DiagnosticLog CSP
DiagnosticLog DDF |
Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
@@ -1929,17 +1933,19 @@ What data is handled by dmwappushsvc? | It is a component handling the internal
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
## Change history in MDM documentation
+
### October 2019
|New or updated topic | Description|
|--- | ---|
-|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID|
+|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
+|[Defender CSP](defender-csp.md)|Added the following new nodes:
Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
### September 2019
|New or updated topic | Description|
|--- | ---|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
IsStub|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
IsStub.|
|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
@@ -1958,7 +1964,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
SecurityKey, SecurityKey/UseSecurityKeyForSignin|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider.|
### June 2019
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 7ac4b1ff90..f13d6f81c8 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -93,7 +93,7 @@ When you have the Start layout that you want your users to see, use the [Export-
`Export-StartLayout –path .xml`
- On a device running Windows 10, version 1809, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
+ On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
```PowerShell
Export-StartLayout -UseDesktopApplicationID -Path layout.xml
@@ -191,7 +191,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index 1cf1ddcb0a..e0f66504b8 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
@@ -19,6 +19,9 @@ ms.topic: article
# Frequently asked questions and troubleshooting Windows Analytics
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
+
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
@@ -150,7 +153,7 @@ For more information, see [Enrolling devices in Windows Analytics](windows-analy
### Apps not appearing in Device Health App Reliability
-[](images/app-reliability.png)
+[](images/app-reliability.png)
If apps that you know are crashing do not appear in App Reliability, follow these steps to investigate the issue:
diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md
index 77c86f443d..6be69ef90e 100644
--- a/windows/deployment/update/windows-analytics-azure-portal.md
+++ b/windows/deployment/update/windows-analytics-azure-portal.md
@@ -1,71 +1,76 @@
----
-title: Windows Analytics in the Azure Portal
-ms.reviewer:
-manager: laurawi
-description: Use the Azure Portal to add and configure Windows Analytics solutions
-keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.audience: itpro
author: greg-lindsay
-ms.localizationpriority: medium
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Windows Analytics in the Azure Portal
-
-Windows Analytics uses Azure Log Analytics workspaces (formerly known as Operations Management Suite or OMS), a collection of cloud-based services for monitoring and automating your on-premises and cloud environments.
-
-**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
-
-## Navigation and permissions in the Azure portal
-
-Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics workspaces*. Once it appears, you can select the star to add it to your favorites for easy access in the future.
-
-[](images/azure-portal-LAfav1.png)
-
-### Permissions
-
-It's important to understand the difference between Azure Active Directory and an Azure subscription:
-
-**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
-
-An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.
-
-
->[!IMPORTANT]
->Unlike the OMS portal (which only requires permission to access the Azure Log Analytics workspace), the Azure portal also requires access to be configured to either the linked *Azure subscription* or Azure resource group.
-
-To check the Log Analytics workspaces you can access, select **Log Analytics workspaces**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to:
-
-[](images/azure-portal-LAmain-wkspc-subname-sterile.png)
-
-If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspace's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states).
-
-When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.
-
-[](images/azure-portal-LA-wkspcsumm_sterile.png)
-
-## Adding Windows Analytics solutions
-
-In the Azure portal, the simplest way to add Windows Analytics solutions (Upgrade Readiness, Update Compliance, and Device Health) is to select **+ Create a resource** and then type the solution name in the search box. In this example, the search is for "Device Health":
-
-[](images/azure-portal-create-resource-boxes.png)
-
-Select the solution from the list that is returned by the search, and then select **Create** to add the solution.
-
-## Navigating to Windows Analytics solutions settings
-
-To adjust settings for a Windows Analytics solution, first navigate to the **Solutions** tab for your workspace, and then select the solution to configure. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
-
-[](images/temp-azure-portal-soltn-setting.png)
-
-From there, select the settings page to adjust specific settings:
-
-[](images/azure-portal-UR-settings.png)
-
->[!NOTE]
->To access these settings, both the subscription and workspace require "contributor" permissions. You can view your current role and make changes in other roles by using the **Access control (IAM)** tab in Azure.
+---
+title: Windows Analytics in the Azure Portal
+ms.reviewer:
+manager: laurawi
+description: Use the Azure Portal to add and configure Windows Analytics solutions
+keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Windows Analytics in the Azure Portal
+
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
+
+Windows Analytics uses Azure Log Analytics workspaces (formerly known as Operations Management Suite or OMS), a collection of cloud-based services for monitoring and automating your on-premises and cloud environments.
+
+**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
+
+## Navigation and permissions in the Azure portal
+
+Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics workspaces*. Once it appears, you can select the star to add it to your favorites for easy access in the future.
+
+[](images/azure-portal-LAfav1.png)
+
+### Permissions
+
+It's important to understand the difference between Azure Active Directory and an Azure subscription:
+
+**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
+
+An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.
+
+
+>[!IMPORTANT]
+>Unlike the OMS portal (which only requires permission to access the Azure Log Analytics workspace), the Azure portal also requires access to be configured to either the linked *Azure subscription* or Azure resource group.
+
+To check the Log Analytics workspaces you can access, select **Log Analytics workspaces**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to:
+
+[](images/azure-portal-LAmain-wkspc-subname-sterile.png)
+
+If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspace's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states).
+
+When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.
+
+[](images/azure-portal-LA-wkspcsumm_sterile.png)
+
+## Adding Windows Analytics solutions
+
+In the Azure portal, the simplest way to add Windows Analytics solutions (Upgrade Readiness, Update Compliance, and Device Health) is to select **+ Create a resource** and then type the solution name in the search box. In this example, the search is for "Device Health":
+
+[](images/azure-portal-create-resource-boxes.png)
+
+Select the solution from the list that is returned by the search, and then select **Create** to add the solution.
+
+## Navigating to Windows Analytics solutions settings
+
+To adjust settings for a Windows Analytics solution, first navigate to the **Solutions** tab for your workspace, and then select the solution to configure. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
+
+[](images/temp-azure-portal-soltn-setting.png)
+
+From there, select the settings page to adjust specific settings:
+
+[](images/azure-portal-UR-settings.png)
+
+>[!NOTE]
+>To access these settings, both the subscription and workspace require "contributor" permissions. You can view your current role and make changes in other roles by using the **Access control (IAM)** tab in Azure.
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index 91642db1c4..c64965c11f 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -17,6 +17,9 @@ ms.topic: article
# Enrolling devices in Windows Analytics
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
+
If you have not already done so, consult the topics for any of the three Windows Analytics solutions (Update Compliance, Upgrade Readiness, and Device Health) you intend to use and follow the steps there to add the solutions to Azure Portal.
- [Get started with Device Health](device-health-get-started.md)
@@ -37,7 +40,7 @@ To find your commercial ID, first navigate to the **Solutions** tab for your wor
From there, select the settings page, where you can find and copy your commercial ID:
-[](images/azure-portal-UR-settings.png)
+[](images/azure-portal-UR-settings.png)
@@ -107,7 +110,7 @@ The compatibility update scans your devices and enables application usage tracki
With Windows diagnostic data enabled, the Connected User Experience and Telemetry service (DiagTrack) collects system, application, and driver data. Microsoft analyzes this data, and shares it back to you through Windows Analytics. For the best experience, install these updates depending upon the operating system version.
- For Windows 10, install the latest Windows 10 cumulative update.
-- For Windows 8.1, nstall the October 2018 monthly rollup, [KB4462926](https://support.microsoft.com/help/4462926)
+- For Windows 8.1, install the October 2018 monthly rollup, [KB4462926](https://support.microsoft.com/help/4462926)
- For Windows 7, install the October 2018 monthly rollup, [KB4462923](https://support.microsoft.com/help/4462923)
@@ -206,7 +209,7 @@ For more information about Internet Explorer Security Zones, see [About URL Secu
We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from its error checking, and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
-Note that it is possible to intiate a full inventory scan on a device by calling these commands:
+Note that it is possible to initiate a full inventory scan on a device by calling these commands:
- CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun
- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
index d6749b666d..a3b134e6d9 100644
--- a/windows/deployment/update/windows-analytics-privacy.md
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.audience: itpro
-author: greg-lindsay
+author: jaimeo
ms.localizationpriority: high
ms.collection: M365-analytics
ms.topic: article
@@ -19,6 +19,9 @@ ms.topic: article
# Windows Analytics and privacy
+>[!IMPORTANT]
+>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
+
Windows Analytics is fully committed to privacy, centering on these tenets:
- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your company’s security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
index b0c4c10975..581a2a317e 100644
--- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md
+++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
@@ -9,7 +9,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.date: 12/07/2018
ms.topic: article
---
@@ -37,7 +38,7 @@ VAMT enables IT Professionals to manage and activate the ADBA object. Activation
## Related topics
-- [How to Activate an Active Directory Forest Online](https://go.microsoft.com/fwlink/p/?LinkId=246565)
-- [How to Proxy Activate an Active Directory Forest](https://go.microsoft.com/fwlink/p/?LinkId=246566)
+- [How to Activate an Active Directory Forest Online](https://docs.microsoft.com/windows/deployment/volume-activation/activate-forest-vamt)
+- [How to Proxy Activate an Active Directory Forest](https://docs.microsoft.com/windows/deployment/volume-activation/activate-forest-by-proxy-vamt)
diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md
index b2de8f53ee..c1f9331822 100644
--- a/windows/deployment/windows-autopilot/known-issues.md
+++ b/windows/deployment/windows-autopilot/known-issues.md
@@ -31,10 +31,8 @@ This happens because Windows 10, version 1903 deletes the AutopilotConfiguration
To fix this issue: - Edit the Configuration Manager task sequence and disable the Prepare Windows for Capture step.
- Add a new Run command line step that runs c:\windows\system32\sysprep\sysprep.exe /oobe /reboot.
More information
- | The following known issue will be resolved by installing the KB4517211 update, due to be released in late September 2019.
-
-TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed).
- | Download and install the KB4517211 update.
This update is currently pending release.
+ | | TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK certificate. (An additional validation added in Windows 10 1903 to check that the TPM EK certs had the proper attributes according to the TCG specifications uncovered that a number of them don’t, so that validation will be removed).
+ | Download and install the KB4517211 update.
| | The following known issues are resolved by installing the August 30, 2019 KB4512941 update (OS Build 18362.329):
- Windows Autopilot for existing devices feature does not properly suppress “Activities” page during OOBE. (Because of this, you’ll see that extra page during OOBE).
@@ -53,7 +51,12 @@ TPM attestation fails on Windows 10 1903 due to missing AKI extension in EK cert
- You are unable to install UWP apps from the Microsoft Store, causing failures during Windows Autopilot. If you are deploying Company Portal as a blocking app during Windows Autopilot ESP, you’ve probably seen this error.
- A user is not granted administrator rights in the Windows Autopilot user-driven Hybrid Azure AD join scenario. This is another non-English OS issue.
| Download and install the KB4505903 update.
See the section: How to get this update for information on specific release channels you can use to obtain the update.
-
+ | | Windows Autopilot self-deploying mode fails with an error code:
+ |
+| 0x800705B4 | This is a general error indicating a timeout. A common cause of this error in self-deploying mode is that the device is not TPM 2.0 capable (ex: a virtual machine). Devices that are not TPM 2.0 capable cannot be used with self-deploying mode.
+ | | 0x801c03ea | This error indicates that TPM attestation failed, causing a failure to join Azure Active Directory with a device token.
+ | | 0xc1036501 | The device cannot do an automatic MDM enrollment because there are multiple MDM configurations in Azure AD. See Inside Windows Autopilot self-deploying mode.
+ |
| | White glove gives a red screen and the Microsoft-Windows-User Device Registration/Admin event log displays HResult error code 0x801C03F3 | This can happen if Azure AD can’t find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.
To obtain troubleshooting logs use: Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab
| | White glove gives a red screen | White glove is not supported on a VM.
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 939b4ac431..ca49b045ee 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -39,7 +39,7 @@ Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage
Because self-deploying mode uses a device’s TPM 2.0 hardware to authenticate the device into an organization’s Azure AD tenant, devices without TPM 2.0 cannot be used with this mode. The devices must also support TPM device attestation. (All newly-manufactured Windows devices should meet these requirements.)
>[!IMPORTANT]
->If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported).. Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC.
+>If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). Also note that Window 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC. See [Windows Autopilot known issues](known-issues.md) to review other known errors and solutions.
In order to display an organization-specific logo and organization name during the Autopilot process, Azure Active Directory Company Branding needs to be configured with the images and text that should be displayed. See [Quickstart: Add company branding to your sign-in page in Azure AD](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding) for more details.
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index e4021e6946..8e10f74a84 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -14,7 +14,7 @@
### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
### [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
## Enhanced level Windows diagnostic data events and fields
-### [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
+### [Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## Full level categories
### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md)
### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index aed5ac00b0..06c4e844c4 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -390,20 +390,26 @@ However, before more data is gathered, Microsoft’s privacy governance team, in
> [!NOTE]
> Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc.
-## Limit Enhanced diagnostic data to the minimum required by Windows Analytics
+## Limit Enhanced diagnostic data to the minimum required by Desktop Analytics
-Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**.
+> [!IMPORTANT]
+> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
+> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
-In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
+Desktop Analytics reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events.
-- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
+In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data.
+
+- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
- **Some crash dump types.** Triage dumps for user mode and mini dumps for kernel mode.
>[!NOTE]
> Triage dumps are a type of [minidumps](https://docs.microsoft.com/windows/desktop/debug/minidump-files) that go through a process of user-sensitive information scrubbing. Some user-sensitive information may be missed in the process, and will therefore be sent with the dump.
-### Enable limiting enhanced diagnostic data to the minimum required by Windows Analytics
+With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
+
+### Enable limiting enhanced diagnostic data to the minimum required by Desktop Analytics
1. Set the diagnostic data level to **Enhanced**, using either Group Policy or MDM.
diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
index 29da582e50..c6e50f98f3 100644
--- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
+++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
@@ -1,6 +1,6 @@
---
-description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics
-title: Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics (Windows 10)
+description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics
+title: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy (Windows 10)
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
@@ -18,19 +18,24 @@ ms.reviewer:
---
-# Windows 10 enhanced diagnostic data events and fields used by Windows Analytics
+# Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
**Applies to**
- Windows 10, version 1709 and newer
-Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
+> [!IMPORTANT]
+> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
+> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
-In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+Desktop Analytics reports are powered by diagnostic data not included in the Basic level.
+In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+
+With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
## KernelProcess.AppStateChangeSummary
-This event summarizes application usage and performance characteristics to help Microsoft improve performance and reliability. Organizations can use this event with Windows Analytics to gain insights into application reliability.
+This event summarizes application usage and performance characteristics to help Microsoft improve performance and reliability. Organizations can use this event with Desktop Analytics to gain insights into application reliability.
The following fields are available:
@@ -241,7 +246,7 @@ This event is fired when the office application suspends as per app life-cycle c
- **SuspendType:** Type of suspend
## Microsoft.OSG.OSS.CredProvFramework.ReportResultStop
-This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Windows Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
+This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Desktop Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
The following fields are available:
@@ -261,7 +266,7 @@ The following fields are available:
- **UserTag:** Count of the number of times a user has selected a provider
## Microsoft.Windows.Kernel.Power.OSStateChange
-This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Windows Analytics, organizations can use this to monitor reliability and performance of managed devices
+This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can use this to monitor reliability and performance of managed devices
The following fields are available:
@@ -322,7 +327,7 @@ The following field is available:
- **ticksSinceBoot:** Duration of boot event (milliseconds)
## Microsoft.Windows.Shell.Desktop.LogonFramework.AllLogonTasks
-This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Windows Analytics organizations can help identify logon problems on managed devices.
+This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics organizations can help identify logon problems on managed devices.
The following fields are available:
@@ -359,7 +364,7 @@ The following fields are available:
- **status:** Indicates whether errors occurred during WIP learning events
## Win32kTraceLogging.AppInteractivitySummary
-Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Windows Analytics) to understand and improve application reliability on managed devices.
+Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Desktop Analytics) to understand and improve application reliability on managed devices.
The following fields are available:
@@ -415,8 +420,11 @@ A previous revision of this list stated that a field named PartA_UserSid was a m
### Office events added
In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 16 events were added, describing Office app launch and availability. These events were added to improve the precision of Office data in Windows Analytics.
+> [!NOTE]
+> Office data will no longer be provided through this policy in Desktop Analytics.
+
### CertAnalytics events removed
-In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 3 "CertAnalytics" events were removed, as they are no longer required for Windows Analytics.
+In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 3 "CertAnalytics" events were removed, as they are no longer required for Desktop Analytics.
>[!NOTE]
>You can use the Windows Diagnostic Data Viewer to observe and review events and their fields as described in this topic.
diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml
index 96c938dec5..50c83837eb 100644
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 10240.18334
September 23, 2019
KB4522009 | Resolved
KB4520011 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 10240.18334
September 23, 2019
KB4522009 | Resolved
KB4520011 | October 08, 2019
10:00 AM PT |
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | OS Build 10240.18305
August 13, 2019
KB4512497 | Resolved
KB4517276 | August 17, 2019
02:00 PM PT |
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details > | OS Build 10240.18244
June 11, 2019
KB4503291 | Resolved External
| August 09, 2019
07:03 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.
See details > | OS Build 10240.18244
June 11, 2019
KB4503291 | Resolved
KB4507458 | July 09, 2019
10:00 AM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml
index 7cbaf548d3..44e89ad24d 100644
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 14393.3204
September 10, 2019
KB4516044 | Resolved
| September 17, 2019
04:47 PM PT |
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details > | OS Build 14393.3053
June 18, 2019
KB4503294 | Resolved
KB4516044 | September 10, 2019
10:00 AM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 14393.3115
July 16, 2019
KB4507459 | Resolved
KB4512517 | August 13, 2019
10:00 AM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml
index 862a0cb913..b66de78474 100644
--- a/windows/release-information/resolved-issues-windows-10-1703.yml
+++ b/windows/release-information/resolved-issues-windows-10-1703.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 15063.2046
September 23, 2019
KB4522011 | Resolved
KB4520010 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 15063.2046
September 23, 2019
KB4522011 | Resolved
KB4520010 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 15063.2045
September 10, 2019
KB4516068 | Resolved
| September 17, 2019
04:47 PM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 15063.1955
July 16, 2019
KB4507467 | Resolved
KB4512507 | August 13, 2019
10:00 AM PT |
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | OS Build 15063.1988
August 13, 2019
KB4512507 | Resolved
KB4512474 | August 17, 2019
02:00 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
index 2461882d7f..8a16e56715 100644
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
| September 19, 2019
04:08 PM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 16299.1296
July 16, 2019
KB4507465 | Resolved
KB4512516 | August 13, 2019
10:00 AM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | OS Build 16299.1217
June 11, 2019
KB4503284 | Resolved
KB4512494 | August 16, 2019
02:00 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
index 43944d0d5c..aeeb0b6087 100644
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@@ -34,7 +34,7 @@ sections:
| Summary | Originating update | Status | Date resolved |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17134.950
August 13, 2019
KB4512501 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
| September 19, 2019
04:08 PM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 17134.915
July 16, 2019
KB4507466 | Resolved
KB4512501 | August 13, 2019
10:00 AM PT |
Notification issue: \"Your device is missing important security and quality fixes.\"
Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"
See details > | N/A
| Resolved
| September 03, 2019
12:32 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index 4558663c3e..d8ce5f8d4a 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -34,7 +34,7 @@ sections:
| Summary | Originating update | Status | Date resolved |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17763.678
August 13, 2019
KB4511553 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 17763.740
September 23, 2019
KB4522015 | Resolved
KB4519338 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 17763.740
September 23, 2019
KB4522015 | Resolved
KB4519338 | October 08, 2019
10:00 AM PT |
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details > | OS Build 17763.55
October 09, 2018
KB4464330 | Resolved
KB4516077 | September 24, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
| September 19, 2019
04:08 PM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 17763.652
July 22, 2019
KB4505658 | Resolved
KB4511553 | August 13, 2019
10:00 AM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
index 25f5d45af6..e0d9f8160e 100644
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@@ -32,8 +32,8 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.
See details > | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| October 11, 2019
03:15 PM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 18362.357
September 23, 2019
KB4522016 | Resolved
KB4517389 | October 08, 2019
10:00 AM PT |
+ dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.
See details > | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| October 18, 2019
04:33 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 18362.357
September 23, 2019
KB4522016 | Resolved
KB4517389 | October 08, 2019
10:00 AM PT |
Audio in games is quiet or different than expected
Microsoft has received reports that audio in certain games is quieter or different than expected.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
KB4517211 | September 26, 2019
02:00 PM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| September 19, 2019
04:08 PM PT |
Some users report issues related to the Start menu and Windows Desktop Search
A small number of users have reported issues related to the Start menu and Windows Desktop Search.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| September 19, 2019
04:58 PM PT |
@@ -95,7 +95,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | dGPU occasionally disappear from device manager on Surface Book 2 Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open. To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms: - Client: Windows 10, version 1903
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history page for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue. The safeguard hold will be removed in the coming weeks.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| Resolved:
October 11, 2019
03:15 PM PT
Opened:
July 12, 2019
04:20 PM PT |
+ | dGPU occasionally disappear from device manager on Surface Book 2 Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open. To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms: - Client: Windows 10, version 1903
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history page for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue. The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| Resolved:
October 18, 2019
04:33 PM PT
Opened:
July 12, 2019
04:20 PM PT |
Domain connected devices that use MIT Kerberos realms will not start upDevices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4497935. Devices that are domain controllers or domain members are both affected.
To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.
Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: This issue was resolved in KB4512941 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
KB4512941 | Resolved:
August 30, 2019
10:00 AM PT
Opened:
July 25, 2019
06:10 PM PT |
| Issues updating when certain versions of Intel storage drivers are installed Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).
To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST drivers, versions 15.1.0.1002 through version 15.5.2.1053 installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.
Versions 15.5.2.1054 or later are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update. For affected devices, the recommended version is 15.9.8.1050.
Affected platforms: - Client: Windows 10, version 1903
- Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4512941 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
KB4512941 | Resolved:
August 30, 2019
10:00 AM PT
Opened:
July 25, 2019
06:10 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
index 7232cf65f7..018a7f2bc2 100644
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516048 | Resolved
KB4519976 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516048 | Resolved
KB4519976 | October 08, 2019
10:00 AM PT |
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.
See details > | August 13, 2019
KB4512506 | Resolved
KB4516048 | September 24, 2019
10:00 AM PT |
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed
See details > | August 13, 2019
KB4512506 | Resolved External
| August 27, 2019
02:29 PM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | June 11, 2019
KB4503292 | Resolved
KB4512514 | August 17, 2019
02:00 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
index c58e1391c1..773e34d6fa 100644
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516041 | Resolved
KB4520005 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516041 | Resolved
KB4520005 | October 08, 2019
10:00 AM PT |
Windows RT 8.1 devices may have issues opening Internet Explorer 11
On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.
See details > | September 10, 2019
KB4516067 | Resolved
KB4516041 | September 24, 2019
10:00 AM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | June 11, 2019
KB4503276 | Resolved
KB4512478 | August 17, 2019
02:00 PM PT |
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | August 13, 2019
KB4512488 | Resolved
KB4517298 | August 16, 2019
02:00 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
index 57adef5214..535126c94e 100644
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@@ -32,7 +32,8 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516030 | Resolved
KB4520002 | October 08, 2019
10:00 AM PT |
+ Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.
See details > | September 10, 2019
KB4474419 | Resolved
KB4474419 | September 23, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516030 | Resolved
KB4520002 | October 08, 2019
10:00 AM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | June 11, 2019
KB4503273 | Resolved
KB4512499 | August 17, 2019
02:00 PM PT |
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | August 13, 2019
KB4512476 | Resolved
KB4517301 | August 16, 2019
02:00 PM PT |
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details > | June 11, 2019
KB4503273 | Resolved External
| August 09, 2019
07:03 PM PT |
@@ -55,6 +56,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Issues manually installing updates by double-clicking the .msu fileAfter installing the SHA-2 update ( KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"
Affected platforms: - Server: Windows Server 2008 SP2
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet
Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.
Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall.
Back to top | September 10, 2019
KB4474419 | Resolved
KB4474419 | Resolved:
September 23, 2019
10:00 AM PT
Opened:
September 20, 2019
04:57 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
Back to top | September 24, 2019
KB4516030 | Resolved
KB4520002 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
"
diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml
index 1ca43d3f61..660872c996 100644
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516069 | Resolved
KB4520007 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516069 | Resolved
KB4520007 | October 08, 2019
10:00 AM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | June 11, 2019
KB4503285 | Resolved
KB4512512 | August 17, 2019
02:00 PM PT |
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | August 13, 2019
KB4512518 | Resolved
KB4517302 | August 16, 2019
02:00 PM PT |
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details > | June 11, 2019
KB4503285 | Resolved External
| August 09, 2019
07:03 PM PT |
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
index e84e0fc49b..be4512cee7 100644
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 10240.18334
September 23, 2019
KB4522009 | Resolved
KB4520011 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 10240.18334
September 23, 2019
KB4522009 | Resolved
KB4520011 | October 08, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 10240.18094
January 08, 2019
KB4480962 | Mitigated
| April 25, 2019
02:00 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index f91ae43fc4..c75ec5b5a9 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -60,8 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | October 08, 2019
10:00 AM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 14393.3204
September 10, 2019
KB4516044 | Resolved
| September 17, 2019
04:47 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | October 08, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 14393.2724
January 08, 2019
KB4480961 | Mitigated
| April 25, 2019
02:00 PM PT |
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
See details > | OS Build 14393.2608
November 13, 2018
KB4467691 | Mitigated
| February 19, 2019
10:00 AM PT |
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -81,7 +80,6 @@ sections:
text: "
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4519998.
Back to top | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: After investigation, we have found that this issue does not affect this version of Windows.
Back to top | OS Build 14393.3204
September 10, 2019
KB4516044 | Resolved
| Resolved:
September 17, 2019
04:47 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 519ad969c5..9b774ca109 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -64,8 +64,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 15063.2046
September 23, 2019
KB4522011 | Resolved
KB4520010 | October 08, 2019
10:00 AM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 15063.2045
September 10, 2019
KB4516068 | Resolved
| September 17, 2019
04:47 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 15063.2046
September 23, 2019
KB4522011 | Resolved
KB4520010 | October 08, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 15063.1563
January 08, 2019
KB4480973 | Mitigated
| April 25, 2019
02:00 PM PT |
"
@@ -83,7 +82,6 @@ sections:
text: "
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520010.
Back to top | OS Build 15063.2046
September 23, 2019
KB4522011 | Resolved
KB4520010 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: After investigation, we have found that this issue does not affect this version of Windows.
Back to top | OS Build 15063.2045
September 10, 2019
KB4516068 | Resolved
| Resolved:
September 17, 2019
04:47 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index e7cfb4d349..217b281dbc 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -60,8 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | October 08, 2019
10:00 AM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
| September 19, 2019
04:08 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | October 08, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 16299.904
January 08, 2019
KB4480978 | Mitigated
| April 25, 2019
02:00 PM PT |
"
@@ -79,7 +78,6 @@ sections:
text: "
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520004.
Back to top | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4516066, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps: - Select the Start button and type Services.
- Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
- Locate Startup type: and change it to Manual
- Select Ok
- The TabletInputService service is now in the default configuration and IME should work as expected.
Back to top | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
| Resolved:
September 19, 2019
04:08 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index 7ed2748792..9480e53e4d 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -66,8 +66,7 @@ sections:
| Summary | Originating update | Status | Last updated |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17134.950
August 13, 2019
KB4512501 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | October 08, 2019
10:00 AM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
| September 19, 2019
04:08 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | October 08, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 17134.523
January 08, 2019
KB4480966 | Mitigated
| April 25, 2019
02:00 PM PT |
"
@@ -86,7 +85,6 @@ sections:
| Details | Originating update | Status | History |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error codeAfter installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.
Affected platforms: - Client: Windows 10, version 1809; Windows 10, version 1803
Resolution: This issue was resolved in KB4519978.
Back to top | OS Build 17134.950
August 13, 2019
KB4512501 | Resolved
KB4519978 | Resolved:
October 15, 2019
10:00 AM PT
Opened:
September 11, 2019
05:32 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520008.
Back to top | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4516058, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps: - Select the Start button and type Services.
- Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
- Locate Startup type: and change it to Manual
- Select Ok
- The TabletInputService service is now in the default configuration and IME should work as expected.
Back to top | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
| Resolved:
September 19, 2019
04:08 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index a4a29741dd..364659d2b9 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -64,11 +64,11 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
+ Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.
See details > | OS Build 17763.832
October 15, 2019
KB4520062 | Investigating
| October 18, 2019
04:23 PM PT |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17763.678
August 13, 2019
KB4511553 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 17763.740
September 23, 2019
KB4522015 | Resolved
KB4519338 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 17763.740
September 23, 2019
KB4522015 | Resolved
KB4519338 | October 08, 2019
10:00 AM PT |
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details > | OS Build 17763.55
October 09, 2018
KB4464330 | Resolved
KB4516077 | September 24, 2019
10:00 AM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
| September 19, 2019
04:08 PM PT |
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
See details > | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| May 03, 2019
10:59 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| April 09, 2019
10:00 AM PT |
@@ -81,6 +81,15 @@ sections:
"
+- title: October 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ Microsoft Defender Advanced Threat Protection might stop runningAfter installing the optional non-security update ( KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.
Note Microsoft Windows Defender Antivirus is not affected by this issue.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Next steps: At this time, we suggest that devices in an affected environment do not install the optional non-security update, KB4520062. We are working on a resolution and estimate a solution will be available in mid-November.
Back to top | OS Build 17763.832
October 15, 2019
KB4520062 | Investigating
| Last updated:
October 18, 2019
04:23 PM PT
Opened:
October 17, 2019
05:14 PM PT |
+
+ "
+
- title: September 2019
- items:
- type: markdown
@@ -88,7 +97,6 @@ sections:
| Details | Originating update | Status | History |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error codeAfter installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.
Affected platforms: - Client: Windows 10, version 1809; Windows 10, version 1803
Resolution: This issue was resolved in KB4520062.
Back to top | OS Build 17763.678
August 13, 2019
KB4511553 | Resolved
KB4520062 | Resolved:
October 15, 2019
10:00 AM PT
Opened:
September 11, 2019
05:32 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4519338.
Back to top | OS Build 17763.740
September 23, 2019
KB4522015 | Resolved
KB4519338 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4512578, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps: - Select the Start button and type Services.
- Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
- Locate Startup type: and change it to Manual
- Select Ok
- The TabletInputService service is now in the default configuration and IME should work as expected.
Back to top | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
| Resolved:
September 19, 2019
04:08 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
index 4a9b8d4364..f1e8b5126b 100644
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -64,11 +64,9 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.
See details > | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| October 11, 2019
03:15 PM PT |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | OS Build 18362.357
September 23, 2019
KB4522016 | Resolved
KB4517389 | October 08, 2019
10:00 AM PT |
+ dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.
See details > | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| October 18, 2019
04:33 PM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 18362.357
September 23, 2019
KB4522016 | Resolved
KB4517389 | October 08, 2019
10:00 AM PT |
Audio in games is quiet or different than expected
Microsoft has received reports that audio in certain games is quieter or different than expected.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
KB4517211 | September 26, 2019
02:00 PM PT |
- IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| September 19, 2019
04:08 PM PT |
- Some users report issues related to the Start menu and Windows Desktop Search
A small number of users have reported issues related to the Start menu and Windows Desktop Search.
See details > | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| September 19, 2019
04:58 PM PT |
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.
See details > | N/A
| Mitigated
| September 13, 2019
05:25 PM PT |
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.
See details > | OS Build 18362.145
May 29, 2019
KB4497935 | Investigating
| August 16, 2019
04:28 PM PT |
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated External
| August 01, 2019
08:44 PM PT |
@@ -93,8 +91,6 @@ sections:
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517389.
Back to top | OS Build 18362.357
September 23, 2019
KB4522016 | Resolved
KB4517389 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
| Audio in games is quiet or different than expected Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.
Affected platforms: - Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4517211.
Back to top | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
KB4517211 | Resolved:
September 26, 2019
02:00 PM PT
Opened:
September 13, 2019
05:25 PM PT |
- | IME may become unresponsive or have High CPU usage Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016
Resolution: Due to security related changes in KB4515384, this issue may occur when Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps: - Select the Start button and type Services.
- Locate Touch Keyboard and Handwriting Panel Service and double click on it or long press and select Properties.
- Locate Startup type: and change it to Manual
- Select Ok
- The TabletInputService service is now in the default configuration and IME should work as expected.
Back to top | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| Resolved:
September 19, 2019
04:08 PM PT
Opened:
September 13, 2019
05:25 PM PT |
- | Some users report issues related to the Start menu and Windows Desktop Search Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.
Affected platforms: - Client: Windows 10, version 1903
Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.
Back to top | OS Build 18362.356
September 10, 2019
KB4515384 | Resolved
| Resolved:
September 19, 2019
04:58 PM PT
Opened:
September 11, 2019
05:18 PM PT |
| Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on specific models of NEC devices. If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections. The Wi-Fi driver may have a yellow exclamation point in device manager. The task tray icon for networking may show the icon for no internet and Network & Internet settings may not show any Wi-Fi networks.
To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.
Affected platforms: - Client: Windows 10, version 1903
Workaround: If you are using an affected device and you have already installed Windows 10, version 1903, you can mitigate the issue disabling then re-enabling the Wi-Fi adapter in Device Manager. You should now be able to use Wi-Fi until your next reboot.
Next steps: Microsoft and NEC are working on a resolution and will provide an update in an upcoming release.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Back to top | N/A
| Mitigated
| Last updated:
September 13, 2019
05:25 PM PT
Opened:
September 13, 2019
05:25 PM PT |
"
@@ -113,7 +109,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | dGPU occasionally disappear from device manager on Surface Book 2 Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open. To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms: - Client: Windows 10, version 1903
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history page for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue. The safeguard hold will be removed in the coming weeks.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| Resolved:
October 11, 2019
03:15 PM PT
Opened:
July 12, 2019
04:20 PM PT |
+ | dGPU occasionally disappear from device manager on Surface Book 2 Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open. To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until this issue is resolved. Affected platforms: - Client: Windows 10, version 1903
Resolved: To resolve this issue, you will need to update the firmware of your Surface Book 2 device. Please see the Surface Book 2 update history page for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue. The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.
Back to top | OS Build 18362.145
May 29, 2019
KB4497935 | Resolved
| Resolved:
October 18, 2019
04:33 PM PT
Opened:
July 12, 2019
04:20 PM PT |
"
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index 3d71ca817a..8102e3efa0 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516048 | Resolved
KB4519976 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516048 | Resolved
KB4519976 | October 08, 2019
10:00 AM PT |
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.
See details > | August 13, 2019
KB4512506 | Resolved
KB4516048 | September 24, 2019
10:00 AM PT |
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.
See details > | August 13, 2019
KB4512506 | Mitigated
| August 17, 2019
12:59 PM PT |
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index 378e8da44f..068427814b 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516041 | Resolved
KB4520005 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516041 | Resolved
KB4520005 | October 08, 2019
10:00 AM PT |
Windows RT 8.1 devices may have issues opening Internet Explorer 11
On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.
See details > | September 10, 2019
KB4516067 | Resolved
KB4516041 | September 24, 2019
10:00 AM PT |
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.
See details > | April 25, 2019
KB4493443 | Mitigated
| May 15, 2019
05:53 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | January 08, 2019
KB4480963 | Mitigated
| April 25, 2019
02:00 PM PT |
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index fda671a495..0df1e85294 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -60,8 +60,8 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516030 | Resolved
KB4520002 | October 08, 2019
10:00 AM PT |
- Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.
See details > | September 10, 2019
KB4474419 | Mitigated
KB4474419 | September 24, 2019
08:17 AM PT |
+ Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.
See details > | September 10, 2019
KB4474419 | Resolved
KB4474419 | September 23, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516030 | Resolved
KB4520002 | October 08, 2019
10:00 AM PT |
"
@@ -77,7 +77,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Issues manually installing updates by double-clicking the .msu fileAfter installing the SHA-2 update ( KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"
Affected platforms: - Server: Windows Server 2008 SP2
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet
Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.
Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall.
Back to top | September 10, 2019
KB4474419 | Resolved
KB4474419 | Resolved:
September 23, 2019
10:00 AM PT
Opened:
September 20, 2019
04:57 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms: - Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform.
Back to top | September 24, 2019
KB4516030 | Resolved
KB4520002 | Resolved:
October 08, 2019
10:00 AM PT
Opened:
September 30, 2019
06:26 PM PT |
- Issues manually installing updates by double-clicking the .msu fileAfter installing the SHA-2 update ( KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"
Affected platforms: - Server: Windows Server 2008 SP2
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet
Resolution: This issue is resolved in KB4474419 released September 23, 2019. Currently, this version is only available from the Microsoft Update Catalog. To resolve this issue, you will need to manually download the package and use the workaround above to install it.
Next steps: We estimate a solution will be available in mid-October on Windows Update and Windows Server Update Services (WSUS).
Back to top | September 10, 2019
KB4474419 | Mitigated
KB4474419 | Last updated:
September 24, 2019
08:17 AM PT
Opened:
September 20, 2019
04:57 PM PT |
"
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index 27a39802c2..e05f9d92b9 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing.
See details > | September 24, 2019
KB4516069 | Resolved
KB4520007 | October 08, 2019
10:00 AM PT |
+ Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516069 | Resolved
KB4520007 | October 08, 2019
10:00 AM PT |
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.
See details > | April 25, 2019
KB4493462 | Mitigated
| May 15, 2019
05:53 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | January 08, 2019
KB4480975 | Mitigated
| April 25, 2019
02:00 PM PT |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
index 000e35587d..53ed00fa28 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
@@ -41,7 +41,7 @@ Yes, BitLocker supports multifactor authentication for operating system drives.
For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
> [!NOTE]
-> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it is cannot be protected by BitLocker.
+> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it cannot be protected by BitLocker.
## Why are two partitions required? Why does the system drive have to be so large?
@@ -78,4 +78,4 @@ To turn on, turn off, or change configurations of BitLocker on operating system
## What is the recommended boot order for computers that are going to be BitLocker-protected?
-You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such ach as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.
+You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked.
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index bd96309c30..4ab3d8f320 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -123,7 +123,7 @@ The following table defines which Windows features require TPM support.
TPM Platform Crypto Provider Key Storage Provider| Yes | Yes | Yes
Virtual Smart Card | Yes | Yes | Yes
Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM.
- Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
+ Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required for white glove and self-deploying scenarios.
SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
DRTM | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index 613f28d976..cdfc758875 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -102,7 +102,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- Outbound – for unbound connections.
-- **Source Address** \[Type = UnicodeString\]**:** local IP address on which application received the connection.
+- **Source Address** \[Type = UnicodeString\]**:** IP address from which the connection was initiated.
- IPv4 Address
@@ -114,9 +114,9 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- 127.0.0.1 , ::1 - localhost
-- **Source Port** \[Type = UnicodeString\]**:** port number on which application received the connection.
+- **Source Port** \[Type = UnicodeString\]**:** port number from which the connection was initiated.
-- **Destination Address** \[Type = UnicodeString\]**:** IP address ***from*** which connection was received or initiated.
+- **Destination Address** \[Type = UnicodeString\]**:** IP address where the connection was received.
- IPv4 Address
@@ -128,7 +128,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- 127.0.0.1 , ::1 - localhost
-- **Destination Port** \[Type = UnicodeString\]**:** port number which was used from remote machine to initiate connection.
+- **Destination Port** \[Type = UnicodeString\]**:** port number where the connection was received.
- **Protocol** \[Type = UInt32\]: number of protocol which was used.
@@ -184,7 +184,7 @@ For 5156(S): The Windows Filtering Platform has permitted a connection.
- If you need to monitor all inbound connections to a specific local port, monitor for [5156](event-5156.md) events with that “**Source Port**.**”**
-- Monitor for all connections with a “**Protocol Number”** that is not typical for this device or compter, for example, anything other than 1, 6, or 17.
+- Monitor for all connections with a “**Protocol Number”** that is not typical for this device or computer, for example, anything other than 1, 6, or 17.
- If the computer’s communication with “**Destination Address”** should always use a specific “**Destination Port**,**”** monitor for any other “**Destination Port**.”
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
index 7d87930ea5..8829cf492a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 04/24/2018
---
# Enable Secure Score security controls
@@ -27,7 +26,7 @@ ms.date: 04/24/2018
-Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
+Set the baselines for calculating the score of security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
>[!NOTE]
>Changes might take up to a few hours to reflect on the dashboard.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
index 4d70c50373..d0ad0448da 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
@@ -1,7 +1,7 @@
---
title: See how exploit protection works in a demo
description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps.
-keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
+keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigation
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@@ -10,9 +10,9 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
audience: ITPro
-author: levinec
-ms.author: ellevin
-ms.date: 04/02/2019
+author: denisebmsft
+ms.author: deniseb
+ms.date: 10/21/2019
ms.reviewer:
manager: dansimp
---
@@ -23,21 +23,16 @@ manager: dansimp
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices.
-It consists of a number of mitigations that can be applied to either the operating system or an individual app.
-Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection.
+[Exploit protection](exploit-protection.md) helps protect devices from malware that uses exploits to spread and infect other devices. Mitigation can be applied to either the operating system or to an individual app. Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](emet-exploit-protection.md) are included in exploit protection.
-This topic helps you enable exploit protection in audit mode and review related events in Event Viewer.
-You can enable audit mode for certain app-level mitigations to see how they will work in a test environment.
-This lets you see a record of what *would* have happened if you had enabled the mitigation in production.
-You can make sure it doesn't affect your line-of-business apps, and see which suspicious or malicious events occur.
+This article helps you enable exploit protection in audit mode and review related events in Event Viewer. You can enable audit mode to see how mitigation works for certain apps in a test environment. By auditing exploit protection, you can see what *would* have happened if you had enabled exploit protection in your production environment. This way, you can help ensure exploit protection doesn't adversely affect your line-of-business apps, and you can see which suspicious or malicious events occur.
> [!TIP]
> You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
## Enable exploit protection in audit mode
-You can set mitigations in audit mode for specific programs either by using the Windows Security app or PowerShell.
+You can set mitigation in audit mode for specific programs either by using the Windows Security app or Windows PowerShell.
### Windows Security app
@@ -45,12 +40,12 @@ You can set mitigations in audit mode for specific programs either by using the
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
-3. Go to **Program settings** and choose the app you want to apply mitigations to:
+3. Go to **Program settings** and choose the app you want to apply protection to:
1. If the app you want to configure is already listed, click it and then click **Edit**
- 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
- * Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- * Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
+ 2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.
+ - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
+ - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
@@ -76,14 +71,14 @@ Where:
* \:
* The mitigation's cmdlet as defined in the following table. Each mitigation is separated with a comma.
- Mitigation | Audit mode cmdlet
--|-
- Arbitrary code guard (ACG) | AuditDynamicCode
- Block low integrity images | AuditImageLoad
- Block untrusted fonts | AuditFont, FontAuditOnly
- Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned
- Disable Win32k system calls | AuditSystemCall
- Do not allow child processes | AuditChildProcess
+ |Mitigation | Audit mode cmdlet |
+|---|---|
+ |Arbitrary code guard (ACG) | AuditDynamicCode |
+ |Block low integrity images | AuditImageLoad
+ |Block untrusted fonts | AuditFont, FontAuditOnly |
+ |Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned |
+ |Disable Win32k system calls | AuditSystemCall |
+ |Do not allow child processes | AuditChildProcess |
For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command:
@@ -97,14 +92,14 @@ You can disable audit mode by replacing `-Enable` with `-Disable`.
To review which apps would have been blocked, open Event Viewer and filter for the following events in the Security-Mitigations log.
-Feature | Provider/source | Event ID | Description
--|-|-|-
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
- Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
+|Feature | Provider/source | Event ID | Description |
+|---|---|--|---|
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit |
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit |
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit |
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit |
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit |
+ |Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit |
## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index b657e78ae2..c7ae3aac79 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -1,7 +1,7 @@
---
title: Microsoft Defender ATP evaluation lab
description: Learn about Microsoft Defender ATP capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
-keywords:
+keywords: evaluate mdatp, evaluation, lab, simulation, windows 10, windows server 2019, evaluation lab
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -26,12 +26,18 @@ Conducting a comprehensive security product evaluation can be a complex process
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can
focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
-When you get started with the lab, you'll be guided through a simple set-up process where your tenant will be provisioned with test machines. These test machines will come pre-configured to have the latest and greatest Windows 10 version with the right security components in place and Office 2019 Standard installed.
+When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs.
+
+After the lab setup process is complete, you can add Windows 10 or Windows Server 2019 machines. These test machines come pre-configured to have the latest and greatest OS versions with the right security components in place and Office 2019 Standard installed.
With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs.
You'll have full access to all the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers.
+## Before you begin
+You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab.
+
+Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
## Get started with the lab
You can access the lab from the menu. In the navigation menu, select **Evaluation and tutorials > Evaluation lab**.
@@ -43,15 +49,28 @@ When you access the evaluation lab for the first time, you'll find an introducti
It's a good idea to read the guide before starting the evaluation process so that you can conduct a thorough assessment of the platform.
>[!NOTE]
->- Each environment is provisioned with only three test machines.
->- Each machine will be available for only three days from the day of activation.
->- When you've used up these three machines, no new machines are provided.
-Deleting a machine does not refresh the available test machine count.
+>- Each environment is provisioned with a limited set of test machines.
+>- Depending the type of environment structure you select, machines will be available for the specified number of hours from the day of activation.
+>- When you've used up the provisioned machines, no new machines are provided. A deleted machine does not refresh the available test machine count.
>- Given the limited resources, it’s advisable to use the machines carefully.
-## Evaluation setup
-When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. The machine will be configured with the most up to date version of Windows 10 and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals.
+## Setup the evaluation lab
+
+1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**, then select **Setup lab**.
+
+ 
+
+2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Create lab**.
+
+ 
+
+When the environment completes the setup process, you're ready to add machines.
+
+## Add machines
+When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. You can add Windows 10 or Windows Server 2019 machines.
+
+The machine will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals.
The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side.
@@ -74,33 +93,27 @@ Automated investigation settings will be dependent on tenant settings. It will b
>[!NOTE]
>The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
+1. From the dashboard, select **Add machine**.
-1. In the navigation pane, select **Evaluation and tutorials > Evaluation lab**.
+ 
-2. Select **Prepare lab**.
- 
+2. Choose the type of machine to add. You can choose to add Windows 10 or Windows Server 2019.
-3. Select **Add machine**.
+ 
- >[!WARNING]
- >- Each environment is provisioned with only three test machines.
- >- Each machine will be available for only three days from the day of activation.
- >- When you've used up these three machines, no new machines are provided.
- Deleting a machine does not refresh the available test machine count.
- >- Given the limited resources, it’s advisable to use the machines carefully.
-
- 
>[!NOTE]
>If something goes wrong with the machine creation process, you'll be notified and you'll need to submit a new request. If the machine creation fails, it will not be counted against the overall allowed quota.
-4. The connection details are displayed. Select **Copy** to save the password for the machine.
+3. The connection details are displayed. Select **Copy** to save the password for the machine.
>[!NOTE]
>The password is only displayed once. Be sure to save it for later use.
-5. Machine set up begins. This can take up to approximately 30 minutes.
+ 
+
+4. Machine set up begins. This can take up to approximately 30 minutes.
The environment will reflect your test machine status through the evaluation - including risk score, exposure score, and alerts created through the simulation.
@@ -165,5 +178,5 @@ Your feedback helps us get better in protecting your environment from advanced a
Let us know what you think, by selecting **Provide feedback**.
-
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png
new file mode 100644
index 0000000000..2b5b014a6b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-eval-lab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png
new file mode 100644
index 0000000000..2187629052
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-evaluation-lab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png
new file mode 100644
index 0000000000..1e9dc0b534
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/add-machine-options.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png b/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png
new file mode 100644
index 0000000000..fda12c1b95
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/evaluation-lab-setup.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png
new file mode 100644
index 0000000000..5f76ba9386
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/lab-creation-page.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png
new file mode 100644
index 0000000000..b67a8198a8
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/lab-setup-page.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png
new file mode 100644
index 0000000000..81d97b7fed
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/machine-added-evaluation-lab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png b/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png
new file mode 100644
index 0000000000..8b37ac8a3a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/send-us-feedback-eval-lab.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index 56e0d4eeb2..249d6de806 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 010/08/2018
+ms.date: 10/08/2018
---
# Manage Microsoft Defender ATP incidents
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index 10cc42c9f3..f76c49cd91 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -9,83 +9,83 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 09/03/2018
+author: denisebmsft
+ms.author: deniseb
+ms.date: 10/18/2019
ms.reviewer:
manager: dansimp
+ms.custom: nextgen
---
# Manage the sources for Windows Defender Antivirus protection updates
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-There are two components to managing protection updates - where the updates are downloaded from, and when updates are downloaded and applied.
+Keeping your antivirus protection up to date is critical. There are two components to managing protection updates for Windows Defender Antivirus:
+- *Where* the updates are downloaded from; and
+- *When* updates are downloaded and applied.
-This topic describes where you can specify the updates should be downloaded from, also known as the fallback order.
+This article describes the *where* - how to specify where updates should be downloaded from (this is also known as the fallback order). See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates).
+
+> [!IMPORTANT]
+> Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
-See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates).
-There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure endpoints to individually download the updates from a primary source, followed by the other sources in order of priority based on your network configuration.
+## Fallback order
-Updates will be obtained from the sources in the order you specify. If a source is not available, the next source in the list will be used.
+Typically, you configure endpoints to individually download updates from a primary source, followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used.
-You can use the following sources:
+When updates are published, some logic is applied to minimize the size of the update. In most cases, only the differences between the latest update and the update that is currently installed (this is referred to as the delta) on the device is downloaded and applied. However, the size of the delta depends on two main factors:
+- The age of the last update on the device; and
+- The source used to download and apply updates.
+The older the updates on an endpoint, the larger the download will be. However, you must also consider download frequency as well. A more frequent update schedule can result in more network usage, whereas a less-frequent schedule can result in larger file sizes per download.
-- Microsoft Update
-- [Windows Server Update Service (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx)
-- System Center Configuration Manager
-- A network file share
-- The [Microsoft Malware Protection Center Security intelligence page (MMPC)](https://www.microsoft.com/security/portal/definitions/adl.aspx)
+There are five locations where you can specify where an endpoint should obtain updates:
+- [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq)
+- [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus)
+- [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/servers/manage/updates)
+- [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview)
+- [Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.)
-When updates are published, some logic will be applied to minimize the size of the update. In most cases, only the "delta" (or the differences between the latest update and the update that is currently installed on the endpoint) will be downloaded and applied. However, the size of the delta depends on:
-
-- How old the current update on the endpoint is
-- Which source you use
-
-
-The older the updates on an endpoint, the larger the download. However, you must also consider frequency versus size - a more frequent update schedule may result in more ad hoc network usage, while a less-frequent schedule may result in larger file sizes.
-
-Microsoft Update allows for rapid releases, which means it will download small deltas on a frequent basis. This ensures the best protection, but may increase network bandwidth.
-
-The WSUS, Configuration Manager, and MMPC sources will deliver less frequent updates. The size of the updates may be slightly larger than the frequent release from Microsoft Update (as the delta, or differences between the latest version and what is on the endpoint will be larger). This ensures consistent protection without increasing ad hoc network usage (although the amount of data may be the same or increased as the updates will be fewer, but may be slightly larger).
+To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, System Center Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads.
> [!IMPORTANT]
-> If you have set MMPC as a fallback source after WSUS or Microsoft Update, updates will only be downloaded from MMPC when the current update is considered to be out-of-date (by default, this is 14 consecutive days of not being able to apply updates from the WSUS or Microsoft Update services).
-> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).
+> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
+> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).
+> Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
Each source has typical scenarios that depend on how your network is configured, in addition to how often they publish updates, as described in the following table:
-Location | Sample scenario
----|---
-WSUS | You are using WSUS to manage updates for your network.
-Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use WSUS to manage your updates.
-File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.
-Configuration Manager | You are using System Center Configuration Manager to update your endpoints.
-MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from WSUS or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).
+|Location | Sample scenario |
+|---|---|
+|Windows Server Update Service | You are using Windows Server Update Service to manage updates for your network.|
+|Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use Windows Server Update Service to manage your updates.|
+|File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.|
+|System Center Configuration Manager | You are using System Center Configuration Manager to update your endpoints.|
+|Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively.
Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).|
You can manage the order in which update sources are used with Group Policy, System Center Configuration Manager, PowerShell cmdlets, and WMI.
> [!IMPORTANT]
-> If you set WSUS as a download location, you must approve the updates - regardless of what management tool you use to specify the location. You can set up an automatic approval rule with WSUS, which may be useful as updates arrive at least once a day. See [To synchronize endpoint protection updates in standalone WSUS](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) for more details.
+> If you set Windows Server Update Service as a download location, you must approve the updates, regardless of the management tool you use to specify the location. You can set up an automatic approval rule with Windows Server Update Service, which might be useful as updates arrive at least once a day. To learn more, see [synchronize endpoint protection updates in standalone Windows Server Update Service](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus).
The procedures in this article first describe how to set the order, and then how to set up the **File share** option if you have enabled it.
-**Use Group Policy to manage the update location:**
+## Use Group Policy to manage the update location
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**.
@@ -103,7 +103,7 @@ The procedures in this article first describe how to set the order, and then how
4. Double-click the **Define file shares for downloading security intelligence updates** setting and set the option to **Enabled**.
- 5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://msdn.microsoft.com/library/gg465305.aspx) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates.
+ 5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://docs.microsoft.com/openspecs/windows_protocols/ms-dtyp/62e862f4-2a51-452e-8eeb-dc4ff5ee33cc) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates.
6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting.
@@ -111,12 +111,12 @@ The procedures in this article first describe how to set the order, and then how
> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Windows Defender Antivirus > Signature Updates**
> For Windows 10, version 1903, the policy path is **Windows Components > Windows Defender Antivirus > Security Intelligence Updates**
-**Use Configuration Manager to manage the update location:**
+## Use Configuration Manager to manage the update location
See [Configure Security intelligence Updates for Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definition-updates) for details on configuring System Center Configuration Manager (current branch).
-**Use PowerShell cmdlets to manage the update location:**
+## Use PowerShell cmdlets to manage the update location
Use the following PowerShell cmdlets to set the update order.
@@ -125,14 +125,14 @@ Set-MpPreference -SignatureFallbackOrder {LOCATION|LOCATION|LOCATION|LOCATION}
Set-MpPreference -SignatureDefinitionUpdateFileSharesSource {\\UNC SHARE PATH|\\UNC SHARE PATH}
```
See the following for more information:
-- [Set-MpPreference -SignatureFallbackOrder](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturefallbackorder)
+- [Set-MpPreference -SignatureFallbackOrder](https://docs.microsoft.com/powershell/module/defender/set-mppreference)
- [Set-MpPreference -SignatureDefinitionUpdateFileSharesSource](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources)
- [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)
-- [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
+- [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index)
-**Use Windows Management Instruction (WMI) to manage the update location:**
+## Use Windows Management Instruction (WMI) to manage the update location
-Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
+Use the [**Set** method of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties:
```WMI
SignatureFallbackOrder
@@ -140,21 +140,14 @@ SignatureDefinitionUpdateFileSharesSource
```
See the following for more information:
-- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
+- [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
-**Use Mobile Device Management (MDM) to manage the update location:**
+## Use Mobile Device Management (MDM) to manage the update location
See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-signatureupdatefallbackorder) for details on configuring MDM.
-
-
-
-
-
-
-
-## Related topics
+## Related articles
- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
index 7a0f0c27d6..84e9cb78dd 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
@@ -188,7 +188,102 @@ You may now enroll more devices. You can also enroll them later, after you have
```
-9. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
+9. To whitelist Defender and Auto Update for displaying notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload:
+
+ ```xml
+
+
+
+
+ PayloadContent
+
+
+ NotificationSettings
+
+
+ AlertType
+ 2
+ BadgesEnabled
+
+ BundleIdentifier
+ com.microsoft.autoupdate2
+ CriticalAlertEnabled
+
+ GroupingType
+ 0
+ NotificationsEnabled
+
+ ShowInLockScreen
+
+ ShowInNotificationCenter
+
+ SoundsEnabled
+
+
+
+ AlertType
+ 2
+ BadgesEnabled
+
+ BundleIdentifier
+ com.microsoft.wdavtray
+ CriticalAlertEnabled
+
+ GroupingType
+ 0
+ NotificationsEnabled
+
+ ShowInLockScreen
+
+ ShowInNotificationCenter
+
+ SoundsEnabled
+
+
+
+ PayloadDescription
+
+ PayloadDisplayName
+ notifications
+ PayloadEnabled
+
+ PayloadIdentifier
+ BB977315-E4CB-4915-90C7-8334C75A7C64
+ PayloadOrganization
+ Microsoft
+ PayloadType
+ com.apple.notificationsettings
+ PayloadUUID
+ BB977315-E4CB-4915-90C7-8334C75A7C64
+ PayloadVersion
+ 1
+
+
+ PayloadDescription
+
+ PayloadDisplayName
+ mdatp - allow notifications
+ PayloadEnabled
+
+ PayloadIdentifier
+ 85F6805B-0106-4D23-9101-7F1DFD5EA6D6
+ PayloadOrganization
+ Microsoft
+ PayloadRemovalDisallowed
+
+ PayloadScope
+ System
+ PayloadType
+ Configuration
+ PayloadUUID
+ 85F6805B-0106-4D23-9101-7F1DFD5EA6D6
+ PayloadVersion
+ 1
+
+
+ ```
+
+10. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**:
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
index 84088ccd42..99a5b6cc89 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -118,6 +118,16 @@ Save the **Configuration Profile**.
Use the **Logs** tab to monitor deployment status for each enrolled device.
+### Notification settings
+
+Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all machines with Defender:
+
+ ```xml
+
+
+ PayloadContentNotificationSettingsAlertType2BadgesEnabledBundleIdentifiercom.microsoft.autoupdate2CriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledAlertType2BadgesEnabledBundleIdentifiercom.microsoft.wdavtrayCriticalAlertEnabledGroupingType0NotificationsEnabledShowInLockScreenShowInNotificationCenterSoundsEnabledPayloadDescriptionPayloadDisplayNamenotificationsPayloadEnabledPayloadIdentifierBB977315-E4CB-4915-90C7-8334C75A7C64PayloadOrganizationMicrosoftPayloadTypecom.apple.notificationsettingsPayloadUUIDBB977315-E4CB-4915-90C7-8334C75A7C64PayloadVersion1PayloadDescriptionPayloadDisplayNamemdatp - allow notificationsPayloadEnabledPayloadIdentifier85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadOrganizationMicrosoftPayloadRemovalDisallowedPayloadScopeSystemPayloadTypeConfigurationPayloadUUID85F6805B-0106-4D23-9101-7F1DFD5EA6D6PayloadVersion1
+ ```
+
### Package
1. Create a package in **Settings > Computer Management > Packages**.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
index 2f67653ec0..70d70defed 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@@ -72,7 +72,7 @@ There are several ways to uninstall Microsoft Defender ATP for Mac. Please note
### From the command line
-- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
+- ```sudo rm -rf '/Applications/Microsoft Defender ATP.app'```
## Configuring from the command line
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 8324650680..6a39c1dd9a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -36,7 +36,7 @@ With Tamper Protection, malicious apps are prevented from taking actions like th
## How it works
- Tamper Protection essentially locks Microsoft Defender and prevents your security settings from being changed through apps and methods like these:
+ Tamper Protection essentially locks Windows Defender Antivirus and prevents your security settings from being changed through apps and methods like these:
- Configuring settings in Registry Editor on your Windows machine
- Changing settings through PowerShell cmdlets
- Editing or removing security settings through group policies
@@ -70,16 +70,16 @@ If you are a home user, or you are not subject to settings managed by a security
## Turn Tamper Protection on (or off) for your organization using Intune
-If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and that you meet the prerequisites listed below.)
+If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) (Microsoft Defender ATP) and that you meet the prerequisites listed below.)
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
1. Make sure your organization meets the following requirements:
- - Your organization must have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.)
+ - Your organization must have [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.)
- Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities).
- Your Windows machines must be running [Windows OS 1903](https://docs.microsoft.com/windows/release-information/status-windows-10-1903) or later.
- - You must be using Windows security and update [security intelligence](https://www.microsoft.com/wdsi/definitions) to version 1.287.60.0 (or above)
+ - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above)
- Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). (See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).)
2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account.
@@ -108,7 +108,7 @@ No
No, third-party antivirus will continue to register with the Windows Security application.
-### What happens if Microsoft Defender is not active on a device?
+### What happens if Microsoft Defender Antivirus is not active on a device?
Tamper Protection will not have any impact on such devices.
@@ -116,14 +116,14 @@ Tamper Protection will not have any impact on such devices.
If you are a home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
-If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
+If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
-### How does configuring Tamper Protection in Intune affect how I manage Windows Defender through my group policy?
+### How does configuring Tamper Protection in Intune affect how I manage Windows Defender Antivirus through my group policy?
-Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender settings will be ignored when Tamper Protection is on.
+Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on.
-### For Microsoft Defender Advanced Threat Protection E5, is configuring Tamper Protection in Intune targeted to the entire organization only?
+### For Microsoft Defender ATP E5, is configuring Tamper Protection in Intune targeted to the entire organization only?
Configuring Tamper Protection in Intune can be targeted to your entire organization as well as to devices and user groups with Intune.
@@ -135,7 +135,7 @@ Currently we do not have support to manage Tamper Protection through System Cent
Currently, configuring Tamper Protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
-### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
+### What happens if I try to change Microsoft Defender ATP settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
You won’t be able to change the features that are protected by Tamper Protection; those change requests are ignored.
@@ -143,11 +143,11 @@ You won’t be able to change the features that are protected by Tamper Protecti
No. Local admins cannot change or modify Tamper Protection settings.
-### What happens if my device is onboarded with Microsoft Defender Advanced Threat Protection and then goes into an off-boarded state?
+### What happens if my device is onboarded with Microsoft Defender ATP and then goes into an off-boarded state?
In this case, Tamper Protection status changes, and this feature is no longer applied.
-### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Advanced Threat Protection portal?
+### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Security Center?
Yes. The alert is shown in [https://securitycenter.microsoft.com](https://microsoft.securitycenter.com) under **Alerts**.
@@ -167,4 +167,4 @@ No.
[Microsoft 365 Enterprise overview (at a glance)](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview#at-a-glance)
-[Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
+[Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index db654141a9..287c247293 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -64,7 +64,7 @@ You can set several rule options within a WDAC policy. Table 2 describes each ru
| **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. |
| **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. |
| **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
-| **11 Disabled:Script Enforcement** | This option is not currently supported. |
+| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to Restricted Language Mode. NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. |
| **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. |
| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. |
| **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index ae7c4a20a4..c2b8dc832a 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -67,8 +67,8 @@ Answering frequently asked questions about Windows Defender Application Guard (A
| | |
|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? |
-| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. |
+| **Q:** | How do I configure Windows Defender Application Guard to work with my network proxy (IP-Literal Addresses)? |
+| **A:** | Windows Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. |
@@ -76,7 +76,7 @@ Answering frequently asked questions about Windows Defender Application Guard (A
| | |
|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Q:** | Which Input Method Editors (IME) in 19H1 are not supported? |
-| **A:** | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in WDAG.
Vietnam Telex keyboard
Vietnam number key-based keyboard
Hindi phonetic keyboard
Bangla phonetic keyboard
Marathi phonetic keyboard
Telugu phonetic keyboard
Tamil phonetic keyboard
Kannada phonetic keyboard
Malayalam phonetic keyboard
Gujarati phonetic keyboard
Odia phonetic keyboard
Punjabi phonetic keyboard |
+| **A:** | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Windows Defender Application Guard.
Vietnam Telex keyboard
Vietnam number key-based keyboard
Hindi phonetic keyboard
Bangla phonetic keyboard
Marathi phonetic keyboard
Telugu phonetic keyboard
Tamil phonetic keyboard
Kannada phonetic keyboard
Malayalam phonetic keyboard
Gujarati phonetic keyboard
Odia phonetic keyboard
Punjabi phonetic keyboard |
@@ -111,3 +111,17 @@ Answering frequently asked questions about Windows Defender Application Guard (A
+| | |
+|--------|-----------------------------------------------------------------------------------------------|
+| **Q:** | Is there a size limit to the domain lists that I need to configure? |
+| **A:** | Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383B limit.|
+
+
+
+| | |
+|--------|-----------------------------------------------------------------------------------------------|
+| **Q:** | Why does my encryption driver break Windows Defender Application Guard? |
+| **A:** | Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work. |
+
+
+
| |