deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into atp-tb-troubleshoot-onboarding-setup

Browse Source
This commit is contained in:
Tanya Bittenmaster 2017-09-27 10:13:55 -04:00
commit dfb77aae65
80 changed files with 957 additions and 564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
browsers/edge/Index.md
View File

@ -23,7 +23,7 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e
Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!Note]
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892).
>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847).
>Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area.
@ -59,7 +59,9 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an
## Related topics
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956)
- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)

5
browsers/edge/change-history-for-microsoft-edge.md
View File

@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for
For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
## September 2017
|New or changed topic | Description |
|---------------------|-------------|
|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New |
## February 2017
|New or changed topic | Description |
|----------------------|-------------|

1
browsers/edge/microsoft-edge-faq.md
View File

@ -7,6 +7,7 @@ ms.prod: edge
ms.mktglfcycl: general
ms.sitesec: library
ms.localizationpriority: high
ms.date: 09/07/2017
---
# Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros

25
devices/surface/deploy-surface-app-with-windows-store-for-business.md
View File

@ -1,6 +1,6 @@
---
title: Deploy Surface app with Microsoft Store for Business or Microsoft Store for Education (Surface)
description: Find out how to add and download Surface app with Windows Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT.
description: Find out how to add and download Surface app with Microsoft Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT.
keywords: surface app, app, deployment, customize
ms.prod: w10
ms.mktglfcycl: deploy
@ -31,7 +31,7 @@ The Surface app is a lightweight Windows Store app that provides control of many
* Quick access to support documentation and information for your device
If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Windows Store for Business.
If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Microsoft Store for Business.
##Surface app overview
@ -45,11 +45,11 @@ Before users can install or deploy an app from a companys Microsoft Store for
2. Log on to the portal.
3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).<br/> <br/>
3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).<br/> <br/>
![Show offline licenses apps checkbox](images/deploysurfapp-figure1-enablingapps.png "Show offline licenses apps checkbox")<br/>
*Figure 1. Enable apps for offline use*
4. Add Surface app to your Micrososft Store for Business account by following this procedure:
4. Add Surface app to your Microsoft Store for Business account by following this procedure:
* Click the **Shop** menu.
* In the search box, type **Surface app**, and then click the search icon.
* After the Surface app is presented in the search results, click the apps icon.
@ -68,9 +68,9 @@ Before users can install or deploy an app from a companys Microsoft Store for
* Click **OK**.
##Download Surface app from a Microsoft Store for Business account
After you add an app to the Windows Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share.
After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share.
1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com.
2. Click **Manage->Apps & software**. A list of all of your companys apps is displayed, including the Surface app you added in the [Add Surface app to a Windows Store for Business account](#add-surface-app-to-a-windows-store-for-business-account) section of this article.
2. Click **Manage->Apps & software**. A list of all of your companys apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article.
3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app.
4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4.
@ -78,7 +78,7 @@ After you add an app to the Windows Store for Business account in Offline mode,
*Figure 4. Download the AppxBundle package for an app*
5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because youll need that later in this article.
6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Imaging and Configuration Designer (Windows ICD). Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because youll need that later in this article.
>[!NOTE]
@ -102,9 +102,12 @@ To download the required frameworks for the Surface app, follow these steps:
##Install Surface app on your computer with PowerShell
The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards.
1. Using the procedure described in the [How to download Surface app from a Windows Store for Business account](#download-surface-app-from-a-windows-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
2. Begin an elevated PowerShell session.
>**Note:**&nbsp;&nbsp;If you dont run PowerShell as an Administrator, the session wont have the required permissions to install the app.
>[!NOTE]
>If you dont run PowerShell as an Administrator, the session wont have the required permissions to install the app.
3. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online PackagePath <DownloadPath>\ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle LicensePath <DownloadPath>\ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
@ -118,7 +121,9 @@ The following procedure provisions the Surface app onto your computer and makes
```
4. The Surface app will now be available on your current Windows computer.
Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app.
5. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage Online SkipLicense PackagePath <DownloadPath>\Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
@ -130,7 +135,7 @@ Before the Surface app is functional on the computer where it has been provision
##Install Surface app with MDT
The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image.
1. Using the procedure described [earlier in this article](#download-surface-app-from-a-windows-store-for-business-account), download the Surface app AppxBundle and license file.
1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file.
2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:

6
education/windows/change-history-edu.md
View File

@ -15,6 +15,12 @@ ms.date: 08/01/2017
This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
## September 2017
| New or changed topic | Description |
| --- | ---- |
| [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) | Updated the prerequisites to provide more clarification. |
## August 2017
| New or changed topic | Description |

7
education/windows/use-set-up-school-pcs-app.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: high
author: CelesteDG
ms.author: celested
ms.date: 08/01/2017
ms.date: 09/18/2017
---
# Use the Set up School PCs app
@ -103,7 +103,10 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the
- [Download the latest Set up School PCs app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
- Install the app on your work PC and make sure you're connected to your school's network.
- You must be an administrator on Office 365 and Azure Active Directory, and have Microsoft Store for Education configured. It's best if you sign up for and configure Intune for Education before using the Set up School PCs app.
- You must have Office 365 and Azure Active Directory.
- You must have the Microsoft Store for Education configured.
- You must be a global admin, store admin, or purchaser in the Microsoft Store for Education.
- It's best if you sign up for and [configure Intune for Education](../get-started/use-intune-for-education.md) before using the Set up School PCs app.
- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office.
## Set up School PCs step-by-step

20
store-for-business/add-profile-to-devices.md
View File

@ -7,21 +7,21 @@ ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.date: 07/05/2107
ms.date: 09/12/2017
ms.localizationpriority: high
---
# Manage Windows device deployment with Windows AutoPilot Deployment
**Applies to**
- Windows 10
> [!IMPORTANT]
> This topic has been updated to reflect the latest functionality, which we are releasing to customers in stages. You may not see all of the options described here until you receive the update.
Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot).
Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business.
<iframe width="560" height="315" src="https://www.youtube.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>
## What is Windows AutoPilot Deployment Program?
In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device.
@ -54,9 +54,13 @@ To manage devices through Microsoft Store for Business and Education, you'll nee
### Device information file format
Columns in the device information file need to use this naming and be in this order:
- Column 1: Device Serial Number
- Column 2: Windows Product ID
- Column 3: Hardware Hash
- Column A: Device Serial Number
- Column B: Windows Product ID
- Column C: Hardware Hash
Here's a sample device information file:
![Notepad file showing example entries for Column A (Device Serial Number), Column B (Windows Product ID), and Column C (Hardware Hash).](images/msfb-autopilot-csv.png)
When you add devices, you need to add them to an *AutoPilot deployment group*. Use these groups to apply AutoPilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group.

BIN
store-for-business/images/autopilot-process.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.1 KiB

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
store-for-business/images/msfb-autopilot-csv.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.3 KiB

4
windows/access-protection/hello-for-business/hello-planning-guide.md
View File

@ -160,9 +160,9 @@ If your organization does not have cloud resources, write **On-Premises** in box
Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers.
One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end enetity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust).
One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust).
Because the certificate trust tyoes issues certificates, there is more configuration and infrastrucutre needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificatat-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates.
Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates.
If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**.

3
windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
View File

@ -1,7 +1,6 @@
---
title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10)
description: Windows Defender Firewall with Advanced Security
Design Guide
description: Windows Defender Firewall with Advanced Security Design Guide
ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
ms.prod: w10
ms.mktglfcycl: deploy

1
windows/application-management/TOC.md
View File

@ -101,5 +101,6 @@
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## [Service Host process refactoring](svchost-service-refactoring.md)
## [Per-user services in Windows](per-user-services-in-windows.md)
## [Understand apps in Windows 10](apps-in-windows-10.md)
## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
## [Change history for Application management](change-history-for-application-management.md)

153
windows/application-management/apps-in-windows-10.md Normal file
View File

@ -0,0 +1,153 @@
---
title: Windows 10 - Apps
description: What are Windows, UWP, and Win32 apps
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
ms.author: elizapo
author: lizap
ms.localizationpriority: low
ms.date: 09/15/2017
---
# Understand the different apps included in Windows 10
The following types of apps run on Windows 10:
- Windows apps - introduced in Windows 8, primarily installed from the Store app.
- Universal Windows Platform (UWP) apps - designed to work across platforms, can be installed on multiple platforms including Windows client, Windows Phone, and Xbox. All UWP apps are also Windows apps, but not all Windows apps are UWP apps.
- "Win32" apps - traditional Windows applications, built for 32-bit systems.
Digging into the Windows apps, there are two categories:
- System apps - Apps that are installed in the c:\Windows\* directory. These apps are integral to the OS.
- Apps - All other apps, installed in c:\Program Files\WindowsApps. There are two classes of apps:
- Provisioned: Installed the first time you sign into Windows. You'll see a tile or Start menu item for these apps, but they aren't installed until the first sign-in.
- Installed: Installed as part of the OS.
The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1511, 1607, and 1703, and indicate whether an app can be uninstalled through the UI.
Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running.
> [!TIP]
> Want to see a list of the apps installed on your specific image? You can run the following PowerShell cmdlet:
> ```powershell
> Get-AppxPackage |Select Name,PackageFamilyName
> Get-AppsProvisionedPackage -Online | select DisplayName,PackageName
> ```
## System apps
System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1511, 1607, and 1703.
| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? |
|------------------|-------------------------------------------|------|------|------|--------------------------------------------------------|
| Cortana UI | CortanaListenUIApp | | | x | No |
| | Desktop Learning | | | x | No |
| | DesktopView | | | x | No |
| | EnvironmentsApp | | | x | No |
| Mixed Reality + | HoloCamera | | | x | No |
| Mixed Reality + | HoloItemPlayerApp | | | x | No |
| Mixed Reality + | HoloShell | | | x | No |
| | Microsoft.AAD.Broker.Plugin | x | x | x | No |
| | Microsoft.AccountsControl | x | x | x | No |
| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No |
| | Microsoft.CredDialogHost | | | x | No |
| | Microsoft.LockApp | x | x | x | No |
| Microsoft Edge | Microsoft.Microsoft.Edge | x | x | x | No |
| | Microsoft.PPIProjection | | x | x | No |
| | Microsoft.Windows. Apprep.ChxApp | | x | x | No |
| | Microsoft.Windows. AssignedAccessLockApp | x | x | x | No |
| | Microsoft.Windows. CloudExperienceHost | x | x | x | No |
| | Microsoft.Windows. ContentDeliveryManager | x | x | x | No |
| Cortana | Microsoft.Windows.Cortana | x | x | x | No |
| | Microsoft.Windows. Holographic.FirstRun | | | x | No |
| | Microsoft.Windows. ModalSharePickerHost | | | x | No |
| | Microsoft.Windows. OOBENetworkCaptivePort | | | x | No |
| | Microsoft.Windows. OOBENetworkConnection | | | x | No |
| | Microsoft.Windows. ParentalControls | x | x | x | No |
| | Microsoft.Windows. SecHealthUI | | | x | No |
| | Microsoft.Windows. SecondaryTileExperience | x | x | x | No |
| | Microsoft.Windows. SecureAssessmentBrowser | | x | x | No |
| Start | Microsoft.Windows. ShellExperienceHost | x | x | x | No |
| Windows Feedback | Microsoft.WindowsFeedback | x | * | * | No |
| | Microsoft.XboxGameCallableUI | x | x | x | No |
| Xbox logon UI | Microsoft.XboxIdentityProvider | x | | | No |
| Contact Support | Windows.ContactSupport | x | x* | x* | In 1511, no.* |
| | Windows.Devicesflow | x | | | No |
| Settings | Windows.ImmersiveControlPanel | x | x | x | No |
| Connect | Windows.MiracastView | x | x | x | No |
| Print UI | Windows.PrintDialog | x | x | x | No |
| Purchase UI | Windows.PurchaseDialog | x | | | No |
> [!NOTE]
> - The Windows Feedback app changed to the Windows Feedback Hub in version 1607. It's listed in the installed apps table below.
> - As of Windows 10 version 1607, you can use the Optional Features app to uninstall the Contact Support app.
## Installed Windows apps
Here are the typical installed Windows apps in Windows 10 versions 1511, 1607, and 1703.
| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? |
|--------------------|-----------------------------------------|------|------|------|---------------------------|
| Remote Desktop | Microsoft.RemoteDesktop | | x | x | Yes |
| PowerBI | Microsoft.Microsoft PowerBIforWindows | | x | x | Yes |
| Candy Crush | king.com.CandyCrushSodaSaga | x | | | Yes |
| Code Writer | ActiproSoftwareLLC.562882FEEB491 | | x | x | Yes |
| Eclipse Manager | 46928bounde.EclipseManager | | x | x | Yes |
| Pandora | PandoraMediaInc.29680B314EFC2 | | x | x | Yes |
| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | | x | x | Yes |
| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | | | x | Yes |
| Network Speed Test | Microsoft.NetworkSpeedTest | | x | x | Yes |
| Paid Wi-FI | | x | | | Yes |
| Skype Video | | x | | | Yes |
| Twitter | | x | | | Yes |
| PicArts | | x | | | Yes |
| Minecraft | | x | | | Yes |
| Flipboard | | x | | | Yes |
## Provisioned Windows apps
Here are the typical provisioned Windows apps in Windows 10 versions 1511, 1607, and 1703.
| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? |
|---------------------------------|----------------------------------------|------|------|------|---------------------------|
| 3D Builder | Microsoft.3DBuilder | x | | x | Yes |
| App Connector | Microsoft.Appconnector | x | | | Yes, through Settings app |
| Money | Microsoft.BingFinance | x | | | Yes |
| News | Microsoft.BingNews | x | * | * | Yes |
| Sports | Microsoft.BingSports | x | | | Yes |
| Weather | Microsoft.BingWeather | x | x | x | No |
| Phone Companion | Microsoft.CommsPhone | x | | | Yes |
| | Microsoft.ConnectivityStore | x | | | No |
| | Microsoft.DesktopAppInstaller | | x | x | Yes, through Settings app |
| Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes |
| Messaging | Microsoft.Messaging | x | x | x | No |
| Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | | | x | No |
| Get Office | Microsoft.MicrosoftOfficeHub | x | x | x | Yes |
| Solitaire | Microsoft.Microsoft SolitaireCollection | x | x | x | Yes |
| Sticky Notes | Microsoft.MicrosoftStickyNotes | | x | x | No |
| OneNote | Microsoft.Office.OneNote | x | x | x | No |
| Sway | Microsoft.Office.Sway | x | * | * | Yes |
| | Microsoft.OneConnect | | x | x | No |
| Paint 3D | Microsoft.MSPaint | | | x | No |
| People | Microsoft.People | x | x | x | No |
| Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes |
| | Microsoft.StorePurchaseApp | | x | x | No |
| | Microsoft.Wallet | | | x | No |
| Photos | Microsoft.Windows.Photos | x | x | x | No |
| Alarms & Clock | Microsoft.WindowsAlarms | x | x | x | No |
| Calculator | Microsoft.WindowsCalculator | x | x | x | No |
| Camera | Microsoft.WindowsCamera | x | x | x | No |
| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No |
| Feedback Hub | Microsoft.WindowsFeedbackHub | * | x | x | Yes |
| Maps | Microsoft.WindowsMaps | x | x | x | No |
| Phone | Microsoft.WindowsPhone | x | | | No |
| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No |
| Store | Microsoft.WindowsStore | x | x | x | No |
| Xbox | Microsoft.XboxApp | x | x | x | No |
| | Microsoft.XboxGameOverlay | | | x | No |
| | Microsoft.XboxIdentityProvider | * | x | x | No |
| Groove | Microsoft.ZuneMusic | x | x | x | No |
| Movies & TV | Microsoft.ZuneVideo | x | x | x | No |
| | Microsoft.XboxSpeech ToTextOverlay | | | x | No |
> [!NOTE]
> - As of Windows 10, version 1607, News and Sway are installed apps.
> - Both Feedback Hub and Microsoft.XboxIdentityProvider were installed apps in version 1511 and provisioned apps in versions 1607 and later.

4
windows/application-management/change-history-for-application-management.md
View File

@ -8,6 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
ms.date: 09/15/2017
---
# Change history for Configure Windows 10
@ -17,7 +18,8 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
## September 2017
| New or changed topic | Description |
| --- | --- |
| [Per-user services in Windows](per-user-services-in-windows.md) | New |
| [Per-user services in Windows 10](per-user-services-in-windows.md) | New |
| [Understand the different apps included in Windows 10](apps-in-windows-10.md) | New |
## July 2017
| New or changed topic | Description |

3
windows/application-management/index.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
ms.date: 09/15/2017
---
# Windows 10 application management
@ -20,5 +21,7 @@ Learn about managing applications in Windows 10 and Windows 10 Mobile clients.
|---|---|
|[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications|
|[Sideload apps in Windows 10](sideload-apps-in-windows-10.md)| Requirements and instructions for side-loading LOB applications on Windows 10 and Windows 10 Mobile clients|
|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016|
|[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise|
| [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10 |
| [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile |

7
windows/client-management/mdm/TOC.md
View File

@ -17,9 +17,9 @@
## [Enterprise app management](enterprise-app-management.md)
## [Device update management](device-update-management.md)
## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md)
## [Management tool for the Windows Store for Business](management-tool-for-windows-store-for-business.md)
### [REST API reference for Windows Store for Business](rest-api-reference-windows-store-for-business.md)
#### [Data structures for Windows Store for Business](data-structures-windows-store-for-business.md)
## [Management tool for the Micosoft Store for Business](management-tool-for-windows-store-for-business.md)
### [REST API reference for Micosoft Store for Business](rest-api-reference-windows-store-for-business.md)
#### [Data structures for Micosoft Store for Business](data-structures-windows-store-for-business.md)
#### [Get Inventory](get-inventory.md)
#### [Get product details](get-product-details.md)
#### [Get localized product details](get-localized-product-details.md)
@ -202,6 +202,7 @@
#### [Experience](policy-csp-experience.md)
#### [ExploitGuard](policy-csp-exploitguard.md)
#### [Games](policy-csp-games.md)
#### [Handwriting](policy-csp-handwriting.md)
#### [InternetExplorer](policy-csp-internetexplorer.md)
#### [Kerberos](policy-csp-kerberos.md)
#### [Licensing](policy-csp-licensing.md)

4
windows/client-management/mdm/applocker-csp.md
View File

@ -266,9 +266,9 @@ FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corp
You can get the publisher name and product name of apps using a web API.
**To find publisher and product name for Microsoft apps in Windows Store for Business**
**To find publisher and product name for Microsoft apps in Microsoft Store for Business**
1. Go to the Windows Store for Business website, and find your app. For example, Microsoft OneNote.
1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote.
2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https:<span><\span>//www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**.
3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.

4
windows/client-management/mdm/assign-seats.md
View File

@ -1,6 +1,6 @@
---
title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Windows Store for Business.
description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business.
ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Assign seat
The **Assign seat** operation assigns seat for a specified user in the Windows Store for Business.
The **Assign seat** operation assigns seat for a specified user in the Microsoft Store for Business.
## Request

4
windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
View File

@ -1,6 +1,6 @@
---
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Windows Store for Business.
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Bulk assign and reclaim seats from users
The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Windows Store for Business.
The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Microsoft Store for Business.
## Request

6
windows/client-management/mdm/data-structures-windows-store-for-business.md
View File

@ -1,5 +1,5 @@
---
title: Data structures for Windows Store for Business
title: Data structures for Microsoft Store for Business
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
@ -13,10 +13,10 @@ author: nickbrower
ms.date: 06/19/2017
---
# Data structures for Windows Store for Business
# Data structures for Microsoft Store for Business
Here's the list of data structures used in the Windows Store for Business REST APIs:
Here's the list of data structures used in the Microsoft Store for Business REST APIs:
- [AlternateIdentifier](#alternateidentifier)
- [BulkSeatOperationResultSet](#bulkseatoperationresultset)

2
windows/client-management/mdm/enterprise-app-management.md
View File

@ -18,7 +18,7 @@ This topic covers one of the key mobile device management (MDM) features in Wind
Windows 10 offers the ability for management servers to:
- Install apps directly from the Windows Store for Business
- Install apps directly from the Microsoft Store for Business
- Deploy offline Store apps and licenses
- Deploy line-of-business (LOB) apps (non-Store apps)
- Inventory all apps for a user (Store and non-Store apps)

2
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -68,7 +68,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic
- PackageDetails - returns all inventory attributes of the package. This includes all information from PackageNames parameter, but does not validate RequiresReinstall.
- RequiredReinstall - Validates the app status of the apps in the inventory query to determine if they require a reinstallation. This attribute may impact system performance depending on the number of apps installed. Requiring reinstall occurs when resource package updates or when the app is in a tampered state.
- Source - specifies the app classification that aligns to the existing inventory nodes. You can use a specific filter or if no filter is specified then all sources will be returned. If no value is specified, all classifications are returned. Valid values are:
- AppStore - This classification is for apps that were acquired from Windows Store. These were apps directly installed from Windows Store or enterprise apps from Windows Store for Business.
- AppStore - This classification is for apps that were acquired from Windows Store. These were apps directly installed from Windows Store or enterprise apps from Microsoft Store for Business.
- nonStore - This classification is for apps that were not acquired from the Windows Store.
- System - Apps that are part of the OS. You cannot uninstall these apps. This classification is read-only and can only be inventoried.
- PackageTypeFilter - Specifies one or multiple types of packages you can use to query the user or device. Multiple values must be separated by |. Valid values are:

4
windows/client-management/mdm/get-inventory.md
View File

@ -1,6 +1,6 @@
---
title: Get Inventory
description: The Get Inventory operation retrieves information from the Windows Store for Business to determine if new or updated applications are available.
description: The Get Inventory operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
MS-HAID:
- 'p\_phdevicemgmt.get\_seatblock'
- 'p\_phDeviceMgmt.get\_inventory'
@ -15,7 +15,7 @@ ms.date: 06/19/2017
# Get Inventory
The **Get Inventory** operation retrieves information from the Windows Store for Business to determine if new or updated applications are available.
The **Get Inventory** operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
## Request

4
windows/client-management/mdm/get-localized-product-details.md
View File

@ -1,6 +1,6 @@
---
title: Get localized product details
description: The Get localized product details operation retrieves the localization information of a product from the Windows Store for Business.
description: The Get localized product details operation retrieves the localization information of a product from the Micosoft Store for Business.
ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get localized product details
The **Get localized product details** operation retrieves the localization information of a product from the Windows Store for Business.
The **Get localized product details** operation retrieves the localization information of a product from the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-offline-license.md
View File

@ -1,6 +1,6 @@
---
title: Get offline license
description: The Get offline license operation retrieves the offline license information of a product from the Windows Store for Business.
description: The Get offline license operation retrieves the offline license information of a product from the Micosoft Store for Business.
ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get offline license
The **Get offline license** operation retrieves the offline license information of a product from the Windows Store for Business.
The **Get offline license** operation retrieves the offline license information of a product from the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-product-details.md
View File

@ -1,6 +1,6 @@
---
title: Get product details
description: The Get product details operation retrieves the product information from the Windows Store for Business for a specific application.
description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application.
ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get product details
The **Get product details** operation retrieves the product information from the Windows Store for Business for a specific application.
The **Get product details** operation retrieves the product information from the Micosoft Store for Business for a specific application.
## Request

4
windows/client-management/mdm/get-product-package.md
View File

@ -1,6 +1,6 @@
---
title: Get product package
description: The Get product package operation retrieves the information about a specific application in the Windows Store for Business.
description: The Get product package operation retrieves the information about a specific application in the Micosoft Store for Business.
ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get product package
The **Get product package** operation retrieves the information about a specific application in the Windows Store for Business.
The **Get product package** operation retrieves the information about a specific application in the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-product-packages.md
View File

@ -1,6 +1,6 @@
---
title: Get product packages
description: The Get product packages operation retrieves the information about applications in the Windows Store for Business.
description: The Get product packages operation retrieves the information about applications in the Micosoft Store for Business.
ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get product packages
The **Get product packages** operation retrieves the information about applications in the Windows Store for Business.
The **Get product packages** operation retrieves the information about applications in the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-seat.md
View File

@ -1,6 +1,6 @@
---
title: Get seat
description: The Get seat operation retrieves the information about an active seat for a specified user in the Windows Store for Business.
description: The Get seat operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business.
ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get seat
The **Get seat** operation retrieves the information about an active seat for a specified user in the Windows Store for Business.
The **Get seat** operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-seats-assigned-to-a-user.md
View File

@ -1,6 +1,6 @@
---
title: Get seats assigned to a user
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Windows Store for Business.
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Micosoft Store for Business.
ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get seats assigned to a user
The **Get seats assigned to a user** operation retrieves information about assigned seats in the Windows Store for Business.
The **Get seats assigned to a user** operation retrieves information about assigned seats in the Micosoft Store for Business.
## Request

4
windows/client-management/mdm/get-seats.md
View File

@ -1,6 +1,6 @@
---
title: Get seats
description: The Get seats operation retrieves the information about active seats in the Windows Store for Business.
description: The Get seats operation retrieves the information about active seats in the Micosoft Store for Business.
ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Get seats
The **Get seats** operation retrieves the information about active seats in the Windows Store for Business.
The **Get seats** operation retrieves the information about active seats in the Micosoft Store for Business.
## Request

BIN
windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 106 KiB

BIN
windows/client-management/mdm/images/provisioning-csp-vpnv2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 107 KiB

10
windows/client-management/mdm/management-tool-for-windows-store-for-business.md
View File

@ -1,6 +1,6 @@
---
title: Management tool for the Windows Store for Business
description: The Windows Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk.
title: Management tool for the Micosoft Store for Business
description: The Micosoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
- 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
@ -13,9 +13,9 @@ author: nickbrower
ms.date: 06/19/2017
---
# Management tool for the Windows Store for Business
# Management tool for the Micosoft Store for Business
The Windows Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.
The Micosoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.
Here's the list of the available capabilities:
@ -26,7 +26,7 @@ Here's the list of the available capabilities:
- Custom Line of Business app support Enables management and distribution of enterprise applications through the Store for Business.
- Support for Windows desktop and mobile devices - The Store for Business supports both desktop and mobile devices.
For additional information about Store for Business, see the TechNet topics in [Windows Store for Business](https://technet.microsoft.com/library/mt606951.aspx).
For additional information about Store for Business, see the TechNet topics in [Micosoft Store for Business](https://technet.microsoft.com/library/mt606951.aspx).
## Management services

41
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 08/31/2017
ms.date: 09/12/2017
---
# What's new in MDM enrollment and management
@ -102,7 +102,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</ul></td>
</tr>
<tr class="odd">
<td style="vertical-align:top"><p>Management tool for the Windows Store for Business</p></td>
<td style="vertical-align:top"><p>Management tool for the Micosoft Store for Business</p></td>
<td style="vertical-align:top"><p>New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.</p></td>
</tr>
<tr class="even">
@ -929,6 +929,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</thead>
<tbody>
<tr class="even">
<td style="vertical-align:top">The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx)</td>
<td style="vertical-align:top"><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
<ul>
<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. </li>
<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
<li>DomainName - fully qualified domain name if the device is domain-joined.</li>
</ul>
<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
</td></tr>
<tr class="even">
<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
</td></tr>
@ -946,7 +956,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</tr>
<tr class="even">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
<td style="vertical-align:top"><p>Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
@ -989,6 +999,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top"><p>Added new policies.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">Microsoft Store for Business</td>
<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul>
@ -1001,6 +1015,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>DeviceGuard/LsaCfgFlags</li>
<li>ExploitGuard/ExploitProtectionSettings</li>
<li>Games/AllowAdvancedGamingServices</li>
<li>Handwriting/PanelDefaultModeDocked</li>
<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
@ -1357,9 +1372,29 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul>
<li>Authentication/AllowAadPasswordReset</li>
<li>Handwriting/PanelDefaultModeDocked</li>
<li>Search/AllowCloudSearch</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
</ul>
<p>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">Microsoft Store for Business</td>
<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business.</p>
</td></tr>
<tr class="even">
<td style="vertical-align:top">The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx)</td>
<td style="vertical-align:top"><p>The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:</p>
<ul>
<li>UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page. </li>
<li>ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.</li>
<li>DomainName - fully qualified domain name if the device is domain-joined.</li>
</ul>
<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added RegisterDNS setting in Windows 10, version 1709.</p>
</td></tr>
</tbody>
</table>

8
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1027,6 +1027,14 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### Handwriting policies
<dl>
<dd>
<a href="./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked" id="handwriting-paneldefaultmodedocked">Handwriting/PanelDefaultModeDocked</a>
</dd>
</dl>
### InternetExplorer policies
<dl>

72
windows/client-management/mdm/policy-csp-handwriting.md Normal file
View File

@ -0,0 +1,72 @@
---
title: Policy CSP - Handwriting
description: Policy CSP - Handwriting
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 09/07/2017
---
# Policy CSP - Handwriting
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<!--StartPolicies-->
<hr/>
## Handwriting policies
<!--StartPolicy-->
<a href="" id="handwriting-paneldefaultmodedocked"></a>**Handwriting/PanelDefaultModeDocked**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
<p style="margin-left: 20px">The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
<p style="margin-left: 20px">In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction.
<p style="margin-left: 20px">The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way.
<ul>
<li>0 - Disabled (default)</li>
<li>1 - Enabled</li>
</ul>
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->

14
windows/client-management/mdm/policy-csp-update.md
View File

@ -471,8 +471,12 @@ This policy is accessible through the Update setting in the user interface or Gr
<p style="margin-left: 20px">The following list shows the supported values:
- 16 (default) User gets all applicable upgrades from Current Branch (CB).
- 32 User gets upgrades from Current Branch for Business (CBB).
- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709)
- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709)
- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709)
- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted).
- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel.
<!--EndDescription-->
<!--EndPolicy-->
@ -1253,12 +1257,12 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
<p style="margin-left: 20px">Allows the IT admin to set a device to CBB train.
<p style="margin-left: 20px">Allows the IT admin to set a device to Semi-Annual Channel train.
<p style="margin-left: 20px">The following list shows the supported values:
- 0 (default) User gets upgrades from Current Branch.
- 1 User gets upgrades from Current Branch for Business.
- 0 (default) User gets upgrades from Semi-Annual Channel (Targeted).
- 1 User gets upgrades from Semi-Annual Channel.
<!--EndDescription-->
<!--EndPolicy-->

4
windows/client-management/mdm/reclaim-seat-from-user.md
View File

@ -1,6 +1,6 @@
---
title: Reclaim seat from user
description: The Reclaim seat from user operation returns reclaimed seats for a user in the Windows Store for Business.
description: The Reclaim seat from user operation returns reclaimed seats for a user in the Micosoft Store for Business.
ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C
ms.author: maricia
ms.topic: article
@ -12,7 +12,7 @@ ms.date: 06/19/2017
# Reclaim seat from user
The **Reclaim seat from user** operation returns reclaimed seats for a user in the Windows Store for Business.
The **Reclaim seat from user** operation returns reclaimed seats for a user in the Micosoft Store for Business.
## Request

6
windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
View File

@ -1,6 +1,6 @@
---
title: REST API reference for Windows Store for Business
description: REST API reference for Windows Store for Business
title: REST API reference for Micosoft Store for Business
description: REST API reference for Micosoft Store for Business
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
- 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
@ -13,7 +13,7 @@ author: nickbrower
ms.date: 06/19/2017
---
# REST API reference for Windows Store for Business
# REST API reference for Micosoft Store for Business
Here's the list of available operations:

12
windows/client-management/mdm/vpnv2-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 07/07/2017
ms.date: 09/18/2017
---
# VPNv2 CSP
@ -35,7 +35,7 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll
The following diagram shows the VPNv2 configuration service provider in tree format.
![vpnv2 csp diagram](images/provisioning-csp-vpnv2-rs1.png)
![vpnv2 csp diagram](images/provisioning-csp-vpnv2.png)
<a href="" id="device-or-user-profile"></a>**Device or User profile**
For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path.
@ -303,6 +303,14 @@ A device tunnel profile must be deleted before another device tunnel profile can
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-registerdns"></a>**VPNv2/***ProfileName***/RegisterDNS**
Allows registration of the connection's address in DNS.
Valid values:
- False = Do not register the connection's address in DNS (default).
- True = Register the connection's addresses in DNS.
<a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix**
Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.

29
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 07/07/2017
ms.date: 09/18/2017
---
# VPNv2 DDF file
@ -992,6 +992,33 @@ The XML below is for Windows 10, version 1709.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>RegisterDNS</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>
False = Do not register the connection's address in DNS (default).
True = Register the connection's addresses in DNS.
</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DnsSuffix</NodeName>
<DFProperties>

9
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -29,11 +29,12 @@ New or changed topic | Description
## July 2017
| New or changed topic | Description |
| --- | --- |
| [Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** |
| [Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed |
| [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access |
|[Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data.md)|Updated categories and included diagnostic data.|
|[Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** |
|[Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed |
|[Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access |
|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)|Updated several Appraiser events and added Census.Speech. |
| [Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. |
|[Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. |
## June 2017

2
windows/configuration/manage-tips-and-suggestions.md
View File

@ -44,7 +44,7 @@ Windows 10, version 1607 (also known as the Anniversary Update), provides organi
| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
[Learn more about policy settings for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)
## Related topics

3
windows/configuration/start-layout-xml-desktop.md
View File

@ -32,8 +32,7 @@ On Windows 10 for desktop editions, the customized Start works by:
>[!NOTE]
>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
>[!NOTE]
>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx).
## LayoutModification XML

4
windows/configuration/wcd/wcd-usberrorsoemoverride.md
View File

@ -13,7 +13,7 @@ ms.date: 08/21/2017
# UsbErrorsOEMOverride (reference)
Use UsbErrorsOEMOverride settings to .
Allows an OEM to hide the USB option UI in Settings and all USB device errors.
## Applies to
@ -24,4 +24,4 @@ Use UsbErrorsOEMOverride settings to .
## HideUsbErrorNotifyOptionUI
Configure to **Show** or **Hide** the USB error notification.

48
windows/configuration/windows-diagnostic-data.md
View File

@ -6,12 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
author: brianlic-msft
author: eross-msft
ms.author: lizross
ms.date: 09/14/2017
---
# Windows 10, version 1703 Diagnostic Data
Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide relevant tips and recommendations to tailor Microsoft products to the users needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md).
Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the users needs. This article describes all types diagnostic data collected by Windows at the Full telemetry level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md).
The data covered in this article is grouped into the following categories:
@ -21,10 +23,8 @@ The data covered in this article is grouped into the following categories:
- Product and Service Usage data
- Product and Service Performance data
- Software Setup and Inventory data
- Content Consumption data
- Browsing, Search and Query data
- Browsing History data
- Inking, Typing, and Speech Utterance data
- Licensing and Purchase data
> [!NOTE]
> The majority of diagnostic data falls into the first four categories.
@ -66,8 +66,15 @@ This type of data includes details about the health of the device, operating sys
| Category Name | Description and Examples |
| - | - |
| Device health and crash data | Information about the device and software health such as:<br><ul><li>Error codes and error messages, name and ID of the app, and process reporting the error</li><li>DLL library predicted to be the source of the error -- xyz.dll</li><li>System generated files -- app or product logs and trace files to help diagnose a crash or hang</li><li>System settings such as registry keys</li><li>User generated files .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang</li><li>Details and counts of abnormal shutdowns, hangs, and crashes</li><li>Crash failure data OS, OS component, driver, device, 1st and 3rd party app data</li><li>Crash and Hang dumps<ul><li>The recorded state of the working memory at the point of the crash.</li><li>Memory in use by the kernel at the point of the crash.</li><li>Memory in use by the application at the point of the crash.</li><li>All the physical memory used by Windows at the point of the crash.</li><li>Class and function name within the module that failed.</li></li></ul> |
| Device performance and reliability data | Information about the device and software performance such as:<br><ul><li>User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.</li><li>Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).</li><li>In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.</li><li>User input responsiveness onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.</li><li>UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance</li><li>Disk footprint -- Free disk space, out of memory conditions, and disk score.</li><li>Excessive resource utilization components impacting performance or battery life through high CPU usage during different screen and power states</li><li>Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results</li><li>Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times</li><li>Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.</li><li>Power and Battery life power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions</li><li>Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.</li><li>Diagnostic heartbeat regular signal to validate the health of the diagnostics system</li></ul>
|Device health and crash data | Information about the device and software health such as:<br><ul><li>Error codes and error messages, name and ID of the app, and process reporting the error</li><li>DLL library predicted to be the source of the error -- xyz.dll</li><li>System generated files -- app or product logs and trace files to help diagnose a crash or hang</li><li>System settings such as registry keys</li><li>User generated files .doc, .ppt, .csv files where they are indicated as a potential cause for a crash or hang</li><li>Details and counts of abnormal shutdowns, hangs, and crashes</li><li>Crash failure data OS, OS component, driver, device, 1st and 3rd party app data</li><li>Crash and Hang dumps<ul><li>The recorded state of the working memory at the point of the crash.</li><li>Memory in use by the kernel at the point of the crash.</li><li>Memory in use by the application at the point of the crash.</li><li>All the physical memory used by Windows at the point of the crash.</li><li>Class and function name within the module that failed.</li></li></ul> |
|Device performance and reliability data | Information about the device and software performance such as:<br><ul><li>User Interface interaction durations -- Start Menu display times, browser tab switch times, app launch and switch times, and Cortana and search performance and reliability.</li><li>Device on/off performance -- Device boot, shutdown, power on/off, lock/unlock times, and user authentication times (fingerprint and face recognition durations).</li><li>In-app responsiveness -- time to set alarm, time to fully render in-app navigation menus, time to sync reading list, time to start GPS navigation, time to attach picture MMS, and time to complete a Microsoft Store transaction.</li><li>User input responsiveness onscreen keyboard invocation times for different languages, time to show auto-complete words, pen or touch latencies, latency for handwriting recognition to words, Narrator screen reader responsiveness, and CPU score.</li><li>UI and media performance and glitches/smoothness -- video playback frame rate, audio glitches, animation glitches (stutter when bringing up Start), graphics score, time to first frame, play/pause/stop/seek responsiveness, time to render PDF, dynamic streaming of video from OneDrive performance</li><li>Disk footprint -- Free disk space, out of memory conditions, and disk score.</li><li>Excessive resource utilization components impacting performance or battery life through high CPU usage during different screen and power states</li><li>Background task performance -- download times, Windows Update scan duration, Windows Defender Antivirus scan times, disk defrag times, mail fetch times, service startup and state transition times, and time to index on-device files for search results</li><li>Peripheral and devices -- USB device connection times, time to connect to a wireless display, printing times, network availability and connection times (time to connect to Wi-Fi, time to get an IP address from DHCP etc.), smart card authentication times, automatic brightness environmental response times</li><li>Device setup -- first setup experience times (time to install updates, install apps, connect to network etc.), time to recognize connected devices (printer and monitor), and time to setup Microsoft Account.</li><li>Power and Battery life power draw by component (Process/CPU/GPU/Display), hours of screen off time, sleep state transition details, temperature and thermal throttling, battery drain in a power state (screen off or screen on), processes and components requesting power use during screen off, auto-brightness details, time device is plugged into AC vs. battery, battery state transitions</li><li>Service responsiveness - Service URI, operation, latency, service success/error codes, and protocol.</li><li>Diagnostic heartbeat regular signal to validate the health of the diagnostics system</li></ul>|
|Movies|Information about movie consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.<br><ul><li>Video Width, height, color pallet, encoding (compression) type, and encryption type</li><li>Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth</li><li>URL for a specific two second chunk of content if there is an error</li><li>Full screen viewing mode details|
|Music & TV|Information about music and TV consumption on the device. This isn't intended to capture user viewing, listening or habits.<br><ul><li>Service URL for song being downloaded from the music service collected when an error occurs to facilitate restoration of service</li><li>Content type (video, audio, surround audio)</li><li>Local media library collection statistics -- number of purchased tracks, number of playlists</li><li>Region mismatch -- User OS Region, and Xbox Live region</li></ul>|
|Reading|Information about reading consumption functionality on the device. This isn't intended to capture user viewing, listening or habits.<br><ul><li>App accessing content and status and options used to open a Microsoft Store book</li><li>Language of the book</li><li>Time spent reading content</li><li>Content type and size details</li></ul>|
|Photos App|Information about photos usage on the device. This isn't intended to capture user viewing, listening or habits.<br><ul><li>File source data -- local, SD card, network device, and OneDrive</li><li>Image &amp; video resolution, video length, file sizes types and encoding</li><li>Collection view or full screen viewer use and duration of view</li></ul></ul>|
|On-device file query | Information about local search activity on the device such as: <ul><li>Kind of query issued and index type (ConstraintIndex, SystemIndex)</li><li>Number of items requested and retrieved</li><li>File extension of search result user interacted with</li><li>Launched item kind, file extension, index of origin, and the App ID of the opening app.</li><li>Name of process calling the indexer and time to service the query.</li><li>A hash of the search scope (file, Outlook, OneNote, IE history) </li><li>The state of the indices (fully optimized, partially optimized, being built)</li></ul> |
|Purchasing| Information about purchases made on the device such as:<br><ul><li>Product ID, edition ID and product URI</li><li>Offer details -- price</li><li>Order requested date/time</li><li>Store client type -- web or native client</li><li>Purchase quantity and price</li><li>Payment type -- credit card type and PayPal</li></ul> |
|Entitlements | Information about entitlements on the device such as:<br><ul><li>Service subscription status and errors</li><li>DRM and license rights details -- Groove subscription or OS volume license</li><li>Entitlement ID, lease ID, and package ID of the install package</li><li>Entitlement revocation</li><li>License type (trial, offline vs online) and duration</li><li>License usage session</li></ul> |
## Software Setup and Inventory data
@ -78,25 +85,13 @@ This type of data includes software installation and update information on the d
| Installed Applications and Install History | Information about apps, drivers, update packages, or OS components installed on the device such as:<br><ul><li>App, driver, update package, or components Name, ID, or Package Family Name</li><li>Product, SKU, availability, catalog, content, and Bundle IDs</li><li>OS component, app or driver publisher, language, version and type (Win32 or UWP)</li><li>Install date, method, and install directory, count of install attempts</li><li>MSI package code and product code</li><li>Original OS version at install time</li><li>User or administrator or mandatory installation/update</li><li>Installation type clean install, repair, restore, OEM, retail, upgrade, and update</li></ul> |
| Device update information | Information about Windows Update such as:<br><ul><li>Update Readiness analysis of device hardware, OS components, apps, and drivers (progress, status, and results)</li><li>Number of applicable updates, importance, type</li><li>Update download size and source -- CDN or LAN peers</li><li>Delay upgrade status and configuration</li><li>OS uninstall and rollback status and count</li><li>Windows Update server and service URL</li><li>Windows Update machine ID</li><li>Windows Insider build details</li></ul>
## Content Consumption data
## Browsing History data
This type of data includes diagnostic details about Microsoft applications that provide media consumption functionality (such as Groove Music), and is not intended to capture user viewing, listening or reading habits.
| Category Name | Examples |
| - | - |
| Movies | Information about movie consumption functionality on the device such as:<br><ul><li>Video Width, height, color pallet, encoding (compression) type, and encryption type</li><li>Instructions for how to stream content for the user -- the smooth streaming manifest of chunks of content files that must be pieced together to stream the content based on screen resolution and bandwidth</li><li>URL for a specific two second chunk of content if there is an error</li><li>Full screen viewing mode details</li></ul> |
| Music & TV | Information about music and TV consumption on the device such as:<br><ul><li>Service URL for song being downloaded from the music service collected when an error occurs to facilitate restoration of service</li><li>Content type (video, audio, surround audio)</li><li>Local media library collection statistics -- number of purchased tracks, number of playlists</li><li>Region mismatch -- User OS Region, and Xbox Live region</li></ul> |
| Reading | Information about reading consumption functionality on the device such as:<br><ul><li>App accessing content and status and options used to open a Microsoft Store book</li><li>Language of the book</li><li>Time spent reading content</li><li>Content type and size details</li></ul> |
| Photos App | Information about photos usage on the device such as:<br><ul><li>File source data -- local, SD card, network device, and OneDrive</li><li>Image &amp; video resolution, video length, file sizes types and encoding</li><li>Collection view or full screen viewer use and duration of view</li></ul>
## Browsing, Search and Query data
This type of data includes details about web browsing, search and query activity in the Microsoft browsers and Cortana, and local file searches on the device.
This type of data includes details about web browsing in the Microsoft browsers.
| Category Name | Description and Examples |
| - | - |
| Microsoft browser data | Information about Address bar and search box performance on the device such as:<ul><li>Text typed in address bar and search box</li><li>Text selected for Ask Cortana search</li><li>Service response time </li><li>Auto-completed text if there was an auto-complete</li><li>Navigation suggestions provided based on local history and favorites</li><li>Browser ID</li><li>URLs (which may include search terms)</li><li>Page title</li></ul>|
| On-device file query | Information about local search activity on the device such as: <ul><li>Kind of query issued and index type (ConstraintIndex, SystemIndex)</li><li>Number of items requested and retrieved</li><li>File extension of search result user interacted with</li><li>Launched item kind, file extension, index of origin, and the App ID of the opening app.</li><li>Name of process calling the indexer and time to service the query.</li><li>A hash of the search scope (file, Outlook, OneNote, IE history) </li><li>The state of the indices (fully optimized, partially optimized, being built)</li></ul> |
## Inking Typing and Speech Utterance data
@ -105,13 +100,4 @@ This type of data gathers details about the voice, inking, and typing input feat
| Category Name | Description and Examples |
| - | - |
| Voice, inking, and typing | Information about voice, inking and typing features such as:<br><ul><li>Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used</li><li>Pen gestures (click, double click, pan, zoom, rotate)</li><li>Palm Touch x,y coordinates</li><li>Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate</li><li>Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as names, email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.</li><li>Text of speech recognition results -- result codes and recognized text</li><li>Language and model of the recognizer, System Speech language</li><li>App ID using speech features</li><li>Whether user is known to be a child</li><li>Confidence and Success/Failure of speech recognition</li></ul> |
## Licensing and Purchase data
This type of data includes diagnostic details about the purchase and entitlement activity on the device.
| Category Name | Data Examples |
| - | - |
| Purchase history | Information about purchases made on the device such as:<br><ul><li>Product ID, edition ID and product URI</li><li>Offer details -- price</li><li>Order requested date/time</li><li>Store client type -- web or native client</li><li>Purchase quantity and price</li><li>Payment type -- credit card type and PayPal</li></ul> |
| Entitlements | Information about entitlements on the device such as:<br><ul><li>Service subscription status and errors</li><li>DRM and license rights details -- Groove subscription or OS volume license</li><li>Entitlement ID, lease ID, and package ID of the install package</li><li>Entitlement revocation</li><li>License type (trial, offline vs online) and duration</li><li>License usage session</li></ul> |
| Voice, inking, and typing | Information about voice, inking and typing features such as:<br><ul><li>Type of pen used (highlighter, ball point, pencil), pen color, stroke height and width, and how long it is used</li><li>Pen gestures (click, double click, pan, zoom, rotate)</li><li>Palm Touch x,y coordinates</li><li>Input latency, missed pen signals, number of frames, strokes, first frame commit time, sample rate</li><li>Ink strokes written, text before and after the ink insertion point, recognized text entered, Input language - processed to remove identifiers, sequencing information, and other data (such as email addresses and numeric values) which could be used to reconstruct the original content or associate the input to the user.</li><li>Text input from Windows Mobile on-screen keyboards except from password fields and private sessions - processed to remove identifiers, sequencing information, and other data (such as email addresses, and numeric values) which could be used to reconstruct the original content or associate the input to the user.</li><li>Text of speech recognition results -- result codes and recognized text</li><li>Language and model of the recognizer, System Speech language</li><li>App ID using speech features</li><li>Whether user is known to be a child</li><li>Confidence and Success/Failure of speech recognition</li></ul> |

2
windows/deployment/TOC.md
View File

@ -222,8 +222,6 @@
#### [Windows Insider Program for Business using Azure Active Directory](update/waas-windows-insider-for-business-aad.md)
#### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
#### [Olympia Corp enrollment](update/olympia/olympia-enrollment-guidelines.md)
##### [Keep your current Windows 10 edition](update/olympia/enrollment-keep-current-edition.md)
##### [Upgrade your Windows 10 edition from Pro to Enterprise](update/olympia/enrollment-upgrade-to-enterprise.md)
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## Windows Analytics

2
windows/deployment/deploy-whats-new.md
View File

@ -79,7 +79,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT)
MDT build 884 is available, including support for:
MDT build 8443 is available, including support for:
- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016.
- The Windows ADK for Windows 10, version 1607.
- Integration with Configuration Manager version 1606.

44
windows/deployment/update/olympia/enrollment-keep-current-edition.md
View File

@ -1,44 +0,0 @@
---
title: Keep your current Windows 10 edition
description: Olympia Corp enrollment - Keep your current Windows 10 edition
ms.author: nibr
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 09/01/2017
---
# Olympia Corp enrollment
## Keep your current Windows 10 edition
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
![Settings -> Accounts](images/1-1.png)
2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
![Set up a work or school account](images/1-3.png)
4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
> [!NOTE]
> Passwords should contain 8-16 characters, including at least one special character or number.
![Update your password](images/1-4.png)
5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
6. If this is the first time you are logging in, please fill in the additional information to help you retrieve your account details.
7. Create a PIN for signing into your Olympia corporate account.
8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
> [!NOTE]
> To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.

57
windows/deployment/update/olympia/enrollment-upgrade-to-enterprise.md
View File

@ -1,57 +0,0 @@
---
title: Upgrade your Windows 10 edition from Pro to Enterprise
description: Olympia Corp enrollment - Upgrade your Windows 10 edition from Pro to Enterprise
ms.author: nibr
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 09/01/2017
---
# Olympia Corp enrollment
## Upgrade your Windows 10 edition from Pro to Enterprise
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
![Settings -> Accounts](images/1-1.png)
2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
3. Click **Connect**, then click **Join this device to Azure Active Directory**.
![Update your password](images/2-3.png)
4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
![Set up a work or school account](images/2-4.png)
5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
> [!NOTE]
> Passwords should contain 8-16 characters, including at least one special character or number.
![Update your password](images/2-5.png)
6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
7. If this is the first time you are signing in, please fill in the additional information to help you retrieve your account details.
8. Create a PIN for signing into your Olympia corporate account.
9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
10. Restart your PC.
11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your PC will upgrade to Windows 10 Enterprise*.
12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
> [!NOTE]
> To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
\* Please note that your Windows 10 Enterprise license will not be renewed if your PC is not connected to Olympia.

87
windows/deployment/update/olympia/olympia-enrollment-guidelines.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 09/01/2017
ms.date: 09/14/2017
---
# Olympia Corp enrollment guidelines
@ -17,6 +17,87 @@ As part of Windows Insider Lab for Enterprise, you can upgrade to Windows 10 Ent
Choose one of the following two enrollment options:
1. [Keep your current Windows 10 edition](./enrollment-keep-current-edition.md)
1. [Keep your current Windows 10 edition](#enrollment-keep-current-edition)
2. [Upgrade your Windows 10 edition from Pro to Enterprise](#enrollment-upgrade-to-enterprise)
<a id="enrollment-keep-current-edition"></a>
## Keep your current Windows 10 edition
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
![Settings -> Accounts](images/1-1.png)
2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
![Set up a work or school account](images/1-3.png)
4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
> [!NOTE]
> Passwords should contain 8-16 characters, including at least one special character or number.
![Update your password](images/1-4.png)
5. Read the **Terms and Conditions**. Click **Accept** to participate in the program.
6. If this is the first time you are logging in, please fill in the additional information to help you retrieve your account details.
7. Create a PIN for signing into your Olympia corporate account.
8. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
> [!NOTE]
> To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
9. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
<a id="enrollment-upgrade-to-enterprise"></a>
## Upgrade your Windows 10 edition from Pro to Enterprise
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your PC (see [local administrator](https://support.microsoft.com/en-us/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
![Settings -> Accounts](images/1-1.png)
2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
3. Click **Connect**, then click **Join this device to Azure Active Directory**.
![Update your password](images/2-3.png)
4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
![Set up a work or school account](images/2-4.png)
5. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
> [!NOTE]
> Passwords should contain 8-16 characters, including at least one special character or number.
![Update your password](images/2-5.png)
6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
7. If this is the first time you are signing in, please fill in the additional information to help you retrieve your account details.
8. Create a PIN for signing into your Olympia corporate account.
9. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
10. Restart your PC.
11. In the sign-in screen, choose **Other User** and sign in with your **Olympia corporate account**. Your PC will upgrade to Windows 10 Enterprise*.
12. Go to **Start > Settings > Update & Security > Windows Insider Program**. Click on the current Windows Insider account, and click **Change**. Sign in with your **Olympia corporate account**.
> [!NOTE]
> To complete this step, you will need to register your account with the [Windows Insider Program for Business](https://insider.windows.com/ForBusiness).
13. Open the **Feedback Hub**, and sign in with your **Olympia corporate account**.
\* Please note that your Windows 10 Enterprise license will not be renewed if your PC is not connected to Olympia.
2. [Upgrade your Windows 10 edition from Pro to Enterprise](./enrollment-upgrade-to-enterprise.md)

16
windows/deployment/update/update-compliance-get-started.md
View File

@ -25,14 +25,18 @@ Update Compliance has the following requirements:
2. The solution requires that Windows 10 telemetry is enabled on all devices that are intended to be displayed in the solution. These devices must have at least the [basic level of telemetry](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#basic-level) enabled. To learn more about Windows telemetry, see [Configure Windows telemetry in your organization](/windows/configuration/configure-windows-telemetry-in-your-organization).
3. The telemetry of your organizations Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the telemetry services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on telemetry endpoints and summarizes the use of each endpoint:
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
Service | Endpoint
--- | ---
Connected User Experience and Telemetry component | v10.vortex-win.data.microsoft.com<BR>settings-win.data.microsoft.com
Windows Error Reporting | watson.telemetry.microsoft.com
Online Crash Analysis | oca.telemetry.microsoft.com
4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct.
For endpoints running Windows 10, version 1607 or earlier, [Windows telemetry must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
## Add Update Compliance to Microsoft Operations Management Suite

5
windows/deployment/update/update-compliance-using.md
View File

@ -147,7 +147,10 @@ Devices are evaluated by OS Version (e.g., 1607) and the count of how many are C
You'll notice some new tiles in the Overview blade which provide a summary of Windows Defender AV-related issues, highlighted in the following screenshot.
![verview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png)
![Overview blade showing a summary of key Windows Defender Antivirus issues](images/update-compliance-wdav-overview.png)
>[!IMPORTANT]
>If your devices are not showing up in the Windows Defender AV assessment section, check the [Troublshoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help.
The **AV Signature** chart shows the number of devices that either have up-to-date [protection updates (also known as signatures or definitions)](/windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus), while the **Windows Defender AV Status** tile indicates the percentage of all assessed devices that are not updated and do not have real-time protection enabled. The Windows Defender Antivirus Assessment section provides more information that lets you investigate potential issues.

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -21,7 +21,7 @@ ms.date: 07/27/2017
Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager.
Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This means that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
For more details, see [Download mode](#download-mode).

6
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. |
| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint.
| `https://Vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10
| `https://settings.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
Note: The compatibility update KB runs under the computers system account.

4
windows/deployment/usmt/usmt-common-issues.md
View File

@ -229,7 +229,7 @@ There are three typical causes for this issue.
**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured.
**Cause:** A code change in the Start Menu with Windows 10 version 1607 is incompatible with this USMT function.
**Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function.
**Resolution:** The following workaround is available:
@ -245,6 +245,8 @@ There are three typical causes for this issue.
Import-StartLayout LayoutPath "C:\Layout\user1.xml" MountPath %systemdrive%
```
This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
## <a href="" id="bkmk-offline"></a>Offline Migration Problems

2
windows/deployment/windows-10-auto-pilot.md
View File

@ -18,7 +18,7 @@ ms.date: 06/30/2017
- Windows 10
Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot

2
windows/deployment/windows-10-enterprise-subscription-activation.md
View File

@ -102,7 +102,7 @@ changepk.exe /ProductKey %ProductKey%
### Obtaining an Azure AD licence
Enterprise Agreement/Software Assurance (EA/SA):
- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment).
- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/en-us/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea).
- The license administrator can assign seats to Azure AD users with the same process that is used for O365.
- New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription.

9
windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
View File

@ -36,6 +36,8 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
- bginfo.exe<sup>[1]</sup>
- cdb.exe
- csi.exe
- dbghost.exe
- dbgsvc.exe
- dnx.exe
- fsi.exe
- fsiAnyCpu.exe
@ -106,10 +108,13 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion = "4.21.0.0" />
<Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" />
<Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0" />
<Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_RCSI" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
<Deny ID="ID_DENY_NTSD" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
@ -163,7 +168,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
<ProductSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_DENY_KD" />
<FileRuleRef RuleID="ID_DENY_KD_KMCI" />
</FileRulesRef>
</ProductSigners>
</SigningScenario>
@ -177,6 +182,8 @@ Microsoft recommends that you block the following Microsoft-signed applications
<FileRuleRef RuleID="ID_DENY_WINDBG"/>
<FileRuleRef RuleID="ID_DENY_MSBUILD"/>
<FileRuleRef RuleID="ID_DENY_CSI"/>
<FileRuleRef RuleID="ID_DENY_DBGHOST"/>
<FileRuleRef RuleID="ID_DENY_DBGSVC"/>
<FileRuleRef RuleID="ID_DENY_DNX"/>
<FileRuleRef RuleID="ID_DENY_RCSI"/>
<FileRuleRef RuleID="ID_DENY_NTSD"/>

1
windows/threat-protection/TOC.md
View File

@ -145,6 +145,7 @@
#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)

77
windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Collect diagnostic data for Update Compliance and Windows Defender AV
description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 09/06/2017
---
# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
**Applies to:**
- Windows 10
**Audience**
- IT administrators
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps.
1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
1. Open an administrator-level version of the command prompt:
1. Open the **Start** menu.
2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
3. Enter administrator credentials or approve the prompt.
2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
```Dos
cd c:\program files\windows\defender
```
3. Enter the following command and press **Enter**
```Dos
mpcmdrun -getfiles
```
4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
3. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
```
I am encountering the following issue when using Windows Defender AV in Update Compliance:
I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
My OMS workspace ID is:
Please contact me at:
```
## Related topics
- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md)

2
windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
View File

@ -147,7 +147,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
Use the following argument with the Windows Defender AV command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender AV cloud:
```DOS
MpCmdRun - ValidateMapsConnection
MpCmdRun -ValidateMapsConnection
```
> [!NOTE]
> You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703.

BIN
windows/threat-protection/windows-defender-antivirus/images/server-add-gui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

70
windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md Normal file
View File

@ -0,0 +1,70 @@
---
title: Troubleshoot problems with reporting tools for Windows Defender AV
description: Identify and solve common problems when attempting to report in Windows Defender AV protection status in Update Compliance
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 09/06/2017
---
# Troubleshoot Windows Defender Antivirus reporting in Update Compliance
**Applies to:**
- Windows 10
**Audience**
- IT administrators
When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues.
Typically, the most common indicators of a problem are:
- You only see a small number or subset of all the devices you were expecting to see
- You do not see any devices at all
- The reports and information you do see is outdated (older than a few days)
For common error codes and event IDs related to the Windows Defender AV service that are not related to Update Compliance, see the [Windows Defender Antivirus events](troubleshoot-windows-defender-antivirus.md) topic.
There are three steps to troubleshooting these problems:
1. Confirm that you have met all pre-requisites
2. Check your connectivity to the Windows Defender cloud-based service
3. Submit support logs
>[!IMPORTANT]
>It typically takes 3 days for devices to start appearing in Update Compliance
## Confirm pre-requisites
In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender AV protection:
>[!div class="checklist"]
>- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
> - [Cloud-delivered protection is enabled](enable-cloud-protection-windows-defender-antivirus.md).
> - Endpoints can [connect to the Windows Defender AV cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud)
> - If the endpoint is running Windows 10 version 1607 or earlier, [Windows 10 telemetry must be set to the Enhanced level](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#enhanced-level).
> - It has been 3 days since all requirements have been met
If the above pre-requisites have all been met, you may need to proceed to the next step to collect diagnostic information and send it to us.
> [!div class="nextstepaction"]
> [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)

60
windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Antivirus and Windows Defender ATP
description: Windows Defender AV and Windows Defender ATP work together to provide threat detection, remediation, and investigation.
title: Windows Defender Antivirus compatibility with other security products
description: Windows Defender AV operates in different ways depending on what other security products you have installed, and the operating system you are using.
keywords: windows defender, atp, advanced threat protection, compatibility, passive mode
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -11,35 +11,75 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 06/13/2017
ms.date: 09/07/2017
---
# Windows Defender Antivirus and Advanced Threat Protection: Better together
# Windows Defender Antivirus and third party protection products
**Applies to:**
- Windows 10
- Windows Server 2016
**Audience**
- Enterprise security administrators
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10.
Windows Defender Advanced Threat Protection (ATP) is an additional service beyond Windows Defender Antivirus that helps enterprises detect, investigate, and respond to advanced persistent threats on their network.
See the [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) topics for more information about the service.
However, on endpoints and devices that are protected with a non-Microsoft antivirus or antimalware app, Windows Defender AV will automatically disable itself.
If you are enrolled in Windows Defender ATP, and you are not using Windows Defender AV as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. On Windows Server 2016 SKUs, Windows Defender AV will not enter into the passive mode and will run alongside your other antivirus product.
If you are also using Windows Defender Advanced Threat Protection, then Windows Defender AV will enter a passive mode.
In passive mode, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
On Windows Server 2016, Windows Defender AV will not enter passive or disabled mode if you have also installed a third-party antivirus product. See [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) topic for key differences and management options for Windows Server installations.
You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
The following matrix illustrates how Windows Defender AV operates when third-party antivirus products or Windows Defender ATP are also used.
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
Windows version | Antimalware protection offered by | Organization enrolled in Windows Defender ATP | Windows Defender AV state
-|-|-|-
Windows 10 | A third-party product that is not offered or developed by Microsoft | Yes | Passive mode
Windows 10 | A third-party product that is not offered or developed by Microsoft | No | Automatic disabled mode
Windows 10 | Windows Defender AV | Yes | Active mode
Windows 10 | Windows Defender AV | No | Active mode
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Active mode
Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Active mode
Windows Server 2016 | Windows Defender AV | Yes | Active mode
Windows Server 2016 | Windows Defender AV | No | Active mode
>[!IMPORTANT]
>Windows Defender AV is only available on endpoints running Windows 10 or Windows Server 2016.
>
>In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/en-us/library/hh508760.aspx), which is managed through System Center Configuration Manager.
>
>Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/en-us/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
In the passive and automatic disabled modes, Windows Defender AV will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won't run, and Windows Defender AV will not provide real-time protection from malware.
The reasons for this are twofold:
1. If you are enrolled in Windows Defender ATP, [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
2. If the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, then Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint.
Therefore, the Windows Defender AV service needs to update itself to ensure it has up-to-date protection coverage in case it needs to automatically enable itself.
You can still [manage updates for Windows Defender](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
If you uninstall the other product, and choose to use Windows Defender AV to provide protection to your endpoints, Windows Defender AV will automatically return to its normal active mode.
>[!WARNING]
>You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender AV, Windows Defender ATP, or the Windows Defender Security Center app.
>
>This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks.
## Related topics
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md)

49
windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 08/25/2017
ms.date: 09/07/2017
---
@ -56,21 +56,56 @@ This topic includes the following instructions for setting up and running Window
- [Configure automatic exclusions](#BKMK_DefExclusions)
<a name="BKMK_UsingDef"></a>
## Enable the interface
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs.
## Enable or disable the interface on Windows Server 2016
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
The following PowerShell cmdlet will enable the interface:
![](images/server-add-gui.png)
See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
The following PowerShell cmdlet will also enable the interface:
```PowerShell
Install-WindowsFeature -Name Windows-Defender-GUI
```
The following cmdlet will disable the interface:
To hide the interface, use the **Remove Roles and Features Wizard** and deselect the **GUI for Windows Defender** option at the **Features** step, or use the following PowerShell cmdlet:
```PowerShell
Uninstall-WindowsFeature -Name Windows-Defender-GUI
```
>[!IMPORTANT]
> Windows Defender AV will still run normally without the user interface, but the user interface cannot be enabled if you disable the core **Windows Defender** feature.
## Install or uninstall Windows Defender AV on Windows Server 2016
You can also uninstall Windows Defender AV completely with the **Remove Roles and Features Wizard** by deselecting the **Windows Defender Features** option at the **Features** step in the wizard.
>[!NOTE]
>Deselecting **Windows Defender** on its own under the **Windows Defender Features** section will automatically prompt you to remove the interface option **GUI for Windows Defender**.
The following PowerShell cmdlet will also uninstall Windows Defender AV on Windows Server 2016:
```PS
Uninstall-WindowsFeature -Name Windows-Server-Antimalware
Uninstall-WindowsFeature -Name Windows-Defender
```
To install Windows Defender AV again, use the **Add Roles and Features Wizard** and ensure the **Windows Defender** feature is selected. You can also enable the interface by selecting the **GUID for Windows Defender** option.
You can also use the following PowerShell cmdlet to install Windows Defender AV:
```PS
Install-WindowsFeature -Name Windows-Defender
```
> [!TIP]

4
windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
View File

@ -38,11 +38,11 @@ In Windows 10, version 1703 (also known as the Creators Update), the Windows Def
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
> [!IMPORTANT]
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
> [!WARNING]
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>This will significantly lower the protection of your device and could lead to malware infection.

269
windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -36,240 +36,39 @@ The ArcSight field column contains the default mapping between the Windows Defen
Field numbers match the numbers in the images below.
<table style="table-layout:fixed;width:100%" >
<tr>
<th class>Portal label</th>
<th class>SIEM field name</th>
<th class>ArcSight field</th>
<th class>Example value</th>
<th class>Description</th>
<th class></th>
</tr>
<tr>
<td class>1</td>
<td class>AlertTitle</td>
<td class>name</td>
<td class>A dll was unexpectedly loaded into a high integrity process without a UAC prompt</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>2</td>
<td class>Severity</td>
<td class>deviceSeverity</td>
<td class>Medium</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>3</td>
<td class>Category</td>
<td class>deviceEventCategory</td>
<td class>Privilege Escalation</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>4</td>
<td class>Source</td>
<td class>sourceServiceName</td>
<td class>WindowsDefenderATP</td>
<td class>Windows Defender Antivirus or Windows Defender ATP. Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>5</td>
<td class>MachineName</td>
<td class>sourceHostName</td>
<td class>liz-bean</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>6</td>
<td class>FileName</td>
<td class>fileName</td>
<td class>Robocopy.exe</td>
<td class>Available for alerts associated with a file or process.</td>
<td class></td>
</tr>
<tr>
<td class>7</td>
<td class>FilePath</td>
<td class>filePath</td>
<td class>C:\Windows\System32\Robocopy.exe</td>
<td class>Available for alerts associated with a file or process. \</td>
<td class></td>
</tr>
<tr>
<td class>8</td>
<td class>UserDomain</td>
<td class>sourceNtDomain</td>
<td class>contoso</td>
<td class>The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts.</td>
<td class></td>
</tr>
<tr>
<td class>9</td>
<td class>UserName</td>
<td class>sourceUserName</td>
<td class>liz-bean</td>
<td class>The user context running the activity, available for Windows Defender ATP behavioral based alerts.</td>
<td class></td>
</tr>
<tr>
<td class>10</td>
<td class>Sha1</td>
<td class>fileHash</td>
<td class>5b4b3985339529be3151d331395f667e1d5b7f35</td>
<td class>Available for alerts associated with a file or process.</td>
<td class></td>
</tr>
<tr>
<td class>11</td>
<td class>Md5</td>
<td class>deviceCustomString5</td>
<td class>55394b85cb5edddff551f6f3faa9d8eb</td>
<td class>Available for Windows Defender AV alerts.</td>
<td class></td>
</tr>
<tr>
<td class>12</td>
<td class>Sha256</td>
<td class>deviceCustomString6</td>
<td class>9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5</td>
<td class>Available for Windows Defender AV alerts.</td>
<td class></td>
</tr>
<tr>
<td class>13</td>
<td class>ThreatName</td>
<td class>eviceCustomString1</td>
<td class>Trojan:Win32/Skeeyah.A!bit</td>
<td class>Available for Windows Defender AV alerts.</td>
<td class></td>
</tr>
<tr>
<td class>14</td>
<td class>IpAddress</td>
<td class>sourceAddress</td>
<td class>218.90.204.141</td>
<td class>Available for alerts associated to network events. For example, 'Communication to a malicious network destination'.</td>
<td class></td>
</tr>
<tr>
<td class>15</td>
<td class>Url</td>
<td class>requestUrl</td>
<td class>down.esales360.cn</td>
<td class>Availabe for alerts associated to network events. For example, 'Communication to a malicious network destination'.</td>
<td class></td>
</tr>
<tr>
<td class>16</td>
<td class>RemediationIsSuccess</td>
<td class>deviceCustomNumber2</td>
<td class>TRUE</td>
<td class>Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.</td>
<td class></td>
</tr>
<tr>
<td class>17</td>
<td class>WasExecutingWhileDetected</td>
<td class>deviceCustomNumber1</td>
<td class>FALSE</td>
<td class>Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.</td>
<td class></td>
</tr>
<tr>
<td class>18</td>
<td class>AlertId</td>
<td class>externalId</td>
<td class>636210704265059241_673569822</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>19</td>
<td class>LinkToWDATP</td>
<td class>flexString1</td>
<td class>`https://securitycenter.windows.com/alert/636210704265059241_673569822`</td>
<td class>Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>20</td>
<td class>AlertTime</td>
<td class>deviceReceiptTime</td>
<td class>2017-05-07T01:56:59.3191352Z</td>
<td class>The time the activity relevant to the alert occurred. Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>21</td>
<td class>MachineDomain</td>
<td class>sourceDnsDomain</td>
<td class>contoso.com</td>
<td class>Domain name not relevant for AAD joined machines. Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class>22</td>
<td class>Actor</td>
<td class>deviceCustomString4</td>
<td class></td>
<td class>Available for alerts related to a known actor group.</td>
<td class></td>
</tr>
<tr>
<td class>21+5</td>
<td class>ComputerDnsName</td>
<td class>No mapping</td>
<td class>liz-bean.contoso.com</td>
<td class>The machine fully qualified domain name. Value available for every alert.</td>
<td class></td>
</tr>
<tr>
<td class></td>
<td class>LogOnUsers</td>
<td class>sourceUserId</td>
<td class>contoso\liz-bean; contoso\jay-hardee</td>
<td class>The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available.</td>
<td class></td>
</tr>
<tr>
<td class>Internal field</td>
<td class>LastProcessedTimeUtc</td>
<td class>No mapping</td>
<td class>2017-05-07T01:56:58.9936648Z</td>
<td class>Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved.</td>
<td class></td>
</tr>
<tr>
<td class></td>
<td class>Not part of the schema</td>
<td class>deviceVendor</td>
<td class></td>
<td class>Static value in the ArcSight mapping - 'Microsoft'.</td>
<td class></td>
</tr>
<tr>
<td class></td>
<td class>Not part of the schema</td>
<td class>deviceProduct</td>
<td class></td>
<td class>Static value in the ArcSight mapping - 'Windows Defender ATP'.</td>
<td class></td>
</tr>
<tr>
<td class></td>
<td class>Not part of the schema</td>
<td class>deviceVersion</td>
<td class></td>
<td class>Static value in the ArcSight mapping - '2.0', used to identify the mapping versions.</td>
<td class></td>
</tr>
</table>
> [!div class="mx-tableFixed"]
| Portal label | SIEM field name | ArcSight field | Example value | Description |
|------------------|---------------------------|---------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | AlertTitle | name | A dll was unexpectedly loaded into a high integrity process without a UAC prompt | Value available for every alert. |
| 2 | Severity | deviceSeverity | Medium | Value available for every alert. |
| 3 | Category | deviceEventCategory | Privilege Escalation | Value available for every alert. |
| 4 | Source | sourceServiceName | WindowsDefenderATP | Windows Defender Antivirus or Windows Defender ATP. Value available for every alert. |
| 5 | MachineName | sourceHostName | liz-bean | Value available for every alert. |
| 6 | FileName | fileName | Robocopy.exe | Available for alerts associated with a file or process. |
| 7 | FilePath | filePath | C:\Windows\System32\Robocopy.exe | Available for alerts associated with a file or process. |
| 8 | UserDomain | sourceNtDomain | contoso | The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts. |
| 9 | UserName | sourceUserName | liz-bean | The user context running the activity, available for Windows Defender ATP behavioral based alerts. |
| 10 | Sha1 | fileHash | 5b4b3985339529be3151d331395f667e1d5b7f35 | Available for alerts associated with a file or process. |
| 11 | Md5 | deviceCustomString5 | 55394b85cb5edddff551f6f3faa9d8eb | Available for Windows Defender AV alerts. |
| 12 | Sha256 | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5 | Available for Windows Defender AV alerts. |
| 13 | ThreatName | eviceCustomString1 | Trojan:Win32/Skeeyah.A!bit | Available for Windows Defender AV alerts. |
| 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. |
| 15 | Url | requestUrl | down.esales360.cn | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. |
| 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. |
| 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. |
| 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every alert. |
| 19 | LinkToWDATP | flexString1 | `https://securitycenter.windows.com/alert/636210704265059241_673569822` | Value available for every alert. |
| 20 | AlertTime | deviceReceiptTime | 2017-05-07T01:56:59.3191352Z | The time the activity relevant to the alert occurred. Value available for every alert. |
| 21 | MachineDomain | sourceDnsDomain | contoso.com | Domain name not relevant for AAD joined machines. Value available for every alert. |
| 22 | Actor | deviceCustomString4 | | Available for alerts related to a known actor group. |
| 21+5 | ComputerDnsName | No mapping | liz-bean.contoso.com | The machine fully qualified domain name. Value available for every alert. |
| | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available. |
| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. |
| | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. |
| Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved. |
| | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. |
| | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Windows Defender ATP'. |
| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions.
![Image of alert with numbers](images/atp-alert-page.png)
@ -278,7 +77,7 @@ Field numbers match the numbers in the images below.
![Image of artifact timeline with numbers](images/atp-siem-mapping3.png)
![Image of alert timeline with numbers](images/atp-siem-mapping4.png)
![Image of artifact timeline with numbers](images/atp-siem-mapping4.png)
![Image machine view](images/atp-mapping6.png)

3
windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
View File

@ -33,6 +33,9 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
>[!WARNING]
> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding.
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Click **Endpoint management** > **Clients** on the **Navigation pane**.

4
windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md
View File

@ -29,14 +29,14 @@ ms.date: 09/05/2017
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
> [!NOTE]
> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
**Open Event Viewer and find the Windows Defender ATP service event log:**
1. Click **Start**, type **Event Viewer**, and press **Enter**.
1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**.
2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to
open the log.

BIN
windows/threat-protection/windows-defender-atp/images/atp-region-control-panel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

14
windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
View File

@ -93,18 +93,8 @@ Use the search bar to look for specific timeline events. Harness the power of us
- Behaviors mode: displays "detections" and selected events of interest
- Verbose mode: displays all raw events without aggregation or filtering
- **Event type** - Click the drop-down button to filter by the following levels:
- Windows Defender ATP alerts
- Windows Defender AV alerts
- Response actions
- AppGuard related events
- Windows Defender Device Guard events
- Process events
- Network events
- File events
- Registry events
- Load DLL events
- Other events <br><br>
- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others.
Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed.
- **User account** Click the drop-down button to filter the machine timeline by the following user associated events:

26
windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md
View File

@ -37,7 +37,7 @@ Use the Machines list in these main scenarios:
## Sort, filter, and download the list of machines from the Machines list
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria.
Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria.
You can also download the entire list in CSV format using the **Export to CSV** feature.
@ -60,25 +60,29 @@ You can use the following filters to limit the list of machines displayed during
- Mac OS
- Other
**Health**</br>
- All
- Well configure
- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters.
**Sensor health state**</br>
Filter the list to view specific machines grouped together by the following machine health states:
- **Active** Machines that are actively reporting sensor data to the service.
- **Misconfigured** Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to:
- Impaired communications
- No sensor data
- Impaired communications
For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
- **Inactive** Machines that have completely stopped sending signals for more than 7 days.
**Malware category**</br>
**Security state**</br>
Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization.
- **Well configured** - Machines have the Windows Defender security controls well configured.
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md).
**Malware category alerts**</br>
Filter the list to view specific machines grouped together by the following malware categories:
- **Ransomware** Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee.
- **Credential theft** Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers.
@ -88,6 +92,8 @@ Filter the list to view specific machines grouped together by the following malw
- **General malware** Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks.
- **PUA** Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software.
## Groups and tags
You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags).
## Export machine list to CSV
You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file.
@ -99,13 +105,11 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The
You can sort the **Machines list** by the following columns:
- **Machine name** - Name or GUID of the machine
- **Domain** - Domain where the machine is joined in
- **OS Platform** - Indicates the OS of the machine
- **Health State** Indicates if the machine is misconfigured or is not sending sensor data
- **Last seen** - Date and time when the machine last reported sensor data
- **Internal IP** - Local internal Internet Protocol (IP) address of the machine
- **Active Alerts** - Number of alerts reported by the machine by severity
- **Active malware detections** - Number of active malware detections reported by the machine
- **Active malware alerts** - Number of active malware detections reported by the machine
> [!NOTE]
> The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.

4
windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
- View, sort, and triage alerts from your endpoints
- Search for more information on observed indicators such as files and IP Addresses
- Change Windows Defender ATP settings, including time zone and licensing information.
- Change Windows Defender ATP settings, including time zone and review licensing information.
## Windows Defender ATP portal
When you open the portal, youll see the main areas of the application:
@ -54,7 +54,7 @@ Area | Description
**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports.
**Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
(3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.

8
windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Check the Windows Defender ATP service health
description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved.
keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -33,11 +33,11 @@ You can view details on the service health by clicking the tile from the **Secur
The **Service health** details page has the following tabs:
- **Current issues**
- **Current status**
- **Status history**
## Current issues
The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
## Current status
The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue:
- Date and time for when the issue was detected
- A short description of the issue

40
windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Windows Defender Advanced Threat Protection settings
description: Use the menu to configure the time zone, suppression rules, and view license information.
keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules
description: Use the menu to configure the time zone and view license information.
keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -25,7 +25,7 @@ ms.date: 09/05/2017
[!include[Prerelease information](prerelease.md)]
Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone, suppression rules, and view license information.
Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone and view license information.
## Time zone settings
The aspect of time is important in the assessment and analysis of perceived and actual cyberattacks.
@ -39,7 +39,7 @@ Your current time zone setting is shown in the Windows Defender ATP menu. You ca
### UTC time zone
Windows Defender ATP uses UTC time by default.
Setting the Windows Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. Choosing this setting means that all users will see the same timestamps in Windows Defender ATP, regardless of their regional settings. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events.
Setting the Windows Defender ATP time zone to UTC will display all system timestamps (alerts, events, and others) in UTC for all users. This can help security analysts working in different locations across the globe to use the same time stamps while investigating events.
### Local time zone
You can choose to have Windows Defender ATP use local time zone settings. All alerts and events will be displayed using your local time zone.
@ -55,10 +55,36 @@ To set the time zone:
1. Click the **Settings** menu ![Settings icon](images/settings.png).
2. Select the **Timezone UTC** indicator.
3. Select **Timezone Local** or **-8:00**.
3. Select **Timezone UTC** or your local time zone, for example -7:00.
## Suppression rules
The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. For more information see, [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
### Regional settings
To apply different date formats for Windows Defender ATP, use regional settings for IE and Edge. If you're using another browser such as Google Chrome, follow the required steps to change the time and date settings for that browser.
**Internet Explorer (IE) and Microsoft Edge (Edge)**
IE and Edge use the **Region** settings configured in the **Clocks, Language, and Region** option in the Control panel.
#### Known issues with regional formats
**Date and time formats**<br>
There are some known issues with the time and date formats.
The following date formats are supported:
- MM/dd/yyyy
- dd/MM/yyyy
The following date and time formats are currently not supported:
- Date format yyyy-MM-dd
- Date format dd-MMM-yy
- Date format dd/MM/yy
- Date format MM/dd/yy
- Date format with yy. Will only show yyyy.
- Time format HH:mm:ss is not supported (the 12 hour AM/PM format is not supported). Only the 24-hour format is supported.
**Decimal symbol used in numbers**<br>
Decimal symbol used is always a dot, even if a comma is selected in the **Numbers** format settings in **Region** settings. For example, 15,5K is displayed as 15.5K.
## License
Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP.

18
windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md
View File

@ -50,6 +50,24 @@ If onboarding endpoints successfully completes but Windows Defender ATP does not
For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
#### Known issues with regional formats
**Date and time formats**<br>
There are some known issues with the time and date formats.
The following date formats are supported:
- MM/dd/yyyy
- dd/MM/yyyy
The following date and time formats are currently not supported:
- Date format yyyy/MM/dd
- Date format dd/MM/yy
- Date format with yy. Will only show yyyy.
- Time format HH:mm:ss is not supported (the 12 hour AM/PM format is not supported). Only the 24-hour format is supported.
**Use of comma to indicate thousand**<br>
Support of use of comma as a separator in numbers are not supported. Regions where a number is separated with a comma to indicate a thousand, will only see the use of a dot as a separator. For example, 15,5K is displayed as 15.5K.
### Related topic
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

2
windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
View File

@ -101,7 +101,7 @@ Topic | Description
[Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.
[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information.
[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information.
[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
[Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
[Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.

57
windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Security Center
description: The Windows Defender Security Center brings together common Windows security features into one place
description: The Windows Defender Security Center app brings together common Windows security features into one place
keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -22,17 +22,17 @@ ms.date: 08/25/2017
**Applies to**
- Windows 10, version 1703
- Windows 10, version 1709
In Windows 10, version 1703 we introduced the new Windows Defender Security Center, which brings together common Windows security features into one, easy-to-use app.
In Windows 10, version 1703 we introduced the new Windows Defender Security Center app, which brings together common Windows security features into one easy-to-use app.
![Screen shot of the Windows Defender Security Center showing that the device is protected and five icons for each of the features](images/security-center-home.png)
![Screen shot of the Windows Defender Security Center app showing that the device is protected and five icons for each of the features](images/security-center-home.png)
@ -41,60 +41,71 @@ Many settings that were previously part of the individual features and main Wind
The app includes the settings and status for the following security features:
- Virus & threat protection, including settings for Windows Defender Antivirus
- Virus & threat protection, including settings for Windows Defender Antivirus and Controlled folder access
- Device performance & health, which includes information about drivers, storage space, and general Windows Update issues
- Firewall & network protection, including Windows Firewall
- App & browser control, covering Windows Defender SmartScreen settings
- App & browser control, covering Windows Defender SmartScreen settings and Exploit protection mitigations
- Family options, which include a number of parental controls along with tips and information for keeping kids safe online
The Windows Defender Security Center uses the [Windows Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on 3rd party antivirus and firewall products that are installed on the device.
The Windows Defender Security Center app uses the [Security Center service](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA) to provide the status and information on third-party antivirus and firewall products that are installed on the device.
> [!IMPORTANT]
> Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These will be disabled automatically when a 3rd party antivirus or firewall product is installed and kept up to date.
>[!IMPORTANT]
>Windows Defender AV and the Windows Defender Security Center app use similarly named services for specific purposes.
>
>The Windows Defender Security Center app uses the Windows Defender Security Center Service (*SecurityHealthService* or *Windows Security Health Servce*), which in turn utilizes the Security Center service ([*wscsvc*](https://technet.microsoft.com/en-us/library/bb457154.aspx#EDAA)) to ensure the app provides the most up-to-date information about the protection status on the endpoint, including protection offered by third-party antivirus products, Windows Firewall, and other security protection.
>
>These services do not affect the state of Windows Defender AV. Disabling or modifying these services will not disable Windows Defender AV, and will lead to a lowered protection state on the endpoint, even if you are using a third-party antivirus product.
>
>Windows Defender AV will be [disabled automatically when a third-party antivirus product is installed and kept up to date](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
>
>Disabling the Windows Security Center service will not disable Windows Defender AV or [Windows Firewall](https://docs.microsoft.com/en-us/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security).
> [!WARNING]
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated 3rd party antivirus, or if you uninstall any 3rd party antivirus products you may have previously installed.
> If you disable the Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Defender Security Center app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>
>It may also prevent Windows Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>
>This will significantly lower the protection of your device and could lead to malware infection.
## Open the Windows Defender Security Center
## Open the Windows Defender Security Center app
- Right-click the icon in the notification area on the taskbar and click **Open**.
![Screen shot of the Shield icon for the Windows Defender Security Center in the bottom Windows task bar](images/security-center-taskbar.png)
![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png)
- Search the Start menu for **Windows Defender Security Center**.
![Screen shot of the Start menu showing the results of a search for Windows Defender Security Center, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
> [!NOTE]
> Settings configured with management tools, such as Group Policy, Microsoft Intune, or System Center Configuration Manager, will generally take precedence over the settings in the Windows Defender Security Center. Review the settings for each feature in its appropriate library. Links for both home user and enterprise or commercial audiences are listed below.
## How the Windows Defender Security Center works with Windows security features
## How the Windows Defender Security Center app works with Windows security features
The Windows Defender Security Center operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
The Windows Defender Security Center app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
It acts as a collector or single place to see the status and perform some configuration for each of the features.
Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center. The Windows Defender Security Center itself will still run and show status for the other security features.
Disabling any of the individual features (through Group Policy or other management tools, such as System Center Configuration Manager) will prevent that feature from reporting its status in the Windows Defender Security Center app. The Windows Defender Security Center app itself will still run and show status for the other security features.
> [!IMPORTANT]
> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center itself.
> Individually disabling any of the services will not disable the other services or the Windows Defender Security Center app.
For example, [using a 3rd party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
For example, [using a third-party antivirus will disable Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus). However, the Windows Defender Security Center app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Firewall.
The presence of the 3rd party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center.
The presence of the third-party antivirus will be indicated under the **Virus & threat protection** section in the Windows Defender Security Center app.
## More information
See the following links for more information on the features in the Windows Defender Security Center:
See the following links for more information on the features in the Windows Defender Security Center app:
- Windows Defender Antivirus
- IT administrators and IT pros can get configuration guidance from the [Windows Defender Antivirus in the Windows Defender Security Center topic](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus) and the [Windows Defender Antivirus documentation library](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
- Home users can learn more at the [Virus & threat protection in Windows Defender Security Center topic at support.microsoft.com](https://support.microsoft.com/en-us/help/4012987/windows-10-virus-threat-protection-windows-defender-security-center)