deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-mathavale-5560668-part3

Browse Source
This commit is contained in:
Thomas Raya 2021-12-14 10:37:04 -08:00 committed by GitHub
commit e4ea2ff035
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
56 changed files with 175 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/deployment/update/quality-updates.md
View File

@ -61,7 +61,7 @@ Some key considerations about OOB releases include:
## More information ## More information
For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](https://support.microsoft.com/help/824684) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942). For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](/troubleshoot/windows-client/deployment/standard-terminology-software-updates) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942).
## Related topics ## Related topics

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -118,7 +118,7 @@ Delivery Optimization also communicates with its cloud service by using HTTP/HTT
#### What are the requirements if I use a proxy? #### What are the requirements if I use a proxy?
For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
#### What hostnames should I allow through my firewall to support Delivery Optimization? #### What hostnames should I allow through my firewall to support Delivery Optimization?

2
windows/deployment/update/waas-overview.md
View File

@ -113,7 +113,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s
Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 23 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 23 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
> [!NOTE] > [!NOTE]
> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). > LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesnt include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading. The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesnt include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading.

2
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -28,7 +28,7 @@ Heres an example of what this process might look like:
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before theyre available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business. - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before theyre available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible. - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) - **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
- **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools). - **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).

24
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -33,7 +33,7 @@ To manage updates with Windows Update for Business as described in this article,
- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. - Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates.
- Allow access to the Windows Update service. - Allow access to the Windows Update service.
- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates). - Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates).
## Set up Windows Update for Business ## Set up Windows Update for Business
@ -44,10 +44,15 @@ Follow these steps on a device running the Remote Server Administration Tools or
### Set up a ring ### Set up a ring
1. Start Group Policy Management Console (gpmc.msc). 1. Start Group Policy Management Console (gpmc.msc).
2. Expand **Forest > Domains > *\<your domain\>**.
2. Expand **Forest > Domains > *\<your domain\>*.
3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**. 3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**.
4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object.
4. In the **New GPO** dialog box, enter **Windows Update for Business - Group 1** as the name of the new Group Policy Object.
5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**. 5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**.
6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices. 6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices.
@ -70,8 +75,11 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to receive pre-release versions of the next feature update #### I want to receive pre-release versions of the next feature update
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds. 2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation. 3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
4. Select **OK**. 4. Select **OK**.
#### I want to manage which released feature update my devices receive #### I want to manage which released feature update my devices receive
@ -85,19 +93,19 @@ A Windows Update for Business administrator can defer or pause updates. You can
In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days. In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days.
![illustration of devices divided into three rings.](images/waas-wufb-3-rings.png) :::image type="content" alt-text="illustration of devices divided into three rings." source="images/waas-wufb-3-rings.png" lightbox="images/waas-wufb-3-rings.png":::
When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates. When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates.
##### Five days later ##### Five days later
The devices in the fast ring are offered the quality update the next time they scan for updates. The devices in the fast ring are offered the quality update the next time they scan for updates.
![illustration of devices with fast ring deployed.](images/waas-wufb-fast-ring.png) :::image type="content" alt-text="illustration of devices with fast ring deployed." source="images/waas-wufb-fast-ring.png" lightbox="images/waas-wufb-fast-ring.png":::
##### Ten days later ##### Ten days later
Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates. Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates.
![illustration of devices with slow ring deployed.](images/waas-wufb-slow-ring.png) :::image type="content" alt-text="illustration of devices with slow ring deployed." source="images/waas-wufb-slow-ring.png" lightbox="images/waas-wufb-slow-ring.png":::
If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves. If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves.
@ -105,11 +113,11 @@ If no problems occur, all of the devices that scan for updates will be offered t
In this example, some problem is discovered during the deployment of the update to the "pilot" ring. In this example, some problem is discovered during the deployment of the update to the "pilot" ring.
![illustration of devices divided with pilot ring experiencing a problem.](images/waas-wufb-pilot-problem.png) :::image type="content" alt-text="illustration of devices divided with pilot ring experiencing a problem." source="images/waas-wufb-pilot-problem.png" lightbox="images/waas-wufb-pilot-problem.png":::
At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box. At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box.
![illustration of rings with pause quality update check box selected.](images/waas-wufb-pause.png) :::image type="content" alt-text="illustration of rings with pause quality update check box selected." source="images/waas-wufb-pause.png" lightbox="images/waas-wufb-pause.png":::
Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again. Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.

2
windows/deployment/update/windows-update-errors.md
View File

@ -99,7 +99,7 @@ The following table provides information about common errors you might run into
| Message | Description | Mitigation | | Message | Description | Mitigation |
|---------|-------------|------------| |---------|-------------|------------|
| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](/troubleshoot/windows-server/deployment/wsus-selfupdate-not-send-automatic-updates) for instructions to resolve the issue. |
## 0x80244007 ## 0x80244007

8
windows/deployment/update/windows-update-resources.md
View File

@ -30,13 +30,13 @@ The following resources provide additional information about using Windows Updat
## WSUS Troubleshooting ## WSUS Troubleshooting
[Troubleshooting issues with WSUS client agents](https://support.microsoft.com/help/10132/) [Troubleshooting issues with WSUS client agents](/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents)
[How to troubleshoot WSUS](https://support.microsoft.com/help/4025764/) [How to troubleshoot WSUS](/troubleshoot/mem/configmgr/troubleshoot-wsus-connection-failures)
[Error 80244007 when WSUS client scans for updates](https://support.microsoft.com/help/4096317/) [Error 80244007 when WSUS client scans for updates](/troubleshoot/mem/configmgr/error-80244007-when-wsus-client-scans-updates)
[Updates may not be installed with Fast Startup in Windows 10](https://support.microsoft.com/help/4011287/) [Updates may not be installed with Fast Startup in Windows 10](/troubleshoot/windows-client/deployment/updates-not-install-with-fast-startup)
## How do I reset Windows Update components? ## How do I reset Windows Update components?

2
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -154,7 +154,7 @@ Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping
## Issues arising from configuration of conflicting policies ## Issues arising from configuration of conflicting policies
Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors. Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors.
For more information, see [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information. For more information, see [How to configure automatic updates by using Group Policy or registry settings](/windows/deployment/update/waas-wu-settings) for more information.
## Device cannot access update files ## Device cannot access update files

2
windows/deployment/upgrade/log-files.md
View File

@ -253,4 +253,4 @@ This analysis indicates that the Windows upgrade error can be resolved by deleti
<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) <br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) <br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) <br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)

63
windows/deployment/upgrade/quick-fixes.md
View File

@ -34,20 +34,25 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
## List of fixes ## List of fixes
<ol> 1. Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware).
<li>Remove nonessential external hardware, such as docks and USB devices. <a href="#remove-external-hardware" data-raw-source="[More information](#remove-external-hardware)">More information</a>.</li>
<li>Check the system drive for errors and attempt repairs. <a href="#repair-the-system-drive" data-raw-source="[More information](#repair-the-system-drive)">More information</a>.</li>
<li>Run the Windows Update troubleshooter. <a href="#windows-update-troubleshooter" data-raw-source="[More information](#windows-update-troubleshooter)">More information</a>.</li>
<li>Attempt to restore and repair system files. <a href="#repair-system-files" data-raw-source="[More information](#repair-system-files)">More information</a>.</li>
<li>Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. <a href="#update-windows" data-raw-source="[More information](#update-windows)">More information</a>.</li>
<li>Temporarily uninstall non-Microsoft antivirus software.
<a href="#uninstall-non-microsoft-antivirus-software" data-raw-source="[More information](#uninstall-non-microsoft-antivirus-software)">More information</a>.</li>
<li>Uninstall all nonessential software. <a href="#uninstall-non-essential-software" data-raw-source="[More information](#uninstall-non-essential-software)">More information</a>.</li> 2. Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive).
<li>Update firmware and drivers. <a href="#update-firmware-and-drivers" data-raw-source="[More information](#update-firmware-and-drivers)">More information</a></li>
<li>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. <a href="#ensure-that-download-and-install-updates-is-selected" data-raw-source="[More information](#ensure-that-download-and-install-updates-is-selected)">More information</a>.</li> 3. Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter).
<li>Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. <a href="#verify-disk-space" data-raw-source="[More information](#verify-disk-space)">More information</a>.</li>
</ol> 4. Attempt to restore and repair system files. [More information](#repair-system-files).
5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows).
6. Temporarily uninstall non-Microsoft antivirus software. [More information](#uninstall-non-microsoft-antivirus-software).
7. Uninstall all nonessential software. [More information](#uninstall-non-essential-software).
8. Update firmware and drivers. [More information](#update-firmware-and-drivers).
9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected).
10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space).
## Step by step instructions ## Step by step instructions
@ -81,14 +86,20 @@ The system drive is the drive that contains the [system partition](/windows-hard
To check and repair errors on the system drive: To check and repair errors on the system drive:
1. Click **Start**. 1. Click **Start**.
2. Type **command**.
3. Right-click **Command Prompt** and then left-click **Run as administrator**.
4. If you are prompted by UAC, click **Yes**.
5. Type **chkdsk /F** and press ENTER.
6. When you are prompted to schedule a check the next time the system restarts, type **Y**.
7. See the following example
``` 2. Type **command**.
3. Right-click **Command Prompt** and then left-click **Run as administrator**.
4. If you are prompted by UAC, click **Yes**.
5. Type **chkdsk /F** and press ENTER.
6. When you are prompted to schedule a check the next time the system restarts, type **Y**.
7. See the following example.
```console
C:\WINDOWS\system32>chkdsk /F C:\WINDOWS\system32>chkdsk /F
The type of the file system is NTFS. The type of the file system is NTFS.
Cannot lock current drive. Cannot lock current drive.
@ -123,12 +134,16 @@ This fix is also described in detail at [answers.microsoft.com](https://answers.
To check and repair system files: To check and repair system files:
1. Click **Start**. 1. Click **Start**.
2. Type **command**. 2. Type **command**.
3. Right-click **Command Prompt** and then left-click **Run as administrator**. 3. Right-click **Command Prompt** and then left-click **Run as administrator**.
4. If you are prompted by UAC, click **Yes**. 4. If you are prompted by UAC, click **Yes**.
5. Type **sfc /scannow** and press ENTER. See the following example: 5. Type **sfc /scannow** and press ENTER. See the following example:
``` ```console
C:\>sfc /scannow C:\>sfc /scannow
Beginning system scan. This process will take some time. Beginning system scan. This process will take some time.
@ -140,7 +155,7 @@ To check and repair system files:
``` ```
6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: 6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example:
``` ```console
C:\>DISM.exe /Online /Cleanup-image /Restorehealth C:\>DISM.exe /Online /Cleanup-image /Restorehealth
Deployment Image Servicing and Management tool Deployment Image Servicing and Management tool
@ -215,7 +230,7 @@ In the previous example, there is 703 GB of available free space on the system d
To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example:
![Disk cleanup.](../images/cleanup.png) :::image type="content" alt-text="Disk cleanup." source="../images/cleanup.png":::
For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space).
@ -240,4 +255,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) <br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) <br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) <br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)

4
windows/deployment/upgrade/resolution-procedures.md
View File

@ -45,7 +45,7 @@ See the following general troubleshooting procedures associated with a result co
| :--- | :--- | :--- | | :--- | :--- | :--- |
| 0xC1900101 - 0x20004 | Uninstall antivirus applications.<br>Remove all unused SATA devices. <br>Remove all unused devices and drivers. <br>Update drivers and BIOS. | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation. <br>This is generally caused by out-of-date drivers. | | 0xC1900101 - 0x20004 | Uninstall antivirus applications.<br>Remove all unused SATA devices. <br>Remove all unused devices and drivers. <br>Update drivers and BIOS. | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation. <br>This is generally caused by out-of-date drivers. |
| 0xC1900101 - 0x2000c | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br> Contact your hardware vendor to obtain updated device drivers.<br> Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.<br> This is generally caused by out-of-date drivers | | 0xC1900101 - 0x2000c | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br> Contact your hardware vendor to obtain updated device drivers.<br> Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.<br> This is generally caused by out-of-date drivers |
| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.<br>Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.<br>For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](https://support.microsoft.com/en-us/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows).<br>Update or uninstall the problem drivers. | A driver has caused an illegal operation.<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. | | 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.<br>Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.<br>For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).<br>Update or uninstall the problem drivers. | A driver has caused an illegal operation.<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. |
| 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
| 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. |
| 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder. An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP Crash 0x0000007E detected<br>Info SP Module name :<br>Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005<br>Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A<br>Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728<br>Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40<br>Info SP Cannot recover the system.<br>Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder. An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP Crash 0x0000007E detected<br>Info SP Module name :<br>Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005<br>Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A<br>Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728<br>Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40<br>Info SP Cannot recover the system.<br>Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. |
@ -188,6 +188,6 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
- [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) - [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
- [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) - [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
- [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro) - [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro)
- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) - [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
- [Win 7 to Win 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020)) - [Win 7 to Win 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020))
- [Win 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3) - [Win 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3)

2
windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
View File

@ -61,5 +61,5 @@ See the following topics in this article:
<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) <br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) <br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) <br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
<br> <br>

4
windows/deployment/upgrade/troubleshoot-upgrade-errors.md
View File

@ -85,7 +85,7 @@ When performing an operating system upgrade, Windows Setup uses phases described
**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown): **Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
![Upgrade process.](../images/upgrade-process.png) :::image type="content" alt-text="Upgrade process." source="../images/upgrade-process.png" lightbox="../images/upgrade-process.png":::
DU = Driver/device updates.<br> DU = Driver/device updates.<br>
OOBE = Out of box experience.<br> OOBE = Out of box experience.<br>
@ -97,4 +97,4 @@ WIM = Windows image (Microsoft)
<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications) <br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications)
<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) <br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) <br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)

3
windows/deployment/upgrade/upgrade-error-codes.md
View File

@ -22,6 +22,7 @@ ms.collection: highpri
>[!NOTE] >[!NOTE]
>This is a 400 level topic (advanced). >This is a 400 level topic (advanced).
>
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. >See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
If the upgrade process is not successful, Windows Setup will return two codes: If the upgrade process is not successful, Windows Setup will return two codes:
@ -147,4 +148,4 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
[Microsoft Windows Q & A](/answers/products/windows) [Microsoft Windows Q & A](/answers/products/windows)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)

2
windows/deployment/upgrade/windows-10-upgrade-paths.md
View File

@ -26,7 +26,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded. If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded.
- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. - **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information.
- **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options. - **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options.

9
windows/deployment/upgrade/windows-error-reporting.md
View File

@ -32,7 +32,7 @@ To use Windows PowerShell, type the following commands from an elevated Windows
> [!IMPORTANT] > [!IMPORTANT]
> The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable. > The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable.
```Powershell ```powershell
$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"} $events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
$event = [xml]$events[0].ToXml() $event = [xml]$events[0].ToXml()
$event.Event.EventData.Data $event.Event.EventData.Data
@ -43,7 +43,8 @@ To use Event Viewer:
2. Click **Find**, and then search for **winsetupdiag02**. 2. Click **Find**, and then search for **winsetupdiag02**.
3. Double-click the event that is highlighted. 3. Double-click the event that is highlighted.
Note: For legacy operating systems, the Event Name was WinSetupDiag01. > [!NOTE]
> For legacy operating systems, the Event Name was WinSetupDiag01.
Ten parameters are listed in the event: Ten parameters are listed in the event:
@ -63,7 +64,7 @@ Ten parameters are listed in the event:
The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below. The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below.
![Windows Error Reporting.](../images/event.png) :::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png":::
## Related topics ## Related topics
@ -71,4 +72,4 @@ The event will also contain links to log files that can be used to perform a det
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)

14
windows/deployment/volume-activation/configure-client-computers-vamt.md
View File

@ -24,7 +24,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce
Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows. Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
> [IMPORTANT] > [!IMPORTANT]
> This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](/windows/win32/wmisdk/connecting-to-wmi-remotely-with-vbscript). > This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](/windows/win32/wmisdk/connecting-to-wmi-remotely-with-vbscript).
## Configuring the Windows Firewall to allow VAMT access ## Configuring the Windows Firewall to allow VAMT access
@ -38,8 +38,8 @@ Enable the VAMT to access client computers using the **Windows Firewall** Contro
5. Select the **Windows Management Instrumentation (WMI)** checkbox. 5. Select the **Windows Management Instrumentation (WMI)** checkbox.
6. Click **OK**. 6. Click **OK**.
**Warning**   > [!WARNING]
By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. > By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
## Configure Windows Firewall to allow VAMT access across multiple subnets ## Configure Windows Firewall to allow VAMT access across multiple subnets
@ -65,12 +65,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W
In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://support.microsoft.com/help/929851). For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang).
## Create a registry value for the VAMT to access workgroup-joined computer ## Create a registry value for the VAMT to access workgroup-joined computer
> [WARNING]   > [!WARNING]
> This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://support.microsoft.com/help/256986). > This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](/troubleshoot/windows-server/performance/windows-registry-advanced-users).
On the client computer, create the following registry key using regedit.exe. On the client computer, create the following registry key using regedit.exe.
@ -81,7 +81,7 @@ On the client computer, create the following registry key using regedit.exe.
- **Type: DWORD** - **Type: DWORD**
- **Value Data: 1** - **Value Data: 1**
> [NOTE] > [!NOTE]
> To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client. > To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.
## Deployment options ## Deployment options

2
windows/deployment/windows-10-media.md
View File

@ -53,7 +53,7 @@ Features on demand is a method for adding features to your Windows 10 image that
<br>[Volume Activation for Windows 10](./volume-activation/volume-activation-windows-10.md) <br>[Volume Activation for Windows 10](./volume-activation/volume-activation-windows-10.md)
<br>[Plan for volume activation](./volume-activation/plan-for-volume-activation-client.md) <br>[Plan for volume activation](./volume-activation/plan-for-volume-activation-client.md)
<br>[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) <br>[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150)
<br>[Download and burn an ISO file on the volume licensing site (VLSC)](https://support.microsoft.com/help/2472143/download-and-burn-an-iso-file-on-the-volume-licensing-site-vlsc) <br>[Download and burn an ISO file on the volume licensing site (VLSC)](/troubleshoot/windows-client/deployment/iso-file-on-vlsc)
   

2
windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
View File

@ -27,7 +27,7 @@ ms.technology: privacy
> [!IMPORTANT] > [!IMPORTANT]
> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported. > The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement). > For more information, see [Windows Analytics retirement on January 31, 2020](/lifecycle/announcements/windows-analytics-retirement).
Desktop Analytics reports are powered by diagnostic data not included in the Basic level. Desktop Analytics reports are powered by diagnostic data not included in the Basic level.

4
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -31,7 +31,7 @@ ms.technology: privacy
This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience. This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly. Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
> [!IMPORTANT] > [!IMPORTANT]
> - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices. > - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices.
@ -423,7 +423,7 @@ To turn off Insider Preview builds for Windows 10 and Windows 11:
### <a href="" id="bkmk-ie"></a>8. Internet Explorer ### <a href="" id="bkmk-ie"></a>8. Internet Explorer
> [!NOTE] > [!NOTE]
> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: > When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](/troubleshoot/browsers/enhanced-security-configuration-faq). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
| Policy | Description | | Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------| |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|

2
windows/privacy/manage-windows-11-endpoints.md
View File

@ -156,5 +156,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

44
windows/privacy/manage-windows-1709-endpoints.md
View File

@ -32,16 +32,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it.
We used the following methodology to derive these network endpoints: We used the following methodology to derive these network endpoints:
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). 2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device).
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses. 4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. 5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. 6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here.
> [!NOTE] > [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
@ -60,7 +60,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera
The following endpoint is used for OneNote Live Tile. The following endpoint is used for OneNote Live Tile.
To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -69,7 +69,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoints are used for Twitter updates. The following endpoints are used for Twitter updates.
To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -79,7 +79,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for Facebook updates. The following endpoint is used for Facebook updates.
To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -88,7 +88,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office.
To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -97,7 +97,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for Candy Crush Saga updates. The following endpoint is used for Candy Crush Saga updates.
To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -106,14 +106,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for by the Microsoft Wallet app. The following endpoint is used for by the Microsoft Wallet app.
To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com |
The following endpoint is used by the Groove Music app for update HTTP handler status. The following endpoint is used by the Groove Music app for update HTTP handler status.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -122,28 +122,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Cortana and Search ## Cortana and Search
The following endpoint is used to get images that are used for Microsoft Store suggestions. The following endpoint is used to get images that are used for Microsoft Store suggestions.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| searchui | HTTPS |store-images.s-microsoft.com | | searchui | HTTPS |store-images.s-microsoft.com |
The following endpoint is used to update Cortana greetings, tips, and Live Tiles. The following endpoint is used to update Cortana greetings, tips, and Live Tiles.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/client | | backgroundtaskhost | HTTPS | www.bing.com/client |
The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive | | backgroundtaskhost | HTTPS | www.bing.com/proactive |
The following endpoint is used by Cortana to report diagnostic and diagnostic data information. The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -151,11 +151,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Certificates ## Certificates
The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses.
Additionally, it is used to download certificates that are publicly known to be fraudulent. Additionally, it's used to download certificates that are publicly known to be fraudulent.
These settings are critical for both Windows security and the overall security of the Internet. These settings are critical for both Windows security and the overall security of the Internet.
We do not recommend blocking this endpoint. We don't recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
@ -294,7 +294,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Office ## Office
The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -305,7 +305,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
| | | *.e-msedge.net | | | | *.e-msedge.net |
| | | *.s-msedge.net | | | | *.s-msedge.net |
The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -328,7 +328,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------| |----------------|----------|------------|
| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction |
The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
@ -456,5 +456,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

50
windows/privacy/manage-windows-1803-endpoints.md
View File

@ -32,16 +32,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it.
We used the following methodology to derive these network endpoints: We used the following methodology to derive these network endpoints:
1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). 2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device).
3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
4. Compile reports on traffic going to public IP addresses. 4. Compile reports on traffic going to public IP addresses.
5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. 5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory.
6. All traffic was captured in our lab using an IPV4 network. Therefore no IPV6 traffic is reported here. 6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here.
> [!NOTE] > [!NOTE]
> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
@ -61,7 +61,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera
The following endpoint is used for OneNote Live Tile. The following endpoint is used for OneNote Live Tile.
To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -70,7 +70,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoints are used for Twitter updates. The following endpoints are used for Twitter updates.
To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -80,7 +80,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for Facebook updates. The following endpoint is used for Facebook updates.
To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -89,7 +89,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office.
To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -98,7 +98,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for Candy Crush Saga updates. The following endpoint is used for Candy Crush Saga updates.
To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -107,14 +107,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
The following endpoint is used for by the Microsoft Wallet app. The following endpoint is used for by the Microsoft Wallet app.
To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
If you disable the Microsoft store, other Store apps cannot be installed or updated. If you disable the Microsoft store, other Store apps cannot be installed or updated.
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com |
The following endpoint is used by the Groove Music app for update HTTP handler status. The following endpoint is used by the Groove Music app for update HTTP handler status.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -123,28 +123,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Cortana and Search ## Cortana and Search
The following endpoint is used to get images that are used for Microsoft Store suggestions. The following endpoint is used to get images that are used for Microsoft Store suggestions.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| searchui | HTTPS |store-images.s-microsoft.com | | searchui | HTTPS |store-images.s-microsoft.com |
The following endpoint is used to update Cortana greetings, tips, and Live Tiles. The following endpoint is used to update Cortana greetings, tips, and Live Tiles.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/client | | backgroundtaskhost | HTTPS | www.bing.com/client |
The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive | | backgroundtaskhost | HTTPS | www.bing.com/proactive |
The following endpoint is used by Cortana to report diagnostic and diagnostic data information. The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -152,11 +152,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Certificates ## Certificates
The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses.
Additionally, it is used to download certificates that are publicly known to be fraudulent. Additionally, it's used to download certificates that are publicly known to be fraudulent.
These settings are critical for both Windows security and the overall security of the Internet. These settings are critical for both Windows security and the overall security of the Internet.
We do not recommend blocking this endpoint. We don't recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
@ -166,7 +166,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl
## Device authentication ## Device authentication
The following endpoint is used to authenticate a device. The following endpoint is used to authenticate a device.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device won't be authenticated.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -175,7 +175,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Device metadata ## Device metadata
The following endpoint is used to retrieve device metadata. The following endpoint is used to retrieve device metadata.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata won't be updated for the device.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -185,7 +185,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Diagnostic Data ## Diagnostic Data
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|----------|------------|
@ -298,7 +298,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
## Office ## Office
The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -310,7 +310,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
| | | *.s-msedge.net | | | | *.s-msedge.net |
| | HTTPS | ocos-office365-s2s.msedge.net | | | HTTPS | ocos-office365-s2s.msedge.net |
The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -333,7 +333,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|----------------|----------|------------| |----------------|----------|------------|
| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction |
The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).
To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
@ -461,5 +461,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

2
windows/privacy/manage-windows-20H2-endpoints.md
View File

@ -156,5 +156,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

2
windows/privacy/manage-windows-21H1-endpoints.md
View File

@ -154,5 +154,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

2
windows/privacy/manage-windows-21h2-endpoints.md
View File

@ -154,5 +154,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges)
- [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints)

2
windows/security/threat-protection/auditing/event-4672.md
View File

@ -110,7 +110,7 @@ You typically will see many of these events in the event log, because every logo
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4673.md
View File

@ -90,7 +90,7 @@ Failure event generates when service call attempt fails.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4674.md
View File

@ -93,7 +93,7 @@ Failure event generates when operation attempt fails.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

4
windows/security/threat-protection/auditing/event-4688.md
View File

@ -108,7 +108,7 @@ This event generates every time a new process starts.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY".
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81".
@ -132,7 +132,7 @@ This event generates every time a new process starts.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY".
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81".

2
windows/security/threat-protection/auditing/event-4689.md
View File

@ -85,7 +85,7 @@ This event generates every time a process has exited.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4690.md
View File

@ -86,7 +86,7 @@ This event generates if an attempt was made to duplicate a handle to an object.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4691.md
View File

@ -89,7 +89,7 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4692.md
View File

@ -96,7 +96,7 @@ Failure event generates when a Master Key backup operation fails for some reason
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4693.md
View File

@ -93,7 +93,7 @@ Failure event generates when a Master Key restore operation fails for some reaso
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

4
windows/security/threat-protection/auditing/event-4696.md
View File

@ -92,7 +92,7 @@ This event generates every time a process runs using the non-current access toke
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
@ -134,7 +134,7 @@ This event generates every time a process runs using the non-current access toke
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4697.md
View File

@ -87,7 +87,7 @@ This event generates when new service was installed in the system.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4698.md
View File

@ -95,7 +95,7 @@ This event generates every time a new scheduled task is created.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4699.md
View File

@ -95,7 +95,7 @@ This event generates every time a scheduled task was deleted.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4700.md
View File

@ -95,7 +95,7 @@ This event generates every time a scheduled task is enabled.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4701.md
View File

@ -95,7 +95,7 @@ This event generates every time a scheduled task is disabled.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4702.md
View File

@ -95,7 +95,7 @@ This event generates every time scheduled task was updated/changed.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

4
windows/security/threat-protection/auditing/event-4703.md
View File

@ -94,7 +94,7 @@ Token privileges provide the ability to take certain system-level actions that y
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
@ -116,7 +116,7 @@ Token privileges provide the ability to take certain system-level actions that y
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4704.md
View File

@ -86,7 +86,7 @@ You will see unique event for every user.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4705.md
View File

@ -86,7 +86,7 @@ You will see unique event for every user.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4706.md
View File

@ -90,7 +90,7 @@ This event is generated only on domain controllers.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4707.md
View File

@ -86,7 +86,7 @@ This event is generated only on domain controllers.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4713.md
View File

@ -85,7 +85,7 @@ This event is generated only on domain controllers.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4715.md
View File

@ -85,7 +85,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4716.md
View File

@ -90,7 +90,7 @@ This event is generated only on domain controllers.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4717.md
View File

@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were granted to mu
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4718.md
View File

@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were removed for m
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4719.md
View File

@ -88,7 +88,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

4
windows/security/threat-protection/auditing/event-4720.md
View File

@ -105,7 +105,7 @@ This event generates on domain controllers, member servers, and workstations.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
@ -157,7 +157,7 @@ Typically, **Primary Group** field for new user accounts has the following value
- 513 (Domain Users. For local accounts this RID means Users) for domain and local users. - 513 (Domain Users. For local accounts this RID means Users) for domain and local users.
See this article <https://support.microsoft.com/kb/243330> for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. See this article </windows/security/identity-protection/access-control/security-identifiers> for more information. This parameter contains the value of **primaryGroupID** attribute of new user object.
<!-- --> <!-- -->

2
windows/security/threat-protection/auditing/event-4722.md
View File

@ -89,7 +89,7 @@ For computer accounts, this event generates only on domain controllers.
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.

2
windows/security/threat-protection/auditing/event-4723.md
View File

@ -96,7 +96,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and **
- Uppercase full domain name: CONTOSO.LOCAL - Uppercase full domain name: CONTOSO.LOCAL
- For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
- For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.