client Apps > Apps** pane, select the app package you already
Select **Add Group** to open the **Add group** pane that is related to the app.
For our purposes, select *8Required** from the **Assignment type** dropdown menu:
For our purposes, select **Required** from the **Assignment type** dropdown menu:
>**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
@ -758,7 +758,7 @@ In the app **Assignments** pane, select **Save**.
At this point, you have completed steps to add a Win32 app to Intune.
For more information on adding adds to Intune, see [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps-win32-app-management).
For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps-win32-app-management).
### Add Office 365

15
windows/privacy/gdpr-it-guidance.md
View File

@ -26,7 +26,7 @@ Applies to:
- Windows 10 Team Edition, version 1703 for Surface Hub
- Windows Server 2019
- Windows Server 2016
- Windows Analytics
- Desktop Analytics
This topic provides IT Decision Makers with a basic understanding of the relationship between users in an organization and Microsoft in the context of the GDPR (General Data Protection Regulation). You will also learn what role an IT organization plays for that relationship.
@ -156,7 +156,7 @@ The following table lists in what GDPR mode controller or processor Wind
| --- | --- |
| Windows Functional data | Controller or Processor* |
| Windows Diagnostic data | Controller |
| Windows Analytics | Processor |
| Desktop Analytics | Processor |
| Windows Defender Advanced Threat Detection (ATP) | Processor |
*Table 1: Windows 10 GDPR modes of operations for different Windows 10 services*
@ -178,17 +178,16 @@ Windows diagnostic data collection level for Windows 10 can be set by a user in
* For Windows 10, version 1709, and Windows 10, version 1703, the recommended Windows diagnostic level configuration for EEA and Switzerland commercial users is “Basic”.
>[!NOTE]
>For Windows 7, Microsoft recommends [configuring enterprise devices for Windows Analytics](/windows/deployment/update/windows-analytics-get-started) to facilitate upgrade planning to Windows 10.
>For Windows 7, Microsoft recommends [using Commercial Data Opt-in setting](/previous-versions/windows/it-pro/windows-7/ee126127(v=ws.10)) to facilitate upgrade planning to Windows 10.
### Additional information for Windows Analytics
### Additional information for Desktop Analytics
Some Windows Analytics solutions and functionality, such as Update Compliance, works with “Basic” as minimum Windows diagnostic level. Other solutions and functionality of Windows Analytics, such as Device Health, require “Enhanced”.
The basic functionality of Desktop Analytics works at the “Basic” diagnostic data level. Other functionality of Desktop Analytics, such as usage or health data for updated devices, require “Enhanced”.
Those organizations who wish to share the smallest set of events for Windows Analytics and have set the Windows diagnostic level to “Enhanced” can use the “Limit Enhanced diagnostic data to the minimum required by Windows Analytics” setting. This filtering mechanism was that Microsoft introduced in Windows 10, version 1709. When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to the smallest set of data required by Windows Analytics.
Those organizations who wish to share the smallest set of events for Desktop Analytics and have set the Windows diagnostic level to “Enhanced” can use the [“Limit Enhanced diagnostic data to the minimum required by Desktop Analytics”](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#limit-enhanced-diagnostic-data-to-the-minimum-required-by-desktop-analytics) setting. This filtering mechanism was that Microsoft introduced in Windows 10, version 1709. When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to the smallest set of data required by Desktop Analytics.
> [!NOTE]
>Additional information can be found at [Windows Analytics and privacy](/windows/deployment/update/windows-analytics-privacy
).
> Additional information can be found at [Desktop Analytics and privacy](/sccm/desktop-analytics/privacy).
## Controlling Windows 10 data collection and notification about it

10
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -23,6 +23,7 @@ In Windows 10, Windows Hello for Business replaces passwords with strong two-fa
Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.
Windows Hello addresses the following problems with passwords:
- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
- Server breaches can expose symmetric network credentials (passwords).
- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
@ -36,6 +37,7 @@ Windows Hello addresses the following problems with passwords:
## Prerequisites
### Cloud Only Deployment
* Windows 10, version 1511 or later
* Microsoft Azure Account
* Azure Active Directory
@ -44,6 +46,7 @@ Windows Hello addresses the following problems with passwords:
* Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
### Hybrid Deployments
The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
| Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed |
@ -54,13 +57,14 @@ The table shows the minimum requirements for each deployment. For key trust in a
| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),<br> and</br>Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter |
| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/3rd Party MFA Adapter |
| Azure Account | Azure Account | Azure Account | Azure Account |
| Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory |
| Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect |
| Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
### On-premises Deployments
The table shows the minimum requirements for each deployment.
| Key trust </br> Group Policy managed | Certificate trust </br> Group Policy managed|
@ -71,8 +75,8 @@ The table shows the minimum requirements for each deployment.
| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) |
| AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter |
| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
| Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
>[!IMPORTANT]
> For Windows Hello for Business deployment, if you have several domains, at least one Windows Server Domain Controller 2016 is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).
> For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).

4
windows/security/identity-protection/smart-cards/smart-card-events.md
View File

@ -97,14 +97,14 @@ The smart card reader device name is constructed in the form &lt;*VendorName*&gt
| 607 | Reader object failed to start monitor thread:  %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 608 | Reader monitor failed to create power down timer: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 609 | Reader monitor failed to create overlapped event:  %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 610 | Smart Card Reader '%2' rejected IOCTL %3: %1  If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card |
| 610 | Smart Card Reader '%2' rejected IOCTL %3: %1 If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This is a benign error that does not affect end use of a smart card and can be ignored.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card |
| 611 | Smart Card Reader initialization failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue. |
| 612 | Reader insertion monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 615 | Reader removal monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 616 | Reader monitor '%2' received uncaught error code:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code<br>%2 = Reader name |
| 617 | Reader monitor '%1' exception -- exiting thread | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Smart card reader name |
| 618 | Smart Card Resource Manager encountered an unrecoverable internal error. | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 621 | Server Control failed to access start event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 621 | Server Control failed to access start event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. This error may also occur if the event is queried before the smart card service is ready. In this case the error is benign and can be ignored.<br>%1 = Windows error code |
| 622 | Server Control failed to access stop event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
## Smart card Plug and Play events

3
windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
View File

@ -49,6 +49,9 @@ The recovery process included in this topic only works for desktop devices. WIP
4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune-azure.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md).
> [!NOTE]
> This certificate can be used in Intune for policies both _with_ device enrollment (MDM) and _without_ device enrollment (MAM).
## Verify your data recovery certificate is correctly set up on a WIP client computer
1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so its encrypted by WIP.

11
windows/security/threat-protection/TOC.md
View File

@ -9,7 +9,7 @@
#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
#### [Configuration score](microsoft-defender-atp/configuration-score.md)
#### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
#### [Remediation](microsoft-defender-atp/tvm-remediation.md)
#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
#### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
#### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
@ -122,10 +122,13 @@
##### [NetworkCommunicationEvents](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md)
##### [ProcessCreationEvents](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md)
##### [RegistryEvents](microsoft-defender-atp/advanced-hunting-registryevents-table.md)
##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Stream Advanced hunting events to Azure Event Hubs](microsoft-defender-atp/raw-data-export-event-hub.md)
#### [Custom detections]()
##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
@ -317,8 +320,12 @@
##### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md)
#### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md)
#### [Configure Microsoft Defender ATP for Mac]()
##### [Configure and validate exclusions](windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md)
##### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md)
##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/microsoft-defender-atp-mac-pua.md)
#### [Troubleshoot Microsoft Defender ATP for Mac]()
##### [Troubleshoot performance issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md)
##### [Troubleshoot kernel extension issues](windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md)
#### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md)
#### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md)

4
windows/security/threat-protection/index.md
View File

@ -1,7 +1,7 @@
---
title: Threat Protection (Windows 10)
description: Learn how Microsoft Defender ATP helps protect against threats.
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting, cyber threat hunting
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting, cyber threat hunting, web threat protection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -64,7 +64,7 @@ The attack surface reduction set of capabilities provide the first line of defen
- [Application control](windows-defender-application-control/windows-defender-application-control.md)
- [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
- [Exploit protection](microsoft-defender-atp/exploit-protection.md)
- [Network protection](microsoft-defender-atp/network-protection.md), [Web protection](microsoft-defender-atp/web-protection-overview.md)
- [Network protection](microsoft-defender-atp/network-protection.md), [web protection](microsoft-defender-atp/web-protection-overview.md)
- [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
- [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -25,6 +25,8 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.
## Schema tables
@ -45,6 +47,10 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| **[LogonEvents](advanced-hunting-logonevents-table.md)** | Sign-ins and other authentication events |
| **[ImageLoadEvents](advanced-hunting-imageloadevents-table.md)** | DLL loading events |
| **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Vulnerabilities in your software inventory |
| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Publicly-available vulnerabilities and whether they exist in your software inventory |
| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Security configuration assessment information |
| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-tvm-secureconfigkb-table.md)** | Basis of security configuration assessment such as security industry standards and benchmarks |
## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md)

53
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md Normal file
View File

@ -0,0 +1,53 @@
---
title: DeviceTvmSecureConfigurationAssessment table in the Advanced hunting schema
description: Learn about the DeviceTvmSecureConfigurationAssessment table in the Advanced hunting schema, such as machine ID, computer name, operating system platform, security configuration details, impact, and compliance information.
keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query security configuration, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, DeviceTvmSecureConfigurationAssessment
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/27/2019
---
# DeviceTvmSecureConfigurationAssessment
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
Each row in the DeviceTvmSecureConfigurationAssessment table contains an assessment event for a specific security configuration. Use this reference to check the latest assessment results and determine whether device are compliant.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
| MachineId | string | Unique identifier for the machine in the service |
| ComputerName | string | Fully qualified domain name (FQDN) of the machine |
| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
| Timestamp | datetime |Date and time when the record was generated|
| ConfigurationId | string | Unique identifier for a specific configuration |
| ConfigurationCategory | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
| ConfigurationSubcategory | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
| ConfigurationImpact | string | Rated impact of the configuration to the overall configuration score (1-10) |
| IsCompliant | boolean | Indicates whether the configuration or policy is properly configured |
## Related topics
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
- [Query data using Advanced hunting](advanced-hunting.md)

53
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md Normal file
View File

@ -0,0 +1,53 @@
---
title: DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema
description: Learn about the DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema, security configuration details, and the associated industry benchmarks that it adheres to.
keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query security configuration, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, MITRE ATT&CK framework, DeviceTvmSecureConfigurationAssessmentKB
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/27/2019
---
# DeviceTvmSecureConfigurationAssessmentKB
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
The DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema contains information about the various secure configuration TVM checks during assessments related to your organization. An example of a security configuration is to block JavaScript or VBScript from launching downloaded executable content to prevent accidentally downloading malicious files in your network. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
| ConfigurationId | string | Unique identifier for a specific configuration |
| ConfigurationImpact | string | Rated impact of the configuration to the overall configuration score (1-10) |
| ConfigurationName | string | Display name of the configuration |
| ConfigurationDescription | string | Description of the configuration |
| RiskDescription | string | Description of the associated risk |
| ConfigurationCategory | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
| ConfigurationSubcategory | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
| ConfigurationBenchmarks | string | List of industry benchmarks recommending the same or similar configuration |
| RelatedMitreTechniques | string | List of Mitre ATT&CK framework techniques related to the configuration |
| RelatedMitreTactics | string | List of Mitre ATT&CK framework tactics related to the configuration|
## Related topics
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
- [Query data using Advanced hunting](advanced-hunting.md)

56
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md Normal file
View File

@ -0,0 +1,56 @@
---
title: DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema
description: Learn about the DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema, such as operating system platform, version, and architecture, software vendor, name, and version, CVE ID, vulnerability severity, and descriptions
keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query software inventory, query software vulnerability inventory, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, DeviceTvmSoftwareInventoryVulnerabilities
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/27/2019
---
# DeviceTvmSoftwareInventoryVulnerabilities
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains an inventory of the software on your devices as well as any known vulnerabilities in the software products. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
| MachineId | string | Unique identifier for the machine in the service |
| ComputerName | string | Fully qualified domain name (FQDN) of the machine |
| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
| OSVersion | string | Version of the operating system running on the machine |
| OSArchitecture | string | Architecture of the operating system running on the machine|
| SoftwareVendor | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
| SoftwareName | string | Name of the software product|
|SoftwareVersion | string | Version number of the software product|
| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system|
| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
## Related topics
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
- [Query data using Advanced hunting](advanced-hunting.md)

51
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md Normal file
View File

@ -0,0 +1,51 @@
---
title: DeviceTvmSoftwareVulnerabilitiesKB table in the Advanced hunting schema
description: Learn about the DeviceTvmSoftwareVulnerabilitiesKB table in the Advanced hunting schema, such as CVE ID, CVSS score, exploit availability, vulnerability severity, last modified time, date the vulnerability was disclosed to public, and affected software in your network.
keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query software vulnerability inventory, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, DeviceTvmSoftwareVulnerabilitiesKB
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/27/2019
---
# DeviceTvmSoftwareVulnerabilitiesKB
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains information about the vulnerabilities Threat & Vulnerability Management assesses devices for. Use this reference along with DeviceTvmSoftwareInventoryVulnerabilities to construct queries that return information on the metadata related to the vulnerabilities in your inventory.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system|
| CvssScore | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS)|
| IsExploitAvailable | boolean | Indicates whether exploit code for the vulnerability is publicly available|
| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
| LastModifiedTime | datetime | Date and time the item or related metadata was last modified|
| PublishedDate | datetime | Date vulnerability was disclosed to public|
| VulnerabilityDescription | string | Description of vulnerability and associated risks|
| AffectedSoftware | string | List of all software products affected by the vulnerability|
## Related topics
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
- [Query data using Advanced hunting](advanced-hunting.md)

4
windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
View File

@ -60,7 +60,7 @@ See how you can [improve your security configuration](https://docs.microsoft.com
>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
>
>To download the security updates:
>1. Go to [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx).
>1. Go to [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/home.aspx).
>2. Key-in the security update KB number that you need to download, then click **Search**.
## Related topics
@ -68,7 +68,7 @@ See how you can [improve your security configuration](https://docs.microsoft.com
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)

8
windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
View File

@ -33,10 +33,10 @@ The topics in this section describe how to configure attack surface reduction. E
Topic | Description
-|-
[Enable hardware-based isolation for Microsoft Edge](../windows-defender-application-guard/install-wd-app-guard.md) | How to preprare for and install Application Guard, including hardware and softeware requirements
[Enable application control](../windows-defender-application-control/windows-defender-application-control.md)|How to control applications run by users and potect kernel mode processes
[Enable hardware-based isolation for Microsoft Edge](../windows-defender-application-guard/install-wd-app-guard.md) | How to prepare for and install Application Guard, including hardware and software requirements
[Enable application control](../windows-defender-application-control/windows-defender-application-control.md)|How to control applications run by users and protect kernel mode processes
[Exploit protection](./enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
[Network protection](./enable-network-protection.md)|How to prevent users from using any apps to acces dangerous domains
[Network protection](./enable-network-protection.md)|How to prevent users from using any apps to access dangerous domains
[Controlled folder access](./enable-controlled-folders.md)|How to protect valuable data from malicious apps
[Attack surface reduction](./enable-attack-surface-reduction.md)|How to prevent actions and apps that are typically used for by exploit-seeking malware
[Attack surface reduction](./enable-attack-surface-reduction.md)|How to prevent actions and apps that are typically used by exploit-seeking malware
[Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)|How to protect devices and data across a network

14
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -141,7 +141,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
1. Download the [connectivity verification tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on.
2. Extract the contents of WDATPConnectivityAnalyzer on the machine.
2. Extract the contents of MDATPClientAnalyzer on the machine.
3. Open an elevated command-line:
@ -152,19 +152,19 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
4. Enter the following command and press **Enter**:
```PowerShell
HardDrivePath\WDATPConnectivityAnalyzer.cmd
HardDrivePath\MDATPClientAnalyzer.cmd
```
Replace *HardDrivePath* with the path where the WDATPConnectivityAnalyzer tool was downloaded to, for example
Replace *HardDrivePath* with the path where the MDATPClientAnalyzer tool was downloaded to, for example
```PowerShell
C:\Work\tools\WDATPConnectivityAnalyzer\WDATPConnectivityAnalyzer.cmd
C:\Work\tools\MDATPClientAnalyzer\MDATPClientAnalyzer.cmd
```
5. Extract the *WDATPConnectivityAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
5. Extract the *MDATPClientAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. <br><br>
The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP services. For example:
6. Open *MDATPClientAnalyzerResult.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. <br><br>
The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP services. For example:
```text
Testing URL : https://xxx.microsoft.com/xxx

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancellation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-confirmation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-dashboard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-details.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-dropdown.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-filters.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 63 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-flyout.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-impact.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-granular-exploit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-threat-insights.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 64 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-weaknesses-page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm_alert_icon.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm_bug_icon.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 1.1 KiB

2
windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
View File

@ -37,7 +37,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
- Windows 10 Enterprise E5
- Windows 10 Education E5
- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
- Microsoft 365 E3 (M365 E3) with Identity and Threat Protection package
For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare).

2
windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
View File

@ -62,7 +62,7 @@ Microsoft Defender ATPs Threat & Vulnerability Management allows security adm
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)

6
windows/security/threat-protection/microsoft-defender-atp/preview.md
View File

@ -46,6 +46,12 @@ The following features are included in the preview release:
- [Threat & Vulnerability Management Report inaccuracy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy) <BR> You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy), [software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory#report-inaccuracy), and [discovered vulnerabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses#report-inaccuracy).
- [Threat & Vulnerability Management Advanced Hunting Schemas](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table) <BR> You can now use the Threat & Vulnerability Management tables in the Advanced hunting schema to query about software inventory, vulnerability knowledgebase, security configuration assessment, and security configuration knowledgebase.
- [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) <BR> You can now use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions.
- [Threat & Vulnerability Management granular exploit details](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) <BR> You can now see a comprehensive set of details on the vulnerabilities found in your machine to give you informed decision on your next steps. The threat insights icon now shows more granular details, such as if the exploit is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has associated zero-day exploitation news, disclosures, or related security advisories.
- [Machine health and compliance report](machine-reports.md) The machine health and compliance report provides high-level information about the devices in your organization.
- [Information protection](information-protection-in-windows-overview.md)<BR>

32
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -143,12 +143,40 @@ When an exception is created for a recommendation, the recommendation is no long
2. Click the top-most recommendation. A flyout panel opens with the recommendation details.
3. Click **Exception options**.
![Screenshot of the exception option in the remediation flyout pane](images/tvm-exception-option.png)
4. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
> ![Screenshot of exception flyout page which details justification and context](images/tvm-exception-flyout.png)
5. Click **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
![Screenshot of exception confirmation message](images/tvm-exception-confirmation.png)
6. Navigate to the **Remediation** page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past).
![Screenshot of exception list of exceptions in the Remediation page](images/tvm-exception-list.png)
## Use Advanced hunting query to search for machines with High active alerts or critical CVE public exploit
1. Go to **Advanced hunting** from the left-hand navigation pane.
2. Scroll down to the TVM advanced hunting schemas to familiarize yourself with the column names.
3. Enter the following queries:
```
// Search for machines with High active alerts or Critical CVE public exploit
DeviceTvmSoftwareInventoryVulnerabilities
| join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId
| where IsExploitAvailable == 1 and CvssScore >= 7
| summarize NumOfVulnerabilities=dcount(CveId),
ComputerName=any(ComputerName) by MachineId
| join kind =inner(AlertEvents) on MachineId
| summarize NumOfVulnerabilities=any(NumOfVulnerabilities),
ComputerName=any(ComputerName) by MachineId, AlertId
| project ComputerName, NumOfVulnerabilities, AlertId
| order by NumOfVulnerabilities desc
```
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
@ -156,6 +184,8 @@ When an exception is created for a recommendation, the recommendation is no long
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)

4
windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
View File

@ -53,7 +53,7 @@ Area | Description
(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, **Software inventory**, and **Weaknesses**.
**Dashboards** | Get a high-level view of the organization exposure score, organization configuration score, machine exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed machines data.
**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list, a flyout panel opens with vulnerability details, open the software page, see the remediation, and exception options. You can also open a ticket in Intune if your machines are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP. See [Security recommendations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) for more information.
**Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV, and active exceptions. See [Remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation) for more information.
**Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV, and active exceptions. See [Remediation and exception](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation) for more information.
**Software inventory** | See the list of applications, versions, weaknesses, whether theres an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected machine, version distribution details, and missing KBs or security updates. See [Software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) for more information.
**Weaknesses** | See the list of common vulnerabilities and exposures, the severity, its common vulnerability scoring system (CVSS) V3 score, related software, age, when it was published, related threat alerts, and how many exposed machines are there. You can select each item in the list and it opens a flyout panel with the vulnerability description and other details. See [Weaknesses](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) for more information.
(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, and **Top exposed machines**.
@ -73,7 +73,7 @@ See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/t
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)

2
windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
View File

@ -42,7 +42,7 @@ Reduce the exposure score by addressing what needs to be remediated based on the
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)

61
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -1,6 +1,6 @@
---
title: Remediation
description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
title: Remediation and exception
description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations or filing exceptions provided there are compensation controls. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/11/2019
---
# Remediation
# Remediation and exception
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -47,11 +47,62 @@ When you submit a remediation request from Threat & Vulnerability Management, it
It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation** page, and it also creates a remediation ticket in Microsoft Intune.
You also have the option to export all remediation activity data to CSV for records, reporting purposes, or if you want to notify your IT administration counterpart that a remediation ticket has been submitted.
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
However, if the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The exceptions you've filed will also show up in the **Remediation** page, in the **Exceptions** tab.
## When to file for exception instead of remediating issues
You can file exceptions to exclude certain recommendation from showing up in reports and affecting risk scores or secure scores.
When you select a security recommendation, it opens up a flyout screen with details and options for your next step. You can either **Open software page**, choose from **Remediation options**, go through **Exception options** to file for exceptions, or **Report inaccuracy**.
Select **Exception options** and a flyout screen opens.
![Screenshot of exception flyout screen](images/tvm-exception-flyout.png)
### Exception justification
If the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The following list details the justifications behind the exception options:
- **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall - - prevents access to a machine, third party antivirus
- **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow
- **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive
- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
- **Other** - False positive
![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
### Exception visibility
The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab.
However, you also have the option to filter your view based on exception justification, type, and status.
![Screenshot of exception tab and filters](images/tvm-exception-filters.png)
Aside from that, there's also an option to **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard.
![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard](images/tvm-exception-dashboard.png)
Clicking the link opens up to the **Security recommendations** page, where you can select the item exempted item with details.
![Screenshot of exception details in the Security recommendation page](images/tvm-exception-details.png)
### Actions on exceptions
- Cancel - You can cancel the exceptions you've filed any time
- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
### Exception status
- **Canceled** - The exception has been canceled and is no longer in effect
- **Expired** - The exception that you've filed is no longer in effect
- **In effect** - The exception that you've filed is in progress
### Exception impact on scores
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Secure Score (for configurations) of your organization in the following manner:
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Secure Score results out of the exception option that you made
The exception impact shows on both the Security recommendations page column and in the flyout pane.
![Screenshot of where to find the exception impact](images/tvm-exception-impact.png)
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

4
windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
View File

@ -79,14 +79,12 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Remediation](tvm-remediation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)

Some files were not shown because too many files have changed in this diff Show More