diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 838a6cc065..024db75e72 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -61,6 +61,31 @@ "redirect_document_id": true }, { +"source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md", +"redirect_url": "/itpro/surface-hub/finishing-your-surface-hub-meeting", +"redirect_document_id": true +}, +{ +"source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md", +"redirect_url": "/itpro/surface-hub/provisioning-packages-for-surface-hub", +"redirect_document_id": true +}, +{ +"source_path": "devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md", +"redirect_url": "/itpro/surface-hub/admin-group-management-for-surface-hub", +"redirect_document_id": true +}, +{ +"source_path": "devices/surface-hub/surface-hub-administrators-guide.md", +"redirect_url": "/itpro/surface-hub/index", +"redirect_document_id": true +}, +{ +"source_path": "devices/surface-hub/intro-to-surface-hub.md", +"redirect_url": "/itpro/surface-hub/index", +"redirect_document_id": false +}, +{ "source_path": "windows/manage/waas-quick-start.md", "redirect_url": "/windows/deployment/update/waas-quick-start", "redirect_document_id": true diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 8377e9a846..757d5d4376 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md index 813109b1c5..e9b51e6b8d 100644 --- a/devices/hololens/hololens-enroll-mdm.md +++ b/devices/hololens/hololens-enroll-mdm.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index 3b340395d8..fa7479c5ef 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index 4674584a48..42ce78887a 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 149636b0ac..53f90a2f31 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index d8a6a6fb4e..d364082e8d 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index 711052c786..d6ead976b2 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md index 8963cea7f3..82583e43cd 100644 --- a/devices/hololens/hololens-upgrade-enterprise.md +++ b/devices/hololens/hololens-upgrade-enterprise.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 15d7cafd87..a340332cc7 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: hololens, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 742423081c..8e368555cc 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -1,43 +1,44 @@ # [Microsoft Surface Hub](index.md) -## [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) -### [Intro to Microsoft Surface Hub](intro-to-surface-hub.md) -### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) -#### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md) -#### [Create and test a device account](create-and-test-a-device-account-surface-hub.md) -##### [Online deployment](online-deployment-surface-hub-device-accounts.md) -##### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md) -##### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) -##### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) -##### [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) -##### [Create a device account using UI](create-a-device-account-using-office-365.md) -##### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) -##### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md) -##### [Password management](password-management-for-surface-hub-device-accounts.md) -#### [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) -#### [Admin group management](admin-group-management-for-surface-hub.md) -### [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) -#### [Setup worksheet](setup-worksheet-surface-hub.md) -#### [First-run program](first-run-program-surface-hub.md) -### [Manage Microsoft Surface Hub](manage-surface-hub.md) -#### [Remote Surface Hub management](remote-surface-hub-management.md) -##### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) -##### [Monitor your Surface Hub](monitor-surface-hub.md) -##### [Windows updates](manage-windows-updates-for-surface-hub.md) -#### [Manage Surface Hub settings](manage-surface-hub-settings.md) -##### [Local management for Surface Hub settings](local-management-surface-hub-settings.md) -##### [Accessibility](accessibility-surface-hub.md) -##### [Change the Surface Hub device account](change-surface-hub-device-account.md) -##### [Device reset](device-reset-surface-hub.md) -##### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) -##### [Wireless network management](wireless-network-management-for-surface-hub.md) -#### [Install apps on your Surface Hub](install-apps-on-surface-hub.md) -#### [End a Surface Hub meeting with I'm Done](i-am-done-finishing-your-surface-hub-meeting.md) -#### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) -#### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) -#### [Using a room control system](use-room-control-system-with-surface-hub.md) -### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) -### [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md) -## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) +## [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) ## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) +## [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) +### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md) +### [Create and test a device account](create-and-test-a-device-account-surface-hub.md) +#### [Online deployment](online-deployment-surface-hub-device-accounts.md) +#### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md) +#### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) +#### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) +#### [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) +#### [Create a device account using UI](create-a-device-account-using-office-365.md) +#### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) +#### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md) +#### [Password management](password-management-for-surface-hub-device-accounts.md) +### [Create provisioning packages](provisioning-packages-for-surface-hub.md) +### [Admin group management](admin-group-management-for-surface-hub.md) +## [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) +### [Setup worksheet](setup-worksheet-surface-hub.md) +### [First-run program](first-run-program-surface-hub.md) +## [Manage Microsoft Surface Hub](manage-surface-hub.md) +### [Remote Surface Hub management](remote-surface-hub-management.md) +#### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) +#### [Monitor your Surface Hub](monitor-surface-hub.md) +#### [Windows updates](manage-windows-updates-for-surface-hub.md) +### [Manage Surface Hub settings](manage-surface-hub-settings.md) +#### [Local management for Surface Hub settings](local-management-surface-hub-settings.md) +#### [Accessibility](accessibility-surface-hub.md) +#### [Change the Surface Hub device account](change-surface-hub-device-account.md) +#### [Device reset](device-reset-surface-hub.md) +#### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) +#### [Wireless network management](wireless-network-management-for-surface-hub.md) +### [Install apps on your Surface Hub](install-apps-on-surface-hub.md) +### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md) +### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) +### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) +### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) +### [Using a room control system](use-room-control-system-with-surface-hub.md) +## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) ## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) +## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) +## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) +## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) ## [Change history for Surface Hub](change-history-surface-hub.md) \ No newline at end of file diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md index 46348c087d..85230643d9 100644 --- a/devices/surface-hub/accessibility-surface-hub.md +++ b/devices/surface-hub/accessibility-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: surfacehub ms.sitesec: library -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -30,7 +30,7 @@ The full list of accessibility settings are available to IT admins in the **Sett | Mouse | Defaults selected for **Pointer size**, **Pointer color** and **Mouse keys**. | | Other options | Defaults selected for **Visual options** and **Touch feedback**. | -Additionally, these accessibility features and apps are returned to default settings when users press [I'm Done](i-am-done-finishing-your-surface-hub-meeting.md): +Additionally, these accessibility features and apps are returned to default settings when users press [End session](finishing-your-surface-hub-meeting.md): - Narrator - Magnifier - High contrast diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md index 7607199209..1e55a9eb16 100644 --- a/devices/surface-hub/admin-group-management-for-surface-hub.md +++ b/devices/surface-hub/admin-group-management-for-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, security -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index 76275e3ec8..4a098672fb 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -1,5 +1,5 @@ --- -title: Appendix PowerShell (Surface Hub) +title: PowerShell for Surface Hub (Surface Hub) description: PowerShell scripts to help set up and manage your Microsoft Surface Hub . ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784 keywords: PowerShell, set up Surface Hub, manage Surface Hub @@ -7,14 +7,14 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- -# Appendix: PowerShell (Surface Hub) +# PowerShell for Surface Hub -PowerShell scripts to help set up and manage your Microsoft Surface Hub . +PowerShell scripts to help set up and manage your Microsoft Surface Hub. - [PowerShell scripts for Surface Hub admins](#scripts-for-admins) - [Create an on-premise account](#create-on-premise-ps-scripts) @@ -43,7 +43,8 @@ What do you need in order to run the scripts? - Remote PowerShell access to your organization's domain or tenant, Exchange servers, and Skype for Business servers. - Admin credentials for your organization's domain or tenant, Exchange servers, and Skype for Business servers. ->**Note**  Whether you’re creating a new account or modifying an already-existing account, the validation script will verify that your device account is configured correctly. You should always run the validation script before adding a device account to Surface Hub. +>[!NOTE] +>Whether you’re creating a new account or modifying an already-existing account, the validation script will verify that your device account is configured correctly. You should always run the validation script before adding a device account to Surface Hub.   diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md index f6cad56654..59d826d7f7 100644 --- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index fa4ab118de..598c4e9807 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -14,12 +14,25 @@ localizationpriority: medium This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). + + + +## RELEASE: Windows 10, version 1703 + +The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added: + +- [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) + +>[Looking for the Surface Hub admin guide for Windows 10, version 1607?](http://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) + + ## May 2017 | New or changed topic | Description | | --- | --- | | [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) | New | + ## February 2017 | New or changed topic | Description | diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md index 6dc6bf7016..a0b6b56c7e 100644 --- a/devices/surface-hub/change-surface-hub-device-account.md +++ b/devices/surface-hub/change-surface-hub-device-account.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md index 3febb60ff6..284bc892cf 100644 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 914b6136e6..292db720ca 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md index 3223d5d81b..e4e0e5ed95 100644 --- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md +++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md index f2cb38c5f2..59d90772cc 100644 --- a/devices/surface-hub/device-reset-surface-hub.md +++ b/devices/surface-hub/device-reset-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -49,21 +49,49 @@ If you see a blank screen for long periods of time during the **Reset device** p ![Image showing Update & Security group in Settings app for Surface Hub.](images/sh-settings-update-security.png) -3. Click **Recovery**, and then click **Get started**. +3. Click **Recovery**, and then, under **Reset device**, click **Get started**. ![Image showing Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) -## Reset a Surface Hub from Windows Recovery Environment + +## Recover a Surface Hub from the cloud -On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset the device from [Windows Recovery Environment](https://technet.microsoft.com/library/cc765966.aspx) (Windows RE). +In the Windows Recovery Environment (Windows RE), you can recover your device by downloading a factory build from the cloud and installing it on the Surface Hub. This allows devices in an unusable state to recover without requiring assistance from Microsoft Support. -**To reset a Surface Hub from Windows Recovery Environment** +### Recover a Surface Hub in a bad state + +If the device account gets into an unstable state or the Admin account is running into issues, you can use cloud recovery in **Settings**. You should only use cloud recovery when [reset](#reset-a-surface-hub-from-settings) doesn't fix the problem. + +1. On your Surface Hub, go to **Settings** > **Update & security** > **Recovery**. + +2. Under **Recover from the cloud**, click **Restart now**. + + ![recover from the cloud](images/recover-from-the-cloud.png) + +### Recover a locked Surface Hub + +On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset or recover the device from [Windows RE](https://technet.microsoft.com/library/cc765966.aspx). 1. From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide](https://www.microsoft.com/surface/support/surface-hub/surface-hub-site-readiness-guide) for help with locating the power switch. -2. The device should automatically boot into Windows RE. Select **Advanced Repair**. -3. Select **Reset**. -4. If prompted, enter your device's BitLocker key. +2. The device should automatically boot into Windows RE. +3. After the Surface Hub enters Windows RE, select **Recover from the cloud**. (Optionally, you can choose **Reset**, however **Recover from the cloud** is the recommended approach.) + >[!NOTE] + >When using **Recover from the cloud**, an ethernet connection is recommended. + + ![Recover from the cloud](images/recover-from-cloud.png) + +4. Enter the Bitlocker key (if prompted). +5. When prompted, select **Reinstall**. + ![Reinstall](images/reinstall.png) + +6. Select **Yes** to repartition the disk. + + ![Repartition](images/repartition.png) + +Reset will begin after the image is downloaded from the cloud. You will see progress indicators. + +![downloading 97&](images/recover-progress.png) ## Related topics diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index 73557c1f2c..e6d812ea78 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -33,7 +33,7 @@ Surface Hub doesn't have a lock screen or a screen saver, but it has a similar f Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without logging on. The system always runs as a local, auto logged-in, low-privilege user. It doesn't support logging in any additional users - including admin users. > [!NOTE] -> Surface Hub supports signing in to Microsoft Edge and other apps. However, these credentials are deleted when users press **I'm done**. +> Surface Hub supports signing in to Microsoft Edge and other apps. However, these credentials are deleted when users press **End session**. *Organization policies that this may affect:*
Generally, Surface Hub uses lockdown features rather than user access control to enforce security. Policies related to password requirements, interactive logon, user accounts, and access control don't apply for Surface Hub. @@ -46,7 +46,7 @@ Users have access to a limited set of directories on the Surface Hub: - Pictures - Downloads -Files saved locally in these directories are deleted when users press **I'm done**. To save content created during a meeting, users should save files to a USB drive or to OneDrive. +Files saved locally in these directories are deleted when users press **End session**. To save content created during a meeting, users should save files to a USB drive or to OneDrive. *Organization policies that this may affect:*
Policies related to access permissions and ownership of files and folders don't apply for Surface Hub. Users can't browse and save files to system directories and network folders. diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md index 3e9df023a1..2aa8921e31 100644 --- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md new file mode 100644 index 0000000000..1761472886 --- /dev/null +++ b/devices/surface-hub/finishing-your-surface-hub-meeting.md @@ -0,0 +1,92 @@ +--- +title: End session - ending a Surface Hub meeting +description: To end a Surface Hub meeting, tap End session. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting. +keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +localizationpriority: medium +--- + +# End a Surface Hub meeting with End session +Surface Hub is a collaboration device designed to be used in meeting spaces by different groups of people. At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting. Surface Hub will clean up, or reset, the following states: +- Applications +- Operating system +- User interface + +This topic explains what **End session** resets for each of these states. + +## Applications +When you start apps on Surface Hub, they are stored in memory and data is stored at the application level. Data is available to all users during that session (or meeting) until date is removed or overwritten. When **End session** is selected, Surface Hub application state is cleared out by closing applications, deleting browser history, resetting applications, and removing Skype logs. + +### Close applications +Surface Hub closes all visible windows, including Win32 and Universal Windows Platform (UWP) applications. The application close stage uses the multitasking view to query the visible windows. Win32 windows that do not close within a certain timeframe are closed using **TerminateProcess**. + +### Delete browser history +Surface Hub uses Delete Browser History (DBH) in Edge to clear Edge history and cached data. This is similar to how a user can clear out their browser history manually, but **End session** also ensures that application states are cleared and data is removed before the next session, or meeting, starts. + +### Reset applications +**End session** resets the state of each application that is installed on the Surface Hub. Resetting an application clears all background tasks, application data, notifications, and user consent dialogs. Applications are returned to their first-run state for the next people that use Surface Hub. + +### Remove Skype logs +Skype does not store personally-identifiable information on Surface Hub. Information is stored in the Skype service to meet existing Skype for Business guidance. Local Skype logging information is the only data removed when **End session** is selected. This includes Unified Communications Client Platform (UCCP) logs and media logs. + +## Operating System +The operating system hosts a variety of information about the state of the sessions that needs to be cleared after each Surface Hub meeting. + +### File System +Meeting attendees have access to a limited set of directories on the Surface Hub. When **End session** is selected, Surface Hub clears these directories:
+- Music +- Videos +- Documents +- Pictures +- Downloads + +Surface Hub also clears these directories, since many applications often write to them: +- Desktop +- Favorites +- Recent +- Public Documents +- Public Music +- Public Videos +- Public Downloads + +### Credentials +User credentials that are stored in **TokenBroker**, **PasswordVault**, or **Credential Manager** are cleared when you tap **End session**. + +## User interface +User interface (UI) settings are returned to their default values when **End session** is selected. + +### UI items +- Reset Quick Actions to default state +- Clear Toast notifications +- Reset volume levels +- Reset sidebar width +- Reset tablet mode layout +- Sign user out of Office 365 meetings and files + +### Accessibility +Accessibility features and apps are returned to default settings when **End session** is selected. +- Filter keys +- High contrast +- Sticky keys +- Toggle keys +- Mouse keys +- Magnifier +- Narrator + +### Clipboard +The clipboard is cleared to remove data that was copied to the clipboard during the session. + +## Frequently asked questions +**What happens if I forget to tap End session at the end of a meeting, and someone else uses the Surface Hub later?**
+Surface Hub only cleans up meeting content when users tap **End session**. If you leave the meeting without tapping **End session**, the device will return to the welcome screen after some time. From the welcome screen, users have the option to resume the previous session or start a new one. You can also disable the ability to resume a session if **End session** is not pressed. + +**Are documents recoverable?**
+Removing files from the hard drive when **End session** is selected is just like any other file deletion from a hard disk drive. Third-party software might be able to recover data from the hard disk drive, but file recovery is not a supported feature on Surface Hub. To prevent data loss, always save the data you need before leaving a meeting. + +**Do the clean-up actions from End session comply with the US Department of Defense clearing and sanitizing standard: DoD 5220.22-M?**
+No. Currently, the clean-up actions from **End session** do not comply with this standard. + diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index 6ee36023cc..996a6eb1fd 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -34,7 +34,8 @@ The normal procedure goes through six steps: Each of these sections also contains information about paths you might take when something is different. For example, most Surface Hubs will use a wired network connection, but some of them will be set up with wireless instead. Details are described where appropriate. ->**Note**  You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details. +>[!NOTE] +>You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details.   @@ -43,9 +44,10 @@ Each of these sections also contains information about paths you might take when This is the first screen you'll see when you power up the Surface Hub for the first time. It's where you input localization information for your device. ->**Note**  This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing. +>[!NOTE] +>This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing. -  + Select a language and the initial setup options are displayed. ![Image showing ICD options checklist.](images/setuplocale.png) @@ -82,7 +84,8 @@ This screen is shown only if the device fails to detect a wired network. If you - You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details. - Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you). - **Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)). + >[!NOTE] + >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).   @@ -142,7 +145,8 @@ When you click **Next**, the device will attempt to connect to the proxy server. You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you). ->**Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)). +>[!NOTE] +>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).   @@ -168,7 +172,8 @@ The settings shown on the page have already been made, and can't be changed unti On this page, the Surface Hub will ask for credentials for the device account that you previously configured. (See [Create and test a device account](create-and-test-a-device-account-surface-hub.md).) The Surface Hub will attempt to discover various properties of the account, and may ask for more information on another page if it does not succeed. ->**Note**  This section does not cover specific errors that can happen during first run. See [Troubleshoot Surface Hub](troubleshoot-surface-hub.md) for more information on errors. +>[!NOTE] +>This section does not cover specific errors that can happen during first run. See [Troubleshoot Surface Hub](troubleshoot-surface-hub.md) for more information on errors. ![Image showing Enter device account info page.](images/setupdeviceacct.png) @@ -298,6 +303,9 @@ While either of the names can be changed later, keep in mind that: - The friendly name should be recognizable and different so that people can distinguish one Surface Hub from another when trying to wirelessly connect. - If you decide to domain join the device, the device name must not be the same as any other device on the account’s Active Directory domain. The device can't join the domain if it is using the same name as another domain-joined device. +>[!NOTE] +>If you want to enable [Miracast over Infrastructure](miracast-over-infrastructure.md), the device name needs to be discoverable via DNS. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's device name. + ## Set up admins for this device page @@ -305,7 +313,8 @@ On this page, you will choose from several options for how you want to set up ad Because every Surface Hub can be used by any number of authenticated employees, settings are locked down so that they can't change from session to session. Only admins can configure the settings on the device, and on this page, you’ll choose which type of admins have that privilege. ->**Note**  The purpose of this page is primarily to determine who can configure the device from the device’s UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings. +>[!NOTE] +>The purpose of this page is primarily to determine who can configure the device from the device’s UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings.   @@ -326,6 +335,9 @@ This is what happens when you choose an option. - **Use Microsoft Azure Active Directory** Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. After joining, admins from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization. + + >[!IMPORTANT] + >If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually. - **Use Active Directory Domain Services** @@ -337,7 +349,8 @@ This is what happens when you choose an option. Note that a local admin must have physical access to the Surface Hub to log in. ->**Note**  After you finish this process, you won't be able to change the device's admin option unless you reset the device. +>[!NOTE] +>After you finish this process, you won't be able to change the device's admin option unless you reset the device.   @@ -382,7 +395,7 @@ Once the device has been domain joined, you must specify a security group from t The following input is required: - **Domain:** This is the fully qualified domain name (FQDN) of the domain that you want to join. A security group from this domain can be used to manage the device. -- **User name:** The user name of an account that has sufficient permission to join the specified domain. +- **User name:** The user name of an account that has sufficient permission to join the specified domain. This account must be a computer object. - **Password:** The password for the account. After the credentials are verified, you will be asked to type a security group name. This input is required. @@ -395,7 +408,8 @@ Using the provided domain, account credentials from the [Use Active Directory Do If the join is successful, you'll see the **Enter a security group** page. When you click the **Select** button on this page, the device will search for the specified security group on your domain. If found, the group will be verified. Click **Finish** to complete the first run process. ->**Note**  If you domain join the Surface Hub, you can't unjoin the device without resetting it. +>[!NOTE] +>If you domain join the Surface Hub, you can't unjoin the device without resetting it.   @@ -420,7 +434,8 @@ This page will attempt to create a new admin account using the credentials that ## Update the Surface Hub ->**Important**  Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key. +>[!IMPORTANT] +>Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key.   diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index f7ae7893c5..296d5c330d 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md deleted file mode 100644 index ccf99db112..0000000000 --- a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: I am done - ending a Surface Hub meeting -description: To end a Surface Hub meeting, tap I am Done. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting. -keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: surfacehub -author: TrudyHa -localizationpriority: medium ---- - -# End a Surface Hub meeting with I'm Done -Surface Hub is a collaboration device designed to be used in meeting spaces by different groups of people. At the end of a meeting, users can tap **I'm Done** to clean up any sensitive data and prepare the device for the next meeting. Surface Hub will clean up, or reset, the following states: -- Applications -- Operating system -- User interface - -This topic explains what **I'm Done** resets for each of these states. - -## Applications -When you start apps on Surface Hub, they are stored in memory and data is stored at the application level. Data is available to all users during that session (or meeting) until date is removed or overwritten. When **I'm done** is selected, Surface Hub application state is cleared out by closing applications, deleting browser history, resetting applications, and removing Skype logs. - -### Close applications -Surface Hub closes all visible windows, including Win32 and Universal Windows Platform (UWP) applications. The application close stage uses the multitasking view to query the visible windows. Win32 windows that do not close within a certain timeframe are closed using **TerminateProcess**. - -### Delete browser history -Surface Hub uses Delete Browser History (DBH) in Edge to clear Edge history and cached data. This is similar to how a user can clear out their browser history manually, but **I'm Done** also ensures that application states are cleared and data is removed before the next session, or meeting, starts. - -### Reset applications -**I'm Done** resets the state of each application that is installed on the Surface Hub. Resetting an application clears all background tasks, application data, notifications, and user consent dialogs. Applications are returned to their first-run state for the next people that use Surface Hub. - -### Remove Skype logs -Skype does not store personally-identifiable information on Surface Hub. Information is stored in the Skype service to meet existing Skype for Business guidance. Local Skype logging information is the only data removed when **I'm Done** is selected. This includes Unified Communications Client Platform (UCCP) logs and media logs. - -## Operating System -The operating system hosts a variety of information about the state of the sessions that needs to be cleared after each Surface Hub meeting. - -### File System -Meeting attendees have access to a limited set of directories on the Surface Hub. When **I'm Done** is selected, Surface Hub clears these directories:
-- Music -- Videos -- Documents -- Pictures -- Downloads - -Surface Hub also clears these directories, since many applications often write to them: -- Desktop -- Favorites -- Recent -- Public Documents -- Public Music -- Public Videos -- Public Downloads - -### Credentials -User credentials that are stored in **TokenBroker**, **PasswordVault**, or **Credential Manager** are cleared when you tap **I’m done**. - -## User interface -User interface (UI) settings are returned to their default values when **I'm Done** is selected. - -### UI items -- Reset Quick Actions to default state -- Clear Toast notifications -- Reset volume levels -- Reset sidebar width -- Reset tablet mode layout - -### Accessibility -Accessibility features and apps are returned to default settings when **I'm Done** is selected. -- Filter keys -- High contrast -- Sticky keys -- Toggle keys -- Mouse keys -- Magnifier -- Narrator - -### Clipboard -The clipboard is cleared to remove data that was copied to the clipboard during the session. - -## Frequently asked questions -**What happens if I forget to tap I'm Done at the end of a meeting, and someone else uses the Surface Hub later?**
-Surface Hub only cleans up meeting content when users tap **I'm Done**. If you leave the meeting without tapping **I'm Done**, the device will return to the welcome screen after some time. From the welcome screen, users have the option to resume the previous session or start a new one. - -**Are documents recoverable?**
-Removing files from the hard drive when **I'm Done** is selected is just like any other file deletion from a hard disk drive. Third-party software might be able to recover data from the hard disk drive, but file recovery is not a supported feature on Surface Hub. To prevent data loss, always save the data you need before leaving a meeting. - -**Do the clean-up actions from I'm Done comply with the US Department of Defense clearing and sanitizing standard: DoD 5220.22-M?**
-No. Currently, the clean-up actions from **I'm Done** do not comply with this standard. - diff --git a/devices/surface-hub/images/OOBE-2.jpg b/devices/surface-hub/images/OOBE-2.jpg new file mode 100644 index 0000000000..0c615a2ec4 Binary files /dev/null and b/devices/surface-hub/images/OOBE-2.jpg differ diff --git a/devices/surface-hub/images/account-management-details.PNG b/devices/surface-hub/images/account-management-details.PNG new file mode 100644 index 0000000000..66712394ec Binary files /dev/null and b/devices/surface-hub/images/account-management-details.PNG differ diff --git a/devices/surface-hub/images/account-management.PNG b/devices/surface-hub/images/account-management.PNG new file mode 100644 index 0000000000..34165dfcd6 Binary files /dev/null and b/devices/surface-hub/images/account-management.PNG differ diff --git a/devices/surface-hub/images/add-applications-details.PNG b/devices/surface-hub/images/add-applications-details.PNG new file mode 100644 index 0000000000..2efd3483ae Binary files /dev/null and b/devices/surface-hub/images/add-applications-details.PNG differ diff --git a/devices/surface-hub/images/add-applications.PNG b/devices/surface-hub/images/add-applications.PNG new file mode 100644 index 0000000000..2316deb2fd Binary files /dev/null and b/devices/surface-hub/images/add-applications.PNG differ diff --git a/devices/surface-hub/images/add-certificates-details.PNG b/devices/surface-hub/images/add-certificates-details.PNG new file mode 100644 index 0000000000..78cd783282 Binary files /dev/null and b/devices/surface-hub/images/add-certificates-details.PNG differ diff --git a/devices/surface-hub/images/add-certificates.PNG b/devices/surface-hub/images/add-certificates.PNG new file mode 100644 index 0000000000..24cb605d1c Binary files /dev/null and b/devices/surface-hub/images/add-certificates.PNG differ diff --git a/devices/surface-hub/images/add-config-file-details.PNG b/devices/surface-hub/images/add-config-file-details.PNG new file mode 100644 index 0000000000..c7b4db97e6 Binary files /dev/null and b/devices/surface-hub/images/add-config-file-details.PNG differ diff --git a/devices/surface-hub/images/add-config-file.PNG b/devices/surface-hub/images/add-config-file.PNG new file mode 100644 index 0000000000..5b779509d9 Binary files /dev/null and b/devices/surface-hub/images/add-config-file.PNG differ diff --git a/devices/surface-hub/images/apps.png b/devices/surface-hub/images/apps.png new file mode 100644 index 0000000000..5cb3b7ec8f Binary files /dev/null and b/devices/surface-hub/images/apps.png differ diff --git a/devices/surface-hub/images/developer-setup.PNG b/devices/surface-hub/images/developer-setup.PNG new file mode 100644 index 0000000000..8c93d5ed91 Binary files /dev/null and b/devices/surface-hub/images/developer-setup.PNG differ diff --git a/devices/surface-hub/images/end-session.png b/devices/surface-hub/images/end-session.png new file mode 100644 index 0000000000..4b28583af4 Binary files /dev/null and b/devices/surface-hub/images/end-session.png differ diff --git a/devices/surface-hub/images/enroll-mdm-details.PNG b/devices/surface-hub/images/enroll-mdm-details.PNG new file mode 100644 index 0000000000..f3a7fea8da Binary files /dev/null and b/devices/surface-hub/images/enroll-mdm-details.PNG differ diff --git a/devices/surface-hub/images/enroll-mdm.PNG b/devices/surface-hub/images/enroll-mdm.PNG new file mode 100644 index 0000000000..b7cfdbc767 Binary files /dev/null and b/devices/surface-hub/images/enroll-mdm.PNG differ diff --git a/devices/surface-hub/images/finish-details.png b/devices/surface-hub/images/finish-details.png new file mode 100644 index 0000000000..727efac696 Binary files /dev/null and b/devices/surface-hub/images/finish-details.png differ diff --git a/devices/surface-hub/images/finish.PNG b/devices/surface-hub/images/finish.PNG new file mode 100644 index 0000000000..7c65da1799 Binary files /dev/null and b/devices/surface-hub/images/finish.PNG differ diff --git a/devices/surface-hub/images/five.png b/devices/surface-hub/images/five.png new file mode 100644 index 0000000000..961f0e15b7 Binary files /dev/null and b/devices/surface-hub/images/five.png differ diff --git a/devices/surface-hub/images/four.png b/devices/surface-hub/images/four.png new file mode 100644 index 0000000000..0fef213b37 Binary files /dev/null and b/devices/surface-hub/images/four.png differ diff --git a/devices/surface-hub/images/icd-simple-edit.png b/devices/surface-hub/images/icd-simple-edit.png new file mode 100644 index 0000000000..aea2e24c8a Binary files /dev/null and b/devices/surface-hub/images/icd-simple-edit.png differ diff --git a/devices/surface-hub/images/one.png b/devices/surface-hub/images/one.png new file mode 100644 index 0000000000..42b4742c49 Binary files /dev/null and b/devices/surface-hub/images/one.png differ diff --git a/devices/surface-hub/images/ppkg-config.png b/devices/surface-hub/images/ppkg-config.png new file mode 100644 index 0000000000..10a2b7de58 Binary files /dev/null and b/devices/surface-hub/images/ppkg-config.png differ diff --git a/devices/surface-hub/images/ppkg-csv.png b/devices/surface-hub/images/ppkg-csv.png new file mode 100644 index 0000000000..0648f555e1 Binary files /dev/null and b/devices/surface-hub/images/ppkg-csv.png differ diff --git a/devices/surface-hub/images/proxy-details.PNG b/devices/surface-hub/images/proxy-details.PNG new file mode 100644 index 0000000000..fcc7b06a41 Binary files /dev/null and b/devices/surface-hub/images/proxy-details.PNG differ diff --git a/devices/surface-hub/images/proxy.PNG b/devices/surface-hub/images/proxy.PNG new file mode 100644 index 0000000000..cdfc02c454 Binary files /dev/null and b/devices/surface-hub/images/proxy.PNG differ diff --git a/devices/surface-hub/images/recover-from-cloud.png b/devices/surface-hub/images/recover-from-cloud.png new file mode 100644 index 0000000000..7d409edc5f Binary files /dev/null and b/devices/surface-hub/images/recover-from-cloud.png differ diff --git a/devices/surface-hub/images/recover-from-the-cloud.png b/devices/surface-hub/images/recover-from-the-cloud.png new file mode 100644 index 0000000000..07c1e22851 Binary files /dev/null and b/devices/surface-hub/images/recover-from-the-cloud.png differ diff --git a/devices/surface-hub/images/recover-progress.png b/devices/surface-hub/images/recover-progress.png new file mode 100644 index 0000000000..316d830a57 Binary files /dev/null and b/devices/surface-hub/images/recover-progress.png differ diff --git a/devices/surface-hub/images/reinstall.png b/devices/surface-hub/images/reinstall.png new file mode 100644 index 0000000000..2f307841aa Binary files /dev/null and b/devices/surface-hub/images/reinstall.png differ diff --git a/devices/surface-hub/images/repartition.png b/devices/surface-hub/images/repartition.png new file mode 100644 index 0000000000..26725a8c54 Binary files /dev/null and b/devices/surface-hub/images/repartition.png differ diff --git a/devices/surface-hub/images/set-up-device-admins-details.PNG b/devices/surface-hub/images/set-up-device-admins-details.PNG new file mode 100644 index 0000000000..42c04b4b3b Binary files /dev/null and b/devices/surface-hub/images/set-up-device-admins-details.PNG differ diff --git a/devices/surface-hub/images/set-up-device-admins.PNG b/devices/surface-hub/images/set-up-device-admins.PNG new file mode 100644 index 0000000000..e0e037903c Binary files /dev/null and b/devices/surface-hub/images/set-up-device-admins.PNG differ diff --git a/devices/surface-hub/images/set-up-device-details.PNG b/devices/surface-hub/images/set-up-device-details.PNG new file mode 100644 index 0000000000..be565ac8d9 Binary files /dev/null and b/devices/surface-hub/images/set-up-device-details.PNG differ diff --git a/devices/surface-hub/images/set-up-device.PNG b/devices/surface-hub/images/set-up-device.PNG new file mode 100644 index 0000000000..0c9eb0e3ff Binary files /dev/null and b/devices/surface-hub/images/set-up-device.PNG differ diff --git a/devices/surface-hub/images/set-up-network-details.PNG b/devices/surface-hub/images/set-up-network-details.PNG new file mode 100644 index 0000000000..7e1391326c Binary files /dev/null and b/devices/surface-hub/images/set-up-network-details.PNG differ diff --git a/devices/surface-hub/images/set-up-network.PNG b/devices/surface-hub/images/set-up-network.PNG new file mode 100644 index 0000000000..a0e856c103 Binary files /dev/null and b/devices/surface-hub/images/set-up-network.PNG differ diff --git a/devices/surface-hub/images/sh-quick-action.png b/devices/surface-hub/images/sh-quick-action.png index cb072a9793..3003e464b3 100644 Binary files a/devices/surface-hub/images/sh-quick-action.png and b/devices/surface-hub/images/sh-quick-action.png differ diff --git a/devices/surface-hub/images/sh-settings-reset-device.png b/devices/surface-hub/images/sh-settings-reset-device.png index b3e35bb385..f3a9a6dc5c 100644 Binary files a/devices/surface-hub/images/sh-settings-reset-device.png and b/devices/surface-hub/images/sh-settings-reset-device.png differ diff --git a/devices/surface-hub/images/sh-settings-update-security.png b/devices/surface-hub/images/sh-settings-update-security.png index a10d4ffb51..59212d1805 100644 Binary files a/devices/surface-hub/images/sh-settings-update-security.png and b/devices/surface-hub/images/sh-settings-update-security.png differ diff --git a/devices/surface-hub/images/sh-settings.png b/devices/surface-hub/images/sh-settings.png index 03125b3419..0134fda740 100644 Binary files a/devices/surface-hub/images/sh-settings.png and b/devices/surface-hub/images/sh-settings.png differ diff --git a/devices/surface-hub/images/six.png b/devices/surface-hub/images/six.png new file mode 100644 index 0000000000..2816328ec3 Binary files /dev/null and b/devices/surface-hub/images/six.png differ diff --git a/devices/surface-hub/images/surfacehub.png b/devices/surface-hub/images/surfacehub.png new file mode 100644 index 0000000000..1b9b484ab8 Binary files /dev/null and b/devices/surface-hub/images/surfacehub.png differ diff --git a/devices/surface-hub/images/three.png b/devices/surface-hub/images/three.png new file mode 100644 index 0000000000..887fa270d7 Binary files /dev/null and b/devices/surface-hub/images/three.png differ diff --git a/devices/surface-hub/images/two.png b/devices/surface-hub/images/two.png new file mode 100644 index 0000000000..b8c2d52eaf Binary files /dev/null and b/devices/surface-hub/images/two.png differ diff --git a/devices/surface-hub/images/wcd-wizard.PNG b/devices/surface-hub/images/wcd-wizard.PNG new file mode 100644 index 0000000000..706771f756 Binary files /dev/null and b/devices/surface-hub/images/wcd-wizard.PNG differ diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index 22e94d2746..31928b1a07 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -1,30 +1,51 @@ --- -title: Microsoft Surface Hub +title: Microsoft Surface Hub admin guide description: Documents related to the Microsoft Surface Hub. ms.assetid: 69C99E91-1441-4318-BCAF-FE8207420555 ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- -# Microsoft Surface Hub +# Microsoft Surface Hub admin guide + +>[Looking for the Surface Hub admin guide for Windows 10, version 1607?](http://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) + +>[Looking for the user's guide for Surface Hub?](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) -Documents related to deploying and managing the Microsoft Surface Hub in your organization. +
Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.![image of a Surface Hub](images/surfacehub.png)
+  + +## Surface Hub setup process + +In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need: + +1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) +2. [Gather the information listed in the Setup worksheet](setup-worksheet-surface-hub.md) +2. [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md) +3. [Run the Surface Hub first-run setup program (OOBE)](first-run-program-surface-hub.md) + ->[Looking for the user's guide for Surface Hub?](https://www.microsoft.com/surface/support/surface-hub) ## In this section | Topic | Description | | --- | --- | -| [Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) | This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers.| +| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). | | [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. | -| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | +| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. | +| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. | +| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. | +| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | +| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | PowerShell scripts to help set up and manage your Surface Hub. | +| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. | +| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. | | [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. | -| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation. | +| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. | + diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md index 6ad60e6f25..f38f6f73a7 100644 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ b/devices/surface-hub/install-apps-on-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub, store -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -16,7 +16,7 @@ localizationpriority: medium You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario. A few things to know about apps on Surface Hub: -- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). See a [list of apps that work with Surface Hub](https://www.microsoft.com/surface/support/surface-hub/surface-hub-apps). +- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://www.microsoft.com/surface/support/surface-hub/surface-hub-apps). - Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631). - By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub. - You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps. diff --git a/devices/surface-hub/intro-to-surface-hub.md b/devices/surface-hub/intro-to-surface-hub.md deleted file mode 100644 index eb48a1fb78..0000000000 --- a/devices/surface-hub/intro-to-surface-hub.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Intro to Microsoft Surface Hub -description: Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. -ms.assetid: 5DAD4489-81CF-47ED-9567-A798B90C7E76 -keywords: Surface Hub, productivity, collaboration, presentations, setup -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: surfacehub -author: TrudyHa -localizationpriority: medium ---- - -# Intro to Microsoft Surface Hub - - -Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. This guide describes what needs to be done both before and during setup in order to help you optimize your use of the device. -  -You’ll need to understand how each of these services interacts with Surface Hub. See [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) for details. - -## Surface Hub setup process - -In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need: - -1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) -2. [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md) -3. [Run the Surface Hub first-run setup program (OOBE)](first-run-program-surface-hub.md) - diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md index bf717480b2..fec4a3e0b9 100644 --- a/devices/surface-hub/local-management-surface-hub-settings.md +++ b/devices/surface-hub/local-management-surface-hub-settings.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -16,29 +16,38 @@ After initial setup of Microsoft Surface Hub, the device’s settings can be loc ## Surface Hub settings -Surface Hubs have many settings that are common to other Windows devices, but also have settings which are only configurable on Surface Hubs. This table lists settings only cofigurable on Surface Hubs. +Surface Hubs have many settings that are common to other Windows devices, but also have settings which are only configurable on Surface Hubs. This table lists settings only configurable on Surface Hubs. | Setting | Location | Description | | ------- | -------- | ----------- | -| Device account | This device > Accounts | Set or change the Surface Hub's device account. | -| Device account sync status | This device > Accounts | Check the sync status of the device account’s mail and calendar on the Surface Hub. | -| Password rotation | This device > Accounts | Choose whether to let the Surface Hub automatically rotate the device account's password. | -| Change admin account password | This device > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. | -| Configure Operations Management Suite (OMS) | This device > Device management | Set up monitoring for your Surface Hub using OMS. | -| Open the Microsoft Store app | This device > Apps & features | The Microsoft Store app is only available to admins through the Settings app. | -| Skype for Business domain name | This device > Calling | Configure a domain name for your Skype for Business server. | -| Default microphone and speaker settings | This device > Calling | Configure a default microphone and speaker for calls, and a default speaker for media playback. | -| Turn off wireless projection using Miracast | This device > Wireless projection | Choose whether presenters can wirelessly project to the Surface Hub using Miracast. | -| Require a PIN for wireless projection | This device > Wireless projection | Choose whether people are required to enter a PIN before they use wireless projection. | -| Wireless projection (Miracast) channel | This device > Wireless projection | Set the channel for Miracast projection. | -| Meeting info shown on the welcome screen | This device > Welcome screen | Choose whether meeting organizer, time, and subject show up on the welcome screen. | -| Welcome screen background | This device > Welcome screen | Choose a background image for the welcome screen. | -| Turn on screen with motion sensors | This device > Session & clean up | Choose whether the screen turns on when motion is detected. | -| Session time out | This device > Session & clean up | Choose how long the device needs to be inactive before returning to the welcome screen. | -| Sleep time out | This device > Session & clean up | Choose how long the device needs to be inactive before going to sleep mode. | -| Friendly name | This device > About | Set the Surface Hub name that people will see when connecting wirelessly. | +| Device account | Surface Hub > Accounts | Set or change the Surface Hub's device account. | +| Device account sync status | Surface Hub > Accounts | Check the sync status of the device account’s mail and calendar on the Surface Hub. | +| Password rotation | Surface Hub > Accounts | Choose whether to let the Surface Hub automatically rotate the device account's password.| +| Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. | +| Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). | +| Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. | +| Configure Operations Management Suite (OMS) | Surface Hub > Device management | Set up monitoring for your Surface Hub using OMS. | +| Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. | +| Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. | +| Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. | +| Default microphone and speaker settings | Surface Hub > Calling & Audio | Configure a default microphone and speaker for calls, and a default speaker for media playback. | +| Enable Dolby Audio X2 | Surface Hub > Calling & Audio | Configure the Dolby Audio X2 speaker enhancements. | +| Open Connect App automatically | Surface Hub > Projection | Choose whether projection will automatically open the Connect app or wait for user input before opening. | +| Turn off wireless projection using Miracast | Surface Hub > Projection | Choose whether presenters can wirelessly project to the Surface Hub using Miracast. | +| Require a PIN for wireless projection | Surface Hub > Projection | Choose whether people are required to enter a PIN before they use wireless projection. | +| Wireless projection (Miracast) channel | Surface Hub > Projection | Set the channel for Miracast projection. | +| Meeting info shown on the welcome screen | Surface Hub > Welcome screen | Choose whether meeting organizer, time, and subject show up on the welcome screen. | +| Welcome screen background | Surface Hub > Welcome screen | Choose a background image for the welcome screen. | +| Idle timeout to Welcome screen | Surface Hub > Session & Power | Choose how long until the Surface Hub returns to the welcome screen after no motion is detected. | +| Resume session | Surface Hub > Session & Power | Choose to allow users to resume a session after no motion is detected or to automatically clean up a session. | +| Access to Office 365 meetings and files | Surface Hub > Session & Power | Choose whether a user can sign in to Office 365 to get access to their meetings and files. | +| Turn on screen with motion sensors | Surface Hub > Session & clean up | Choose whether the screen turns on when motion is detected. | +| Session time out | Surface Hub > Session & clean up | Choose how long the device needs to be inactive before returning to the welcome screen. | +| Sleep time out | Surface Hub > Session & clean up | Choose how long the device needs to be inactive before going to sleep mode. | +| Friendly name | Surface Hub > About | Set the Surface Hub name that people will see when connecting wirelessly. | | Maintenance hours | Update & security > Windows Update > Advanced options | Configure when updates can be installed. | | Configure Windows Server Update Services (WSUS) server | Update & security > Windows Update > Advanced options | Change whether Surface Hub receives updates from a WSUS server instead of Windows Update. | +| Recover from the cloud | Update & security > Recovery | Reinstall the operating system on Surface Hub to a manufacturer build from the cloud. | | Save BitLocker key | Update & security > Recovery | Backup your Surface Hub's BitLocker key to a USB drive. | | Collect logs | Update & security > Recovery | Save logs to a USB drive to send to Microsoft later. | diff --git a/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md b/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md deleted file mode 100644 index db9230f9ad..0000000000 --- a/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Manage settings with a local admin account (Surface Hub) -description: A local admin account will be set up on every Microsoft Surface Hub as part of the first run program. The only way to change the local admin options that you chose at that time is to reset the device. -ms.assetid: B4B3668B-985D-427E-8495-E30ABEECA679 -redirect_url: https://technet.microsoft.com/itpro/surface-hub/admin-group-management-for-surface-hub -keywords: local admin account, Surface Hub, change local admin options -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: surfacehub -author: TrudyHa -localizationpriority: medium ---- diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 8cadcb7309..d50f750484 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, mobility -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- @@ -59,19 +59,29 @@ You can configure the Surface Hub settings in the following table using MDM. The For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323). -| Setting | Node in the SurfaceHub CSP | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| -------------------- | ---------------------------------- | ------------------------- | ---------------------------------------- | ------------------------- | +| Setting | Node in the SurfaceHub CSP | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | +| ---- | --- | --- | --- | --- | | Maintenance hours | MaintenanceHoursSimple/Hours/StartTime
MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes | | Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes | | Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes | | Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.
[Use a custom setting.](#example-sccm) | Yes | -| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.
Use a custom setting. | Yes | +| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.
[Use a custom setting.](#example-sccm) | Yes | | Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID
MOMAgent/WorkspaceKey | Yes | Yes.
[Use a custom setting.](#example-sccm) | Yes | | Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.
[Use a custom setting.](#example-sccm) | Yes | | Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.
[Use a custom setting.](#example-sccm) | Yes | -| Friendly name for wireless projection | Properties/FriendlyName | Yes.
[Use a custom policy.](#example-intune)) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Friendly name for wireless projection | Properties/FriendlyName | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | | Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Set default volume | Properties/DefaultVolume | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Set screen timeout | Properties/ScreenTimeout | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Set session timeout | Properties/SessionTimeout | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Set sleep timeout | Properties/SleepTimeout | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. ### Supported Windows 10 settings @@ -81,77 +91,92 @@ The following tables include info on Windows 10 settings that have been validate #### Security settings | Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| -------- | -------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +| --- | --- | --- |---- | --- | --- | +| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes.
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes.
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes.
. | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes.
| Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Browser settings -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| -------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | +| --- | --- | --- |---- | --- | --- | +| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Windows Update settings -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes. Use a custom policy. | Yes. Use a custom setting. | Yes | -| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes| -| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | +| --- | --- | --- |---- | --- | --- | +| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes| +| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Windows Defender settings -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | -| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | +| --- | --- | --- |---- | --- | --- | +| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | | Defender status | Use to initiate a Defender scan, force a signature update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Remote reboot -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | +| --- | --- | --- |---- | --- | --- | | Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | No | No | Yes | -| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes.
Use a custom policy. | Yes.
Use a custom setting. | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Install certificates -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | +| --- | --- | --- |---- | --- | --- | | Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes.
See [Configure Intune certificate profiles](https://docs.microsoft.com/en-us/intune/deploy-use/configure-intune-certificate-profiles). | Yes.
See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-certificate-profiles). | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. #### Collect logs -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | -| ----------- | ---------------- | ------------- |-------------------------- | ---------------------------------------- | ------------------------- | +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | +| --- | --- | --- |---- | --- | --- | | Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes | -\*Settings supported with SyncML can also be configured in a Windows Imaging and Configuration Designer (Windows ICD) provisioning package. +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. + +#### Set network quality of service (QoS) policy + +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | +| --- | --- | --- |--- | --- | ---- | +| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. + +#### Set network proxy + +| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML*? | +| --- | ---- | --- |---- | --- | --- | +| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes
[Use a custom policy.](#example-intune) | Yes.
[Use a custom setting.](#example-sccm) | Yes | +\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. ### Generate OMA URIs for settings You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager. @@ -252,7 +277,7 @@ For more information, see [Create configuration items for Windows 8.1 and Window [Manage Microsoft Surface Hub](manage-surface-hub.md) -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) +   diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md index 5413d28a30..fe030602b9 100644 --- a/devices/surface-hub/manage-surface-hub-settings.md +++ b/devices/surface-hub/manage-surface-hub-settings.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index def0816f4c..56340d14d0 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -30,8 +30,9 @@ Learn about managing and updating Surface Hub. | [Remote Surface Hub management](remote-surface-hub-management.md) |Topics related to managing your Surface Hub remotely. Include install apps, managing settings with MDM and monitoring with Operations Management Suite. | | [Manage Surface Hub settings](manage-surface-hub-settings.md) |Topics related to managing Surface Hub settings: accessibility, device account, device reset, fully qualified domain name, Windows Update settings, and wireless network | | [Install apps on your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/install-apps-on-surface-hub) | Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.| -| [End a meeting with I’m done](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap I'm Done to clean up any sensitive data and prepare the device for the next meeting.| +| [End a meeting with End session](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting.| | [Save your BitLocker key](https://technet.microsoft.com/itpro/surface-hub/save-bitlocker-key-surface-hub) | Every Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.| | [Connect other devices and display with Surface Hub](https://technet.microsoft.com/itpro/surface-hub/connect-and-display-with-surface-hub) | You can connect other device to your Surface Hub to display content.| +| [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) | You can use Miracast on your wireless network or LAN to connect to Surface Hub. | | [Using a room control system]( https://technet.microsoft.com/itpro/surface-hub/use-room-control-system-with-surface-hub) | Room control systems can be used with your Microsoft Surface Hub.| diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 659e2a6ae5..f2a401a497 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md new file mode 100644 index 0000000000..e83c80a62a --- /dev/null +++ b/devices/surface-hub/miracast-over-infrastructure.md @@ -0,0 +1,43 @@ +--- +title: Miracast on existing wireless network or LAN +description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +localizationpriority: medium +--- + +# Miracast on existing wireless network or LAN + +In the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx). + +Miracast over Infrastructure offers a number of benefits: + +- Windows automatically detects when sending the video stream over this path is applicable. +- Windows will only choose this route if the connection is over Ethernet or a secure Wi-Fi network. +- Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. +- No changes to current wireless drivers or PC hardware are required. +- It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct. +- It leverages an existing connection which both reduces the time to connect and provides a very stable stream. + + +## How it works + +Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. + + +## Enabling Miracast over Infrastructure + +If you have a Surface Hub that has been updated to Windows 10, version 1703, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: + +- The Surface Hub needs to be running Windows 10, version 1703. +- The Surface Hub must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. +- The DNS Hostname (device name) of the Surface Hub needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. +- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. +- PCs need to be running Windows 10, version 1703. + +It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. + +The **InBoxApps/WirelessProjection/PinRequired** setting in the [SurfaceHub configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp) is not required for Miracast over Infrastructure. This is because Miracast over Infrastructure only works when both devices are connected to the same enterprise network. This removes the security restriction that was previously missing from Miracast. We recommend that you continue using this setting (if you used it previously) as Miracast will fall back to regular Miracast if the infrastructure connection does not work. diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md new file mode 100644 index 0000000000..fae1f30463 --- /dev/null +++ b/devices/surface-hub/miracast-troubleshooting.md @@ -0,0 +1,78 @@ +--- +title: Troubleshoot Miracast on Surface Hub +description: Learn how to resolve issues with Miracast on Surface Hub. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +localizationpriority: medium +--- + +# Troubleshoot Miracast on Surface Hub + +Surface Hub supports wireless projection through the Miracast protocol. Most wireless monitors and adapters available today use the original implementation of Miracast. Surface Hub uses a slightly different version of Miracast known as **Miracast Autonomous Group Owner (AGO)**. A common troubleshooting step when projecting wirelessly to Surface Hub fails is to test projecting to another wireless monitor or adapter. However, in most cases, these devices are not using Miracast AGO and do not handle wireless projection the same way that Surface Hub does. + +In traditional Miracast, the projecting device will connect the access point set up by the Miracast-enabled monitor, and then the monitor will send traffic back to the projecting device using the network channel of the projecting device. Miracast AGO is a two-step connection process: + +- The first step is an initial connection using 2.4GHz. +- After that initial handshake, the projecting device sends traffic to the monitor using the wireless channel settings on the monitor. If Surface Hub is connected to a Wi-Fi network, the access point, it will use the same channel as the connected network, otherwise it will use the Miracast channel from Settings. + +There are generally two types of issues with Miracast to Surface Hub: [connection](#connect-issues) and [performance](#performance-issues). In either case, it is a good idea to get a general picture of wireless network activity in the Surface Hub’s location. Running a network scanning tool will show you the available networks and channel usage in the environment. + +## Connect issues + +Ensure both Wi-Fi and Miracast are both enabled in Settings on Surface Hub. + +If you ran a network scan, you should see Surface Hub Miracast listed as an access point. If Surface Hub’s Miracast network shows up on the scan, but you cannot not see it as an available device, you can try to adjust the Miracast channel used by Surface Hub. + +When Surface Hub is connected to a Wi-Fi network it will use the same channel settings as the Wi-Fi access point for its Miracast access point. For troubleshooting purposes, disconnect Surface Hub from any Wi-Fi networks (but keep Wi-Fi enabled), so you can control the channel used for Miracast. You can manually select the Miracast channel in Settings. You will need to restart Surface Hub after each change. Generally speaking, you will want to use channels that do not show heavy utilization from the network scan. + +It is also possible that the connect issue can be the result of a problem on the connecting device. If the projecting device is running Windows, it should be Windows 8.1 or newer for full Miracast support. Again, for troubleshooting, disconnect the projecting device from any Wi-Fi networks. This will eliminate any channel switching between the access point channel and the Miracast channel set on Surface Hub. Also, some Group Policy and firewall settings may be tied to a Wi-Fi network. + +### Check drivers + +It is also a good idea to ensure the latest drivers and updates are installed on the projecting device. In Device Manager, open the Wi-Fi adapter and video adapter and check for an updated driver version. [Hotfix 3120232](https://support.microsoft.com/help/3120232/poor-wireless-performance-on-5-ghz-connections-on-surface-pro-3-and-surface-3) is highly recommended for Surface Pro 3 and Surface Pro 4 if they are on an older Wi-Fi driver. + +### Check for Miracast support + +Next, ensure Miracast is supported on the device. + +1. Press Windows Key + R and type `dxdiag`. +2. Click “Save all information”. +3. Open the saved dxdiag.txt and find **Miracast**. It should say **Available, with HDCP**. + +### Check firewall + +The Windows firewall can block Miracast traffic. The simplest test is to disable the firewall and test projection. If Miracast works with the firewall disabled, add an exception for + + C:\Windows\System32\WUDFHost.exe + Allow In/Out connections for TCP and UDP, Ports: All. + +### Check Group Policy settings + +On domain-joined devices, Group Policy can also block Miracast. + +1. Use the Windows Key + R and type `rsop.msc` to execute the **Resultant Set of Policy** snap-in. This will show the current policies applied to the PC. +2. Review **Computer Configuration** > **Windows Settings** > **Security Settings** > **Wireless Network (IEEE 802.11) Policies**. There should be a setting for wireless policies. +3. Double click the setting for wireless policies and a dialog box will appear. +4. Open the **Network Permissions** tab and select **Allow everyone to create all user profiles**. + +### Check event logs + +The last place to check is in the Event logs. Miracast events will be logged to **Wlanautoconfig**. This is true on both Surface Hub and the projecting device. If you export Surface Hub logs, you can view Surface Hub’s Wlanautoconfig in the **WindowsEventLog** folder. Errors in the event log can provide some additional details on where the connection fails. + +## Performance issues + +After wireless projection is connected, it is possible to see performance issues causing latency. This is generally a result of overall channel saturation or a situation that causes channel switching. + +For channel saturation, refer to the network scan and try to use channels with less traffic. + +Channel switching is caused when the Wi-Fi adapter needs to send traffic to multiple channels. Certain channels support Dynamic Frequency Selection (DFS). DFS is used on channels 49 through 148. Some Wi-Fi drivers will show poor performance when connected to a DFS channel. If you are seeing poor Miracast performance while connected to a DFS channel, try the projection on a non-DFS channel. Both Surface Hub and projecting device should use non-DFS channels. + +If Surface Hub and the projecting device are both connected to Wi-Fi but using different access points with different channels, this will force Surface Hub and the projecting device to channel switch while Miracast is connected. This will result in both poor wireless project and poor network performance over Wi-Fi. The channel switching will affect the performance of all wireless traffic, not just wireless projection. + +Channel switching will also occur if the projecting device is connected to an Wi-Fi network using a different channel than the channel that Surface Hub uses for Miracast. So, a best practice is to set Surface Hub’s Miracast channel to the same channel as the most commonly used access point. + +If there are multiple Wi-Fi networks or access points in the environment, some channel switching is unavoidable. This is best addressed by ensuring all Wi-Fi drivers are up to date. + diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index 4b96956704..93b9b743e0 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 8914899056..40f04195dd 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index d3d6ab6871..bba5bfaa28 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index 6510d41971..e33fd2889a 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md index c6c3db5d36..87823e452f 100644 --- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, security -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md index 489e6a03a3..e187e19cb7 100644 --- a/devices/surface-hub/physically-install-your-surface-hub-device.md +++ b/devices/surface-hub/physically-install-your-surface-hub-device.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, readiness -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index bacd9b4c7f..36062f36a4 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -27,11 +27,12 @@ Review these dependencies to make sure Surface Hub features will work in your IT | Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.

If screen sharing on a Surface Hub fails and the error message **An error occurred during the screen presentation** is displayed, see [Video Based Screen Sharing not working on Surface Hub](https://support.microsoft.com/help/3179272/video-based-screen-sharing-not-working-on-surface-hub) for help. | | Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. | | Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | -| Network and Internet access |

In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred.

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. | +| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1x Authentication is supported for both wired and wireless connections.

**802.1x authentication:** In Windows 10, version 1703, 802.1x authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1x authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1x authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1x authentication will start working automatically.

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. | Additionally, note that Surface Hub requires the following open ports: - HTTPS: 443 - HTTP: 80 +- NTP: 123 Depending on your environment, access to additional ports may be needed: - For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). @@ -41,6 +42,20 @@ Microsoft collects telemetry to help improve your Surface Hub experience. Add th - Telemetry client endpoint: `https://vortex.data.microsoft.com/` - Telemetry settings endpoint: `https://settings.data.microsoft.com/` +### Proxy configuration + +If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Store for Business. Some of the Store for Business features use Windows Store app and Windows Store services. Devices using Store for Business – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs: + +- login.live.com +- login.windows.net +- account.live.com +- clientconfig.passport.net +- windowsphone.com +- *.wns.windows.com +- *.microsoft.com +- www.msftncsi.com (prior to Windows 10, version 1607) +- www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com starting with Windows 10, version 1607) + ## Work with other admins @@ -49,7 +64,7 @@ Surface Hub interacts with a few different products and services. Depending on t ## Create and verify device account -A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, and send email. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. +A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, send email, and (optionally) to authenticate to Exchange. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. After you've created your device account, there are a couple of ways to verify that it's setup correctly. - Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. diff --git a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md deleted file mode 100644 index 7b002d0345..0000000000 --- a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: Create provisioning packages (Surface Hub) -description: For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning. -ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345 -keywords: add certificate, provisioning package -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: surfacehub -author: TrudyHa -localizationpriority: medium ---- - -# Create provisioning packages (Surface Hub) - -This topic explains how to create a provisioning package using the Windows Imaging and Configuration Designer (ICD), and apply it to Surface Hub devices. For Surface Hub, you can use provisioning packages to add certificates, install Universal Windows Platform (UWP) apps, and customize policies and settings. - -You can apply a provisioning package using a USB during first run, or through the **Settings** app. - - -## Advantages -- Quickly configure devices without using a MDM provider. - -- No network connectivity required. - -- Simple to apply. - -[Learn more about the benefits and uses of provisioning packages.](https://technet.microsoft.com/itpro/windows/whats-new/new-provisioning-packages) - - -## Requirements - -To create and apply a provisioning package to a Surface Hub, you'll need the following: - -- Windows Imaging and Configuration Designer (ICD), which is installed as a part of the [Windows 10 Assessment and Deployment Kit (ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526740). -- A PC running Windows 10. -- A USB flash drive. -- If you apply the package using the **Settings** app, you'll need device admin credentials. - -You'll create the provisioning package on a PC running Windows 10, save the package to a USB drive, and then deploy it to your Surface Hub. - - -## Supported items for Surface Hub provisioning packages - -Currently, you can add these items to provisioning packages for Surface Hub: -- **Certificates** - You can add certificates, if needed, to authenticate to Microsoft Exchange. -- **Universal Windows Platform (UWP) apps** - You can install UWP apps. This can be an offline-licensed app from the Microsoft Store for Business, or an app created by an in-house dev. -- **Policies** - Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). Some of those policies can be configured with ICD. -- **Settings** - You can configure any setting in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). - - -## Create the provisioning package - -Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. When you install the ADK, you can choose to install only the Imaging and Configuration Designer (ICD). [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740) - -1. Open Windows ICD (by default, `%windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`). - -2. Click **Advanced provisioning**. - - ![ICD start options](images/ICDstart-option.PNG) - -3. Name your project and click **Next**. - -4. Select **Common to Windows 10 Team edition**, click **Next**, and then click **Finish**. - - ![ICD new project](images/icd-new-project.png) - -5. In the project, under **Available customizations**, select **Common Team edition settings**. - - ![ICD common settings](images/icd-common-settings.png) - - -### Add a certificate to your package -You can use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange. - -> [!NOTE] -> Provisioning packages can only install certificates to the device (local machine) store, and not to the user store. If your organization requires that certificates must be installed to the user store, use Mobile Device Management (MDM) to deploy these certificates. See your MDM solution documentation for details. - -1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. - -2. Enter a **CertificateName** and then click **Add**. - -2. Enter the **CertificatePassword**. - -3. For **CertificatePath**, browse and select the certificate. - -4. Set **ExportCertificate** to **False**. - -5. For **KeyLocation**, select **Software only**. - - -### Add a Universal Windows Platform (UWP) app to your package -Before adding a UWP app to a provisioning package, you need the app package (either an .appx, or .appxbundle) and any dependency files. If you acquired the app from the Microsoft Store for Business, you will also need the *unencoded* app license. See [Distribute offline apps](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app) to learn how to download these items from the Microsoft Store for Business. - -1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextApp**. - -2. Enter a **PackageFamilyName** for the app and then click **Add**. For consistency, use the app's package family name. If you acquired the app from the Microsoft Store for Business, you can find the package family name in the app license. Open the license file using a text editor, and use the value between the \...\ tags. - -3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle). - -4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. For Surface Hub, you will only need the x64 versions of these dependencies. - -If you acquired the app from the Microsoft Store for Business, you will also need to add the app license to your provisioning package. - -1. Make a copy of the app license, and rename it to use a **.ms-windows-store-license** extension. For example, "example.xml" becomes "example.ms-windows-store-license". - -2. In ICD, in the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextAppLicense**. - -3. Enter a **LicenseProductId** and then click **Add**. For consistency, use the app's license ID from the app license. Open the license file using a text editor. Then, in the \ tag, use the value in the **LicenseID** attribute. - -4. Select the new **LicenseProductId** node. For **LicenseInstall**, click **Browse** to find and select the license file that you renamed in Step 1. - - -### Add a policy to your package -Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). Some of those policies can be configured with ICD. - -1. In the **Available customizations** pane, go to **Runtime settings** > **Policies**. - -2. Select one of the available policy areas. - -3. Select and set the policy you want to add to your provisioning package. - - -### Add Surface Hub settings to your package - -You can add settings from the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) to your provisioning package. - -1. In the **Available customizations** pane, go to **Runtime settings** > **WindowsTeamSettings**. - -2. Select one of the available setting areas. - -3. Select and set the setting you want to add to your provisioning package. - - -## Build your package - -1. When you are done configuring the provisioning package, on the **File** menu, click **Save**. - -2. Read the warning that project files may contain sensitive information, and click **OK**. - - > [!IMPORTANT] - > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -3. On the **Export** menu, click **Provisioning package**. - -4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources. - -5. Set a value for **Package Version**, and then select **Next.** - - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -6. Optional: You can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse...** and choosing the certificate you want to use to sign the package. - - > [!IMPORTANT] - > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.  - -7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

-Optionally, you can click **Browse** to change the default output location. - -8. Click **Next**. - -9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

-If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

-If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -11. Select the **output location** link to go to the location of the package. Copy the .ppkg to an empty USB flash drive. - - -## Apply a provisioning package to Surface Hub - -There are two options for deploying provisioning packages to a Surface Hub. You can apply a provisioning packing [during the first run wizard](#apply-a-provisioning-package-during-first-run), or using [Settings](#apply-a-package-using-settings). - - -### Apply a provisioning package during first run - -> [!IMPORTANT] -> Only use provisioning packages to install certificates during first run. Use the **Settings** app to install apps and apply other settings. - -1. When you turn on the Surface Hub for the first time, the first-run program will display the [**Hi there page**](first-run-program-surface-hub.md#first-page). Make sure that the settings are properly configured before proceeding. - -2. Insert the USB flash drive containing the .ppkg file into the Surface Hub. If the package is in the root directory of the drive, the first-run program will recognize it and ask if you want to set up the device. Select **Set up**. - - ![Set up device?](images/provisioningpackageoobe-01.png) - -3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. - - ![Provision this device](images/provisioningpackageoobe-02.png) - -4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. Note that you can only install one package during first run. - - ![Choose a package](images/provisioningpackageoobe-03.png) - -5. The first-run program will show you a summary of the changes that the provisioning package will apply. Select **Yes, add it**. The package will be applied, and you'll be taken to the next page in the first-run program. - - ![Do you trust this package?](images/provisioningpackageoobe-04.png) - - -### Apply a package using Settings - -1. Insert the USB flash drive containing the .ppkg file into the Surface Hub. - -2. From the Surface Hub, start **Settings** and enter the admin credentials when prompted. - -3. Navigate to **This device** > **Device management**. Under **Provisioning packages**, select **Add or remove a provisioning package**. - -4. Select **Add a package**. - -5. Choose your provisioning package and select **Add**. You may have to re-enter the admin credentials if prompted. - -6. You'll see a summary of the changes that the provisioning package will apply. Select **Yes, add it**. diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md new file mode 100644 index 0000000000..5bd004e345 --- /dev/null +++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md @@ -0,0 +1,319 @@ +--- +title: Create provisioning packages (Surface Hub) +description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages. +ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345 +keywords: add certificate, provisioning package +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: surfacehub +author: jdeckerms +localizationpriority: medium +--- + +# Create provisioning packages (Surface Hub) + +This topic explains how to create a provisioning package using the Windows Configuration Designer, and apply it to Surface Hub devices. For Surface Hub, you can use provisioning packages to add certificates, install Universal Windows Platform (UWP) apps, and customize policies and settings. + +You can apply a provisioning package using a USB stick during first-run setup, or through the **Settings** app. + + +## Advantages +- Quickly configure devices without using a mobile device management (MDM) provider. + +- No network connectivity required. + +- Simple to apply. + +[Learn more about the benefits and uses of provisioning packages.](https://technet.microsoft.com/itpro/windows/configure/provisioning-packages) + + +## Requirements + +To create and apply a provisioning package to a Surface Hub, you'll need the following: + +- Windows Configuration Designer, which can be installed from Microsoft Store or from the Windows 10 Assessment and Deployment Kit (ADK). [Learn how to install Windows Configuration Designer.](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd) +- A USB stick. +- If you apply the package using the **Settings** app, you'll need device admin credentials. + +You create the provisioning package on a PC running Windows 10, save the package to a USB drive, and then deploy it to your Surface Hub. + + +## Supported items for Surface Hub provisioning packages + +Using the **Provision Surface Hub devices** wizard, you can: + +- Enroll in Active Directory, Azure Active Directory, or MDM +- Create an device administrator account +- Add applications and certificates +- Configure proxy settings +- Add a Surface Hub configuration file + +>[!WARNING] +>You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using the wizard. + +Using the advanced provisioning editor, you can add these items to provisioning packages for Surface Hub: + +- **Policies** - Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#surfacehubpolicies). +- **Settings** - You can configure any setting in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). + +>[!TIP] +> Use the wizard to create a package with the common settings, then switch to the advanced editor to add other settings. +> +>![open advanced editor](images/icd-simple-edit.png) + +## Use the Surface Hub provisioning wizard + +After you [install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd), you can create a provisioning package. + +### Create the provisioning package + +1. Open Windows Configuration Designer: + - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, + + or + + - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. + +2. Click **Provision Surface Hub devices**. + +3. Name your project and click **Next**. + +### Configure settings + + + + + + + + + +
![step one](images/one.png) ![add certificates](images/add-certificates.png)

To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.		![add a certificate](images/add-certificates-details.png)
![step two](images/two.png) ![configure proxy settings](images/proxy.png)

Toggle **Yes** or **No** for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select **No** if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting **Yes** and **Automatically detect settings**.

If you toggle **Yes**, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server). 		![configure proxy settings](images/proxy-details.png)
![step three](images/three.png) ![device admins](images/set-up-device-admins.png)

You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.

To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.

To create a local administrator account, select that option and enter a user name and password.

**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		![join Active Directory, Azure AD, or create a local admin account](images/set-up-device-admins-details.png)
![step four](images/four.png) ![enroll in device management](images/enroll-mdm.png)

Toggle **Yes** or **No** for enrollment in MDM.

If you toggle **Yes**, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. [Learn more about managing Surface Hub with MDM.](manage-settings-with-mdm-for-surface-hub.md)		![enroll in mobile device management](images/enroll-mdm-details.png)
![step five](images/five.png) ![add applications](images/add-applications.png)

You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps).

**Important:** Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail. 		![add an application](images/add-applications-details.png)
![step six](images/six.png) ![Add configuration file](images/add-config-file.png)

You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See [Sample configuration file](#sample-configuration-file) for an example.

**Important:** The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. 		![Add a Surface Hub configuration file](images/add-config-file-details.png)
![finish](images/finish.png)

You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.		![Protect your package](images/finish-details.png)
+ +After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. + +## Sample configuration file + +A Surface Hub configuration file contains a list of device accounts that your device can use to connect to Exchange and Skype for Business. When you apply a provisioning package to Surface Hub, you can include a configuration file in the root directory of the USB flash drive, and then select the desired account to apply to that device. The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. + +Use Microsoft Excel or other CSV editor to create a CSV file named `SurfaceHubConfiguration.csv`. In the file, enter a list of device accounts and friendly names in this format: + +``` +,, +``` +>[!IMPORTANT] +>Because the configuration file stores the device account passwords in plaintext, we recommend that you update the passwords after you've applied the provisioning package to your devices. You can use the [DeviceAccount node](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp#deviceaccount) in the [Surface Hub configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp) to update the passwords via MDM. + + +The following is an example of `SurfaceHubConfiguration.csv`. + +``` +Rainier@contoso.com,password,Rainier Surface Hub +Adams@contoso.com,password,Adams Surface Hub +Baker@contoso.com,password,Baker Surface Hub +Glacier@constoso.com,password,Glacier Surface Hub +Stuart@contoso.com,password,Stuart Surface Hub +Fernow@contoso.com,password,Fernow Surface Hub +Goode@contoso.com,password,Goode Surface Hub +Shuksan@contoso.com,password,Shuksan Surface Hub +Buckner@contoso.com,password,Buckner Surface Hub +Logan@contoso.com,password,Logan Surface Hub +Maude@consoto.com,password,Maude Surface hub +Spickard@contoso.com,password,Spickard Surface Hub +Redoubt@contoso.com,password,Redoubt Surface Hub +Dome@contoso.com,password,Dome Surface Hub +Eldorado@contoso.com,password,Eldorado Surface Hub +Dragontail@contoso.com,password,Dragontail Surface Hub +Forbidden@contoso.com,password,Forbidden Surface Hub +Oval@contoso.com,password,Oval Surface Hub +StHelens@contoso.com,password,St Helens Surface Hub +Rushmore@contoso.com,password,Rushmore Surface Hub +``` + +## Use advanced provisioning + +After you [install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd), you can create a provisioning package. + +### Create the provisioning package (advanced) + +1. Open Windows Configuration Designer: + - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, + + or + + - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. + +2. Click **Advanced provisioning**. + +3. Name your project and click **Next**. + +4. Select **Common to Windows 10 Team edition**, click **Next**, and then click **Finish**. + + ![ICD new project](images/icd-new-project.png) + +5. In the project, under **Available customizations**, select **Common Team edition settings**. + + ![ICD common settings](images/icd-common-settings.png) + + +### Add a certificate to your package +You can use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange. + +> [!NOTE] +> Provisioning packages can only install certificates to the device (local machine) store, and not to the user store. If your organization requires that certificates must be installed to the user store, use Mobile Device Management (MDM) to deploy these certificates. See your MDM solution documentation for details. + +1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. + +2. Enter a **CertificateName** and then click **Add**. + +2. Enter the **CertificatePassword**. + +3. For **CertificatePath**, browse and select the certificate. + +4. Set **ExportCertificate** to **False**. + +5. For **KeyLocation**, select **Software only**. + + +### Add a Universal Windows Platform (UWP) app to your package +Before adding a UWP app to a provisioning package, you need the app package (either an .appx, or .appxbundle) and any dependency files. If you acquired the app from the Microsoft Store for Business, you will also need the *unencoded* app license. See [Distribute offline apps](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app) to learn how to download these items from the Microsoft Store for Business. + +1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextApp**. + +2. Enter a **PackageFamilyName** for the app and then click **Add**. For consistency, use the app's package family name. If you acquired the app from the Microsoft Store for Business, you can find the package family name in the app license. Open the license file using a text editor, and use the value between the \...\ tags. + +3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle). + +4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. For Surface Hub, you will only need the x64 versions of these dependencies. + +If you acquired the app from the Microsoft Store for Business, you will also need to add the app license to your provisioning package. + +1. Make a copy of the app license, and rename it to use a **.ms-windows-store-license** extension. For example, "example.xml" becomes "example.ms-windows-store-license". + +2. In ICD, in the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextAppLicense**. + +3. Enter a **LicenseProductId** and then click **Add**. For consistency, use the app's license ID from the app license. Open the license file using a text editor. Then, in the \ tag, use the value in the **LicenseID** attribute. + +4. Select the new **LicenseProductId** node. For **LicenseInstall**, click **Browse** to find and select the license file that you renamed in Step 1. + + +### Add a policy to your package +Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). Some of those policies can be configured with ICD. + +1. In the **Available customizations** pane, go to **Runtime settings** > **Policies**. + +2. Select one of the available policy areas. + +3. Select and set the policy you want to add to your provisioning package. + + +### Add Surface Hub settings to your package + +You can add settings from the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) to your provisioning package. + +1. In the **Available customizations** pane, go to **Runtime settings** > **WindowsTeamSettings**. + +2. Select one of the available setting areas. + +3. Select and set the setting you want to add to your provisioning package. + + +## Build your package + +1. When you are done configuring the provisioning package, on the **File** menu, click **Save**. + +2. Read the warning that project files may contain sensitive information, and click **OK**. + + > [!IMPORTANT] + > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. + +3. On the **Export** menu, click **Provisioning package**. + +4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources. + +5. Set a value for **Package Version**, and then select **Next.** + + > [!TIP] + > You can make changes to existing packages and change the version number to update previously applied packages. + +6. Optional: You can choose to encrypt the package and enable package signing. + + - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. + + - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse...** and choosing the certificate you want to use to sign the package. + + > [!IMPORTANT] + > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.  + +7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

+Optionally, you can click **Browse** to change the default output location. + +8. Click **Next**. + +9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

+If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. + +10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

+If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. + + - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. + + - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. + +11. Select the **output location** link to go to the location of the package. Copy the .ppkg to an empty USB flash drive. + + +## Apply a provisioning package to Surface Hub + +There are two options for deploying provisioning packages to a Surface Hub. You can apply a provisioning packing [during the first run wizard](#apply-a-provisioning-package-during-first-run), or using [Settings](#apply-a-package-using-settings). + + +### Apply a provisioning package during first run + +> [!IMPORTANT] +> Only use provisioning packages to install certificates during first run. Use the **Settings** app to install apps and apply other settings. + +1. When you turn on the Surface Hub for the first time, the first-run program will display the [**Hi there page**](first-run-program-surface-hub.md#first-page). Make sure that the settings are properly configured before proceeding. + +2. Insert the USB flash drive containing the .ppkg file into the Surface Hub. If the package is in the root directory of the drive, the first-run program will recognize it and ask if you want to set up the device. Select **Set up**. + + ![Set up device?](images/provisioningpackageoobe-01.png) + +3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. + + ![Provision this device](images/provisioningpackageoobe-02.png) + +4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. Note that you can only install one package during first run. + + ![Choose a package](images/provisioningpackageoobe-03.png) + +5. The first-run program will show you a summary of the changes that the provisioning package will apply. Select **Yes, add it**. + + ![Do you trust this package?](images/provisioningpackageoobe-04.png) + +6. If a configuration file is included in the root directory of the USB flash drive, you will see **Select a configuration**. The first device account in the configuration file will be shown with a summary of the account information that will be applied to the Surface Hub. + + ![select a configuration](images/ppkg-config.png) + +7. In **Select a configuration**, select the device name to apply, and then click **Next**. + + ![select a friendly device name](images/ppkg-csv.png) + +The settings from the provisioning package will be applied to the device and OOBE will be complete. After the device restarts, you can remove the USB flash drive. + +### Apply a package using Settings + +1. Insert the USB flash drive containing the .ppkg file into the Surface Hub. + +2. From the Surface Hub, start **Settings** and enter the admin credentials when prompted. + +3. Navigate to **Surface Hub** > **Device management**. Under **Provisioning packages**, select **Add or remove a provisioning package**. + +4. Select **Add a package**. + +5. Choose your provisioning package and select **Add**. You may have to re-enter the admin credentials if prompted. + +6. You'll see a summary of the changes that the provisioning package will apply. Select **Yes, add it**. + + diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md index 41588251fe..f1369c5c26 100644 --- a/devices/surface-hub/remote-surface-hub-management.md +++ b/devices/surface-hub/remote-surface-hub-management.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md index 2354de0f40..27ca1f3ef9 100644 --- a/devices/surface-hub/save-bitlocker-key-surface-hub.md +++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, security -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md index 95b7c2c92f..15231f9a9d 100644 --- a/devices/surface-hub/set-up-your-surface-hub.md +++ b/devices/surface-hub/set-up-your-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md index a77cf5850f..49ef04d184 100644 --- a/devices/surface-hub/setup-worksheet-surface-hub.md +++ b/devices/surface-hub/setup-worksheet-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/surface-hub-administrators-guide.md b/devices/surface-hub/surface-hub-administrators-guide.md deleted file mode 100644 index 4786082d45..0000000000 --- a/devices/surface-hub/surface-hub-administrators-guide.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Microsoft Surface Hub administrator's guide -description: This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers. -ms.assetid: e618aab7-3a94-4159-954e-d455ef7b8839 -keywords: Surface Hub, installation, administration, administrator's guide -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: surfacehub -author: TrudyHa -localizationpriority: medium ---- - -# Microsoft Surface Hub administrator's guide - - -This guide covers the installation and administration of devices running Surface Hub, and is intended for use by anyone responsible for these tasks, including IT administrators and developers. - -Before you power on Microsoft Surface Hub for the first time, make sure you've [completed preparation items](prepare-your-environment-for-surface-hub.md), and that you have the information listed in the [Setup worksheet](setup-worksheet-surface-hub.md). When you do power it on, the device will walk you through a series of setup screens. If you haven't properly set up your environment, or don't have the required information, you'll have to do extra work afterward making sure the settings are correct. - -## In this section - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription

[Intro to Microsoft Surface Hub](intro-to-surface-hub.md)

Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. This guide describes what needs to be done both before and during setup in order to help you optimize your use of the device.

[Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)

The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.

[Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)

This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment.

[Set up Microsoft Surface Hub](set-up-your-surface-hub.md)

Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.

[Manage Microsoft Surface Hub](manage-surface-hub.md)

How to manage your Surface Hub after finishing the first-run program.

[Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)

Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.

[Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)

PowerShell scripts to help set up and manage your Surface Hub .

- -  - -  - -  - - - - - diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index eb0886cce1..f5b6fa0c35 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md index 6a76d310ab..e4ce72ed1d 100644 --- a/devices/surface-hub/surface-hub-wifi-direct.md +++ b/devices/surface-hub/surface-hub-wifi-direct.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md new file mode 100644 index 0000000000..b658a09d5d --- /dev/null +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -0,0 +1,64 @@ +--- +title: What's new in Windows 10, version 1703 for Surface Hub +description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub. +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: devices +ms.sitesec: library +author: jdeckerms +localizationpriority: medium +--- + +# What's new in Windows 10, version 1703 for Microsoft Surface Hub? + +Windows 10, version 1703 (also called the Creators Update), introduces the following changes for Microsoft Surface Hub: + +## New settings + +Settings have been added to mobile device management (MDM) and configuration service providers (CSPs) to expand the Surface Hub management capabilities. [New settings include](manage-settings-with-mdm-for-surface-hub.md): + +- InBoxApps/SkypeForBusiness/DomainName +- InBoxApps/Connect/AutoLaunch +- Properties/DefaultVolume +- Properties/ScreenTimeout +- Properties/SessionTimeout +- Properties/SleepTimeout +- Properties/AllowSessionResume +- Properties/AllowAutoProxyAuth +- Properties/DisableSigninSuggestions +- Properties/DoNotShowMyMeetingsAndFiles +- System/AllowStorageCard + +Plus settings based on the new [NetworkQoSPolicy CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) and [NetworkProxy CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/networkproxy-csp). +
+ +## Provizioning wizard + +An easy-to-use wizard helps you quickly create provisioning packages that you can apply to multiple Surface Hub devices, and includes bulk join to Azure Active Directory. [Learn how to create a provisioning package for Surface Hub.](provisioning-packages-for-certificates-surface-hub.md) + +![steps in the provision Surface Hub devices wizard](images/wcd-wizard.png) + +## Miracast on your existing wireless network or LAN + +Microsoft has extended the ability to [send a Miracast stream over a local network](miracast-over-infrastructure.md) rather than over a direct wireless link. + +## Cloud recovery + +When you reset a Surface Hub device, you now have the ability to download and install a factory build of the operating system from the cloud. [Learn more about cloud recovery.](device-reset-surface-hub.md#cloud-recovery) + +>[!NOTE] +>Cloud recovery doesn't work if you use proxy servers. + +![Reinstall](images/reinstall.png) + +## End session + +**I'm done** is now **End session**. [Learn how to use End session.](i-am-done-finishing-your-surface-hub-meeting.md) + +![end session](images/end-session.png) + + + + + + diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index cc3bd57b95..5e1c0977a8 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: support ms.sitesec: library ms.pagetype: surfacehub -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -417,29 +417,7 @@ Possible fixes for issues with Surface Hub first-run program.   -### Skype for Business - ----- - - - - - - - - - - - - - - -
IssueCausesPossible fixes

Can't call a Skype consumer from my Surface Hub.

Outgoing calls aren't supported yet.

None currently.

  @@ -622,7 +600,9 @@ This section lists status codes, mapping, user messages, and actions an admin ca     +## Related content +- [Troubleshooting Miracast connection to the Surface Hub](https://blogs.msdn.microsoft.com/surfacehub/2017/01/30/troubleshooting-miracast-connection-to-the-surface-hub/)   diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md index 3347918660..6d0b8bbda7 100644 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md @@ -2,7 +2,7 @@ title: Use fully qualified doman name with Surface Hub description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"] -author: TrudyHa +author: jdeckerms localizationpriority: medium ms.prod: w10 ms.mktglfcycl: support @@ -19,7 +19,7 @@ There are a few scenarios where you need to specify the domain name of your Skyp **To configure the domain name for your Skype for Business server**
1. On Surface Hub, open **Settings**. -2. Click **This device**, and then click **Calling**. +2. Click **Surface Hub**, and then click **Calling & Audio**. 3. Under **Skype for Business configuration**, click **Configure domain name**. 4. Type the domain name for your Skype for Business server, and then click **Ok**. > [!TIP] diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md index 0ccd6ad70d..22a91e040a 100644 --- a/devices/surface-hub/wireless-network-management-for-surface-hub.md +++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: surfacehub, networking -author: TrudyHa +author: jdeckerms localizationpriority: medium --- @@ -24,7 +24,7 @@ If a wired network connection is not available, the Surface Hub can use a wirele ### Choose a wireless access point 1. On the Surface Hub, open **Settings** and enter your admin credentials. -2. Click **System**, and then click **Network & Internet**. Under **Wi-Fi**, choose an access point. If you want Surface Hub to automatically connect to this access point, click **Connect automatically**. Click **Connect**. +2. Click **Network & Internet**. Under **Wi-Fi**, choose an access point. If you want Surface Hub to automatically connect to this access point, click **Connect automatically**. Click **Connect**. ![Image showing Wi-Fi settings, Network & Internet page.](images/networkmgtwireless-01.png) @@ -35,7 +35,7 @@ If a wired network connection is not available, the Surface Hub can use a wirele ### Review wireless settings 1. On the Surface Hub, open **Settings** and enter your admin credentials. -2. Click **System**, click **Network & Internet**, then **Wi-Fi**, and then click **Advanced options**. +2. Click **Network & Internet**, then **Wi-Fi**, and then click **Advanced options**. 3. Surface Hub shows you the properties for the wireless network connection. ![Image showing properties for connected Wi-Fi.](images/networkmgtwireless-04.png) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 09cfde4e61..1dd7b983ea 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -4,7 +4,7 @@ description: This topic lists new and updated topics in the Surface documentatio ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms --- # Change history for Surface documentation diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md index 5482418741..a2836613a7 100644 --- a/devices/surface/ltsb-for-surface.md +++ b/devices/surface/ltsb-for-surface.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library -author: jdeckerMS +author: jdeckerms --- # Long-Term Servicing Branch (LTSB) for Surface devices diff --git a/store-for-business/acquire-apps-windows-store-for-business.md b/store-for-business/acquire-apps-windows-store-for-business.md index 77563b064c..a0af9518aa 100644 --- a/store-for-business/acquire-apps-windows-store-for-business.md +++ b/store-for-business/acquire-apps-windows-store-for-business.md @@ -43,7 +43,7 @@ There are a couple of things we need to know when you pay for apps. You can add You’ll also need to have your business address saved on **Account information** or **Payments & billing**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings#organization-tax-information). -Microsoft Store adds the app to your inventory. From **Inventory**or **Apps & software**, you can: +Microsoft Store adds the app to your inventory. From **Inventory** or **Apps & software**, you can: - Distribute the app: add to private store, or assign licenses - View app licenses: review current licenses, reclaim and reassign licenses - View app details: review the app details page and purchase more licenses diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md index 491172a16d..46c453edf1 100644 --- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md +++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md @@ -77,13 +77,13 @@ After you're done, the files are saved to your desktop. You still need to sign t ## Catalog signing with Device Guard signing portal -To sign catalog files with the Device Guard signing portal, you need to be signed up with the Windows Store for Business. For more information, see [Sign up for the Windows Store for Business](sign-up-windows-store-for-business.md). +To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. For more information, see [Sign up for the Microsoft Store for Business](sign-up-windows-store-for-business.md). Catalog signing is a vital step to adding your unsigned apps to your code integrity policy. **To sign a catalog file with Device Guard signing portal** -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). 2. Click **Settings**, click **Store settings**, and then click **Device Guard**. 3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files). 4. After the files are uploaded, click **Sign** to sign the catalog files. diff --git a/store-for-business/app-inventory-management-windows-store-for-business.md b/store-for-business/app-inventory-management-windows-store-for-business.md index 71dceb3427..379618509a 100644 --- a/store-for-business/app-inventory-management-windows-store-for-business.md +++ b/store-for-business/app-inventory-management-windows-store-for-business.md @@ -31,7 +31,7 @@ Microsoft Store for Business and Education shows this info for each app in your - Access to actions for the app The last modified date tracks changes about the app as an item in your inventory. The last modified date changes when one of the following happens: -- First purchase (the date you acquire the app from Windows Store for Business) +- First purchase (the date you acquire the app from Microsoft Store for Business) - Purchase additional licenses - Assign license - Reclaim license @@ -45,14 +45,14 @@ There are a couple of ways to find specific apps, or groups of apps in your inve **Search** - Use the Search box to search for an app.
**Refine results** - Use **Refine results** to scope your list of apps by one or more of these app attributes: -- **License type** - Online or offline licenses. For more info, see [Apps in Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). +- **License type** - Online or offline licenses. For more info, see [Apps in Microsoft Store for Business](apps-in-windows-store-for-business.md#licensing-model). - **Supported devices** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory. - **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps. - **Product type** - Product categories, such as app, or game. - **Private store** - Whether or not the app is in the private store, or status if the app is being added or removed from private store. ## Manage apps in your inventory -Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table. +Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Microsoft Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table. | Action | Online-licensed app | Offline-licensed app | | ------ | ------------------- | -------------------- | @@ -77,7 +77,7 @@ Once an app is in your private store, people in your org can install the app on **To make an app in Apps & software available in your private store** -1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Micrososft Store for Education](https://businessstore.microsoft.com). +1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Use **Refine results** to search for online-licensed apps under **License type**. 4. From the list of online-licensed apps, click the ellipses for the app you want, and then choose **Add to private store**. @@ -97,7 +97,7 @@ If you decide that you don't want an app available for employees to install on t **To remove an app from the private store** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Micrososft Store for Education](https://businessstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Find an app, click the ellipses under **Action**, choose **Remove from private store**, and then click **Remove**. @@ -105,7 +105,7 @@ The app will still be in your inventory, but your employees will not have access **To assign an app to an employee** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Micrososft Store for Education](https://businessstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Inventory**. 3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**. 4. Type the email address for the employee that you're assigning the app to, and click **Confirm**. @@ -118,7 +118,7 @@ For each app in your inventory, you can view and manage license details. This gi **To view license details** -1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Micrososft Store for Education](https://businessstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Click an app you want to manage. 4. On the app page, you'll see the names of people in your organization who have installed the app and are using one of the licenses. From here, you can: @@ -134,7 +134,7 @@ You can assign the app to more people in your organization, or reclaim licenses. - On the app page, click **Assign users**, type the email address for the person that you're assigning the app to, and click **Assign**. -Micrososft Store updates the list of assigned licenses. +Microsoft Store updates the list of assigned licenses. **To reclaim licenses** @@ -147,7 +147,7 @@ You can purchase additional licenses for apps in your Inventory. **To purchase additional app licenses** -1. Sign in to [Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Micrososft Store for Education](https://businessstore.microsoft.com) +1. Sign in to [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845) or [Microsoft Store for Education](https://businessstore.microsoft.com) 2. Click **Manage**, and then choose **Apps & software**. 3. From **Apps & software**, click an app. 4. On the app page, click **Buy more** for additional licenses, or click **Assign users** to manage your current licenses. diff --git a/store-for-business/apps-in-windows-store-for-business.md b/store-for-business/apps-in-windows-store-for-business.md index da6eb860b6..4c037486e6 100644 --- a/store-for-business/apps-in-windows-store-for-business.md +++ b/store-for-business/apps-in-windows-store-for-business.md @@ -36,17 +36,17 @@ Apps in your inventory will have at least one of these supported platforms liste - Windows 10 Surface Hub - Windows 10 HoloLens -Apps that you acquire from the Microsoft Store only work on Windows 10-based devices. Even though an app might list Windows 8 as its supported platform, that tells you what platform the app was originally written for. Apps developed for Windows 8, or Windows Phone 8 will work on Windows 10. +Apps that you acquire from Microsoft Store only work on Windows 10-based devices. Even though an app might list Windows 8 as its supported platform, that tells you what platform the app was originally written for. Apps developed for Windows 8, or Windows Phone 8 will work on Windows 10. Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. -Some apps which are available to consumers in the Windows Store might not be available to organizations in the Microsoft Store for Business and Education. App developers can opt-out their apps, and they also need to meet eligibility requirements for Microsoft Store for Business and Education. For more information, see [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing). +Some apps which are available to consumers in the Windows Store might not be available to organizations in Microsoft Store for Business and Education. App developers can opt-out their apps, and they also need to meet eligibility requirements for Microsoft Store for Business and Education. For more information, see [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing). -Line-of-business (LOB) apps are also supported using the Micrososft Store. Admins can invite IT devs and ISVs to be LOB publishers. Apps developed by your LOB publishers that are submitted to Microsoft Store are only available to your organization. Once an administrator accepts an app submitted by one of their LOB publishers, the app can be distributed just like any other app. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md). +Line-of-business (LOB) apps are also supported using Microsoft Store. Admins can invite IT devs and ISVs to be LOB publishers. Apps developed by your LOB publishers that are submitted to Microsoft Store are only available to your organization. Once an administrator accepts an app submitted by one of their LOB publishers, the app can be distributed just like any other app. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md). ## In-app purchases -Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Micrososft Store and distributed to employees. +Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Microsoft Store and distributed to employees. If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization’s inventory. @@ -55,7 +55,7 @@ If an employee makes an in-app purchase, they'll make it with their personal Mic Microsoft Store supports two options to license apps: online and offline. ### Online licensing -Online licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require customers and devices to connect to the Microsoft Store service to acquire an app and its license. License management is enforced based on the user’s Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update. +Online licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user’s Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update. Distribution options for online-licensed apps include the ability to: @@ -64,11 +64,11 @@ Distribution options for online-licensed apps include the ability to: - Distribute through a management tool. ### Offline licensing -Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store. This model means organizations can deploy apps when users or devices do not have connectivity to Microsost Store. Admins control whether or not offline apps are available in Microsost Store with an offline app visibility setting. For more information, see [offline license visibility](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings#offline-licensing). +Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store. This model means organizations can deploy apps when users or devices do not have connectivity to Microsoft Store. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. For more information, see [offline license visibility](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings#offline-licensing). You have the following distribution options for offline-licensed apps: - Include the app in a provisioning package, and then use it as part of imaging a device. - Distribute the app through a management tool. -For more information, see [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md). \ No newline at end of file +For more information, see [Distribute apps to your employees from Microsoft Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md). \ No newline at end of file diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md index cffba1a162..b2c821a77a 100644 --- a/store-for-business/assign-apps-to-employees.md +++ b/store-for-business/assign-apps-to-employees.md @@ -18,7 +18,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -Adminis, Purchasers, and Basic Purchasers can assign online-licensed apps to employees in their organization. +Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization. **To assign an app to an employee** diff --git a/store-for-business/configure-mdm-provider-windows-store-for-business.md b/store-for-business/configure-mdm-provider-windows-store-for-business.md index c11269d2f5..455c12dea0 100644 --- a/store-for-business/configure-mdm-provider-windows-store-for-business.md +++ b/store-for-business/configure-mdm-provider-windows-store-for-business.md @@ -16,7 +16,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -For companies or organizations using mobile device management (MDM) tools,those tools can synchronize with Windows Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content. +For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Windows Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content. Your management tool needs to be installed and configured with Azure AD, in the same directory that you are using for Store for Business. Once that's done, you can configure it to work with Store for Business @@ -34,7 +34,7 @@ After your management tool is added to your Azure AD directory, you can configur 2. Click **Manage**, click **Store settings**, and then click **Management tools**. 3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.** -Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchroniztion and deploy apps, see these topics: +Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics: - [Manage apps you purchased from Windows Store for Business with Microsoft Intune](https://technet.microsoft.com/library/mt676514.aspx) - [Manage apps from Windows Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md index de51622611..4365cacfe3 100644 --- a/store-for-business/device-guard-signing-portal.md +++ b/store-for-business/device-guard-signing-portal.md @@ -18,7 +18,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -Device Guard signing is a Device Guard feature that is available in Microsoft Store for Business and Education. It gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files,they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files. +Device Guard signing is a Device Guard feature that is available in Microsoft Store for Business and Education. It gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files. Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features use new virtualization-based security options and the trust-nothing mobile device operating system model. A key feature in this model is called configurable code integrity, which allows your organization to choose exactly which software or trusted software publishers are allowed to run code on your client machines. Also, Device Guard offers organizations a way to sign existing line-of-business (LOB) applications so that they can trust their own code, without the requirement that the application be repackaged. Also, this same method of signing allows organizations to trust individual third-party applications. For more information, see [Device Guard deployment guide](https://technet.microsoft.com/library/mt463091.aspx). diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md index 608cfdca5f..f93a4ac288 100644 --- a/store-for-business/distribute-apps-from-your-private-store.md +++ b/store-for-business/distribute-apps-from-your-private-store.md @@ -24,7 +24,7 @@ You can make an app available in your private store when you acquire the app, or **To acquire an app and make it available in your private store** -1. Sign in to [Micrososft Store for Business](https://businessstore.microsoft.com) or [Micrososft Store for Education](https://educationstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click an app, choose the license type, and then click **Get the app** to acquire the app for your organization. @@ -34,7 +34,7 @@ Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps & **To make an app in Apps & software available in your private store** -1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Micrososft Store for Education](https://educationstore.microsoft.com). +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. diff --git a/store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md index b72519ba89..21a610dc18 100644 --- a/store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md +++ b/store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md @@ -25,7 +25,7 @@ Distribute apps to your employees from Microsoft Store for Business and Microsof | Topic | Description | | ----- | ----------- | | [Distribute apps using your private store](distribute-apps-from-your-private-store.md) | The private store is a feature in Microsoft Store that organizations and schools receive during the signup process. When admins add apps to the private store, all people in the organization can view and download the apps. Only apps with online licenses can be added to the private store. | -| [Assign apps to employees](assign-apps-to-employees.md) | Adminis can assign online-licensed apps to people in their organization. | +| [Assign apps to employees](assign-apps-to-employees.md) | Admins can assign online-licensed apps to people in their organization. | | [Distribute apps with a management tool](distribute-apps-with-management-tool.md) | Admins can configure a mobile device management (MDM) tool to synchronize your Microsoft Store inventory. Microsoft Store management tool services work with MDM tools to manage content. | | [Distribute offline apps](distribute-offline-apps.md) | Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. This allows organizations to deploy apps to devices without connectivity to the Store. | diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 2e540c478f..72078b74da 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -18,7 +18,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in the Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store. +Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store. ## Why offline-licensed apps? @@ -32,15 +32,15 @@ Offline-licensed apps offer an alternative to online apps, and provide additiona ## Distribution options for offline-licensed apps -You can't distribute offline-licensed apps directly from the Microsoft Store. Once you download the items for the offline-licensed app, you have options for distributing the apps: +You can't distribute offline-licensed apps directly from Microsoft Store. Once you download the items for the offline-licensed app, you have options for distributing the apps: - **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows). - **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://technet.microsoft.com/itpro/windows/deploy/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). - **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics: - - [Manage apps from Windows Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - - [Manage apps from Windows Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
+ - [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) + - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
For third-party MDM providers or management servers, check your product documentation. diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md index 36e3b78d0b..e6f9bc8157 100644 --- a/store-for-business/manage-access-to-private-store.md +++ b/store-for-business/manage-access-to-private-store.md @@ -19,9 +19,9 @@ author: TrudyHa You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education. -You can control the set of apps that are available to your employees and students, and not show the full set of applications that are in the Windows Store. Using the private store with the Micrososft Store for Business and Eduction, admins can curate the set of apps that are available. +You can control the set of apps that are available to your employees and students, and not show the full set of applications that are in Windows Store. Using the private store with the Microsoft Store for Business and Education, admins can curate the set of apps that are available. -The private store is a feature in Store for Business that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in the Windows Store, and is usually named for your company or organization. Only apps with online licenses can be added to the private store. Your private store looks something like this: +The private store is a feature in Store for Business that organizations receive during the sign up process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Windows Store, and is usually named for your company or organization. Only apps with online licenses can be added to the private store. Your private store looks something like this: @@ -29,7 +29,7 @@ Organizations can use either an MDM policy, or Group Policy to show only their p ## Show private store only using MDM policy -Organizations using an MDM to manage apps can use a policy to show only the private store. When your MDM supports the Store for Business, the MDM can use the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx). More specifically, the [ApplicationManagement/RequirePrivateStoreOnly](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#ApplicationManagement_RequirePrivateStoreOnly) policy. +Organizations using an MDM to manage apps can use a policy to show only the private store. When your MDM supports Microsoft Store for Business, the MDM can use the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx). More specifically, the [ApplicationManagement/RequirePrivateStoreOnly](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#ApplicationManagement_RequirePrivateStoreOnly) policy. **ApplicationManagement/RequirePrivateStoreOnly** policy is supported on the following Windows 10 editions: - Enterprise @@ -43,7 +43,7 @@ For more information on configuring an MDM provider, see [Configure an MDM provi If you're using Microsoft Store and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Windows Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store. -**Only display the private store within the Windows Store app** group policy is supported on the following Windows 10 editions: +**Only display the private store within Windows Store app** group policy is supported on the following Windows 10 editions: - Enterprise - Education @@ -53,13 +53,13 @@ If you're using Microsoft Store and you want employees to only see apps you're m 2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then click **Store**. -3. Right-click **Only display the private store within the Windows Store app** in the right pane, and click **Edit**. +3. Right-click **Only display the private store within Windows Store app** in the right pane, and click **Edit**. This opens the **Only display the private store within the Windows Store app** policy settings. 4. On the **Only display the private store within the Windows Store app** setting page, click **Enabled**, and then click **OK**. -You can also prevent employees from using the Windows Store. For more information, see [Configure access to Windows Store](/windows/configuration/stop-employees-from-using-the-windows-store). +You can also prevent employees from using Windows Store. For more information, see [Configure access to Windows Store](/windows/configuration/stop-employees-from-using-the-windows-store). ## Related topics diff --git a/store-for-business/manage-orders-windows-store-for-business.md b/store-for-business/manage-orders-windows-store-for-business.md index ee1a065e82..eb5218d9ec 100644 --- a/store-for-business/manage-orders-windows-store-for-business.md +++ b/store-for-business/manage-orders-windows-store-for-business.md @@ -29,7 +29,7 @@ Click to expand an order, and the following info is available: ## Invoices -Invoices for orders are available approximatley 24 hours after your purchase. The link opens a .pdf that you can save for your records. +Invoices for orders are available approximately 24 hours after your purchase. The link opens a .pdf that you can save for your records. ## Refund an order @@ -43,13 +43,13 @@ Refunds work a little differently for free apps, and apps that have a price. In There are a few requirements for apps that have a price: - **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30. - - **Avaialble licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization. + - **Avaialable licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization. - **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory. **To refund an order** Reclaim licenses, and then request a refund. If you haven't assigned licenses, start on step 5. -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Apps & software**. 3. Find the app you want to refund, click the ellipses under **Actions**, and then choose **View license details**. 4. Select the the people who you want to reclaim license from, click the ellipses under **Actions**, and then choose **Reclaim licenses**. diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md index 5f93dc0e99..470e99fbed 100644 --- a/store-for-business/manage-private-store-settings.md +++ b/store-for-business/manage-private-store-settings.md @@ -17,9 +17,9 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -The private store is a feature in the Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. +The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store. -The name of your private store is shown on a tab in the Windows Store app, or on [Microsoft Store for Business](https://businessstore.microsoft.com), or [Microsoft Store for Education](https://educationstore.microsoft.com). +The name of your private store is shown on a tab in Windows Store app, or on [Microsoft Store for Business](https://businessstore.microsoft.com), or [Microsoft Store for Education](https://educationstore.microsoft.com). ![Image showing Windows Store app with private store tab highlighted.](images/wsfb-wsappprivatestore.png) @@ -28,18 +28,9 @@ You can change the name of your private store in Microsoft Store. ## Change private store name **To change the name of your private store** -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com) +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) 2. Click **Manage**, click **Permissions**. 3. On the **Private store ** tab, click **Change**. 4. Type a new display name for your private store, and click **Save**. - ![Image showing Private store dialog used to change private store display name.](images/wsfb-renameprivatestore.png) - -  - -  - - - - - + ![Image showing Private store dialog used to change private store display name.](images/wsfb-renameprivatestore.png) \ No newline at end of file diff --git a/store-for-business/manage-settings-windows-store-for-business.md b/store-for-business/manage-settings-windows-store-for-business.md index e7c764ce7d..906f3174a0 100644 --- a/store-for-business/manage-settings-windows-store-for-business.md +++ b/store-for-business/manage-settings-windows-store-for-business.md @@ -1,5 +1,5 @@ --- -title: Manage settings for the Microsoft Store for Business and Microsoft Store for Education (Windows 10) +title: Manage settings for Microsoft Store for Business and Microsoft Store for Education (Windows 10) description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant. ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895 ms.prod: w10 @@ -10,7 +10,7 @@ author: TrudyHa localizationpriority: high --- -# Manage settings for the Microsoft Store for Business and Education +# Manage settings for Microsoft Store for Business and Education **Applies to** @@ -18,13 +18,13 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant +You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant. ## In this section | Topic | Description | | ----- | ----------- | | [Update Microsoft Store for Business and Education account settings](update-windows-store-for-business-account-settings.md) | The **Account information** page in Microsoft Store for Business shows information about your organization that you can update, including: organization information, payment options, and offline licensing settings. | -| [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md) | Store for Business manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-windows-store-for-business.md), but not to groups. | +| [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md) | Microsoft Store for Business manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-windows-store-for-business.md), but not to groups. | diff --git a/store-for-business/manage-users-and-groups-windows-store-for-business.md b/store-for-business/manage-users-and-groups-windows-store-for-business.md index 1b56584329..f2cc141ca7 100644 --- a/store-for-business/manage-users-and-groups-windows-store-for-business.md +++ b/store-for-business/manage-users-and-groups-windows-store-for-business.md @@ -21,7 +21,7 @@ localizationpriority: high Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-windows-store-for-business.md), but not to groups. ## Why Azure AD accounts? -For organizations planning to use the private store feature with Store for Business, we recommend that you also configure cloud domain join. This provides a seamless integration between the identity your admin and employees will use to sign in to Windows and the Microsoft Store for Business. +For organizations planning to use the private store feature with Store for Business, we recommend that you also configure cloud domain join. This provides a seamless integration between the identity your admin and employees will use to sign in to Windows and Microsoft Store for Business. Azure AD is an Azure service that provides identity and access management capabilities using the cloud. It is primarily designed to provide this service for cloud- or web-based applications that need to access your local Active Directory information. Azure AD identity and access management includes: diff --git a/store-for-business/prerequisites-windows-store-for-business.md b/store-for-business/prerequisites-windows-store-for-business.md index 2bd8d40451..c76035ac35 100644 --- a/store-for-business/prerequisites-windows-store-for-business.md +++ b/store-for-business/prerequisites-windows-store-for-business.md @@ -27,7 +27,7 @@ You'll need this software to work with Microsoft Store for Business or Education ### Required - IT Pros that are administering Microsoft Store for Business and Education need a browser compatible with Microsoft Store for Business and Education running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox. Javascript needs to be supported and enabled. -- Employees using apps from Micrsoft Store for Business and Education need at least Windows 10, version 1511 running on a PC or mobile device. +- Employees using apps from Microsoft Store for Business and Education need at least Windows 10, version 1511 running on a PC or mobile device. Microsoft Azure Active Directory (AD) or Office 365 accounts for your employees: - IT Pros need Azure AD or Office 365 accounts to sign up for Microsoft Store for Business and Education, and then to sign in, get apps, distribute apps, and manage app licenses. @@ -41,9 +41,9 @@ For more information on Azure AD, see [About Office 365 and Azure Active Directo While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. If you're considering using management tools, check with the management tool vendor to see if they support Microsoft Store for Business and Education. The management tool will need to: - Integrate with the Windows 10 management framework and Azure AD. -- Sync with the Microsoft Store for Business and Education inventory to distribute apps. +- Sync with Microsoft Store for Business and Education inventory to distribute apps. -### Proxy configuration +## Proxy configuration If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store. Some of the Microsoft Store features use Windows Store app and Microsoft Store services. Devices using Microsoft Store – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy sever to block traffic, your configuration needs to allow these URLs: diff --git a/store-for-business/roles-and-permissions-windows-store-for-business.md b/store-for-business/roles-and-permissions-windows-store-for-business.md index fc3fbae54c..7a3cd37936 100644 --- a/store-for-business/roles-and-permissions-windows-store-for-business.md +++ b/store-for-business/roles-and-permissions-windows-store-for-business.md @@ -34,7 +34,7 @@ This table lists the global user accounts and the permissions they have in Micro | Distribute apps | X | X |   -- **Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for the Microsoft Store. +- **Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store. - **Billing Administrator** - IT Pros with this account have the same permissions as Microsoft Store Purchaser role. @@ -91,5 +91,5 @@ These permissions allow people to: -4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in the Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md). +4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md). diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md index 75d490b304..28adabcee9 100644 --- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md +++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md @@ -29,7 +29,7 @@ Before you get started, be sure to review these best practices: **To sign a code integrity policy** -1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, click **Store settings**, and then click **Device Guard**. 3. Click **Upload** to upload your code integrity policy. 4. After the files are uploaded, click **Sign** to sign the code integrity policy. diff --git a/store-for-business/sign-up-windows-store-for-business-overview.md b/store-for-business/sign-up-windows-store-for-business-overview.md index b96261fb90..8b61671bfe 100644 --- a/store-for-business/sign-up-windows-store-for-business-overview.md +++ b/store-for-business/sign-up-windows-store-for-business-overview.md @@ -17,7 +17,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -IT admins can sign up for the Microsoft Store for Business and Education, and get started working with apps. +IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps. ## In this section @@ -26,8 +26,8 @@ IT admins can sign up for the Microsoft Store for Business and Education, and ge | [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. | | [Prerequisites for Microsoft Store for Business and Education](prerequisites-windows-store-for-business.md) | There are a few prerequisites for using Microsoft Store for Business and Education. | | [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-windows-store-for-business.md) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. | -| [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md) | The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. | -| [Settings reference: Microsoft Store for Business and Education](settings-reference-windows-store-for-business.md) | The Microsoft Store for Business and Education has a group of settings that admins use to manage the store. | +| [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md) | The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. | +| [Settings reference: Microsoft Store for Business and Education](settings-reference-windows-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. | diff --git a/store-for-business/sign-up-windows-store-for-business.md b/store-for-business/sign-up-windows-store-for-business.md index adccdea373..f716149cbc 100644 --- a/store-for-business/sign-up-windows-store-for-business.md +++ b/store-for-business/sign-up-windows-store-for-business.md @@ -29,7 +29,7 @@ Before signing up for Microsoft Store, make sure you're the global administrator 1. Go to [https://www.microsoft.com/business-store](https://www.microsoft.com/business-store), or [https://www.microsoft.com/education-store](https://www.microsoft.com/education-store) and click **Sign up**. - - If you start the Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome). + - If you start Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome). @@ -88,7 +88,7 @@ Before signing up for Microsoft Store, make sure you're the global administrator After signing up for Microsoft Store for Business or Microsoft Store for Education, you can: - **Add users to your Azure AD directory**. If you created your Azure AD directory during sign up, additional user accounts are required for employees to install apps you assign to them, or to browse the private store in Store app. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md). -- **Assign roles to employees**. For more information, see [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md). +- **Assign roles to employees**. For more information, see [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md).   diff --git a/store-for-business/update-windows-store-for-business-account-settings.md b/store-for-business/update-windows-store-for-business-account-settings.md index 29d1144790..e2266ea8a6 100644 --- a/store-for-business/update-windows-store-for-business-account-settings.md +++ b/store-for-business/update-windows-store-for-business-account-settings.md @@ -26,7 +26,7 @@ We need your business address, email contact, and tax-exemption certificates tha Before purchasing apps that have a fee, you need to add or update your organization's business address, and contact email address. -We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through the Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in the Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase. +We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase. We need an email address in case we need to contact you about your Microsoft Store for Business and Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store. @@ -99,7 +99,7 @@ For example:
($1.29 X .095) X 100 = $12.25 ## Payment options -You can purchase apps from the Microsoft Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: +You can purchase apps from Microsoft Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: 1. VISA 2. MasterCard 3. Discover @@ -147,6 +147,4 @@ Admins can decide whether or not offline licenses are shown for apps in Microsof You have the following distribution options for offline-licensed apps: - Include the app in a provisioning package, and then use it as part of imaging a device. - Distribute the app through a management tool. -For more information, see [Distribute apps to your employees from the Store for Business](distribute-apps-with-management-tool.md). - - +For more information, see [Distribute apps to your employees from the Store for Business](distribute-apps-with-management-tool.md). \ No newline at end of file diff --git a/store-for-business/windows-store-for-business-overview.md b/store-for-business/windows-store-for-business-overview.md index 5640ea1f23..92902b6347 100644 --- a/store-for-business/windows-store-for-business-overview.md +++ b/store-for-business/windows-store-for-business-overview.md @@ -57,7 +57,7 @@ Microsoft Azure Active Directory (AD) accounts for your employees: - Employees need Azure AD account when they access Store for Business content from Windows devices. - If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account - For offline-licensed apps, Azure AD accounts are not required for employees. -- Admins can add or remove user accounts in the Office 365 admin center, even if you don’t have an Office 365 subscrition. You can access the Office 365 admin portal directly from the Microsoft Store for Business and Eduction. +- Admins can add or remove user accounts in the Office 365 admin center, even if you don’t have an Office 365 subscription. You can access the Office 365 admin portal directly from the Microsoft Store for Business and Education. For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611). @@ -79,7 +79,7 @@ For more information, see [Sign up for the Store for Business](sign-up-windows-s ## Set up -After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions. +After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions. | Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing | | ---------- | ---------------- | ------------ | --------------- | -------------------- | @@ -129,7 +129,7 @@ App distribution is handled through two channels, either through the Store for B - Scoped content distribution – Ability to scope content distribution to specific groups of employees. - Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees. -Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata,management tools can enable portals or apps as a destination for employees to acquire apps. +Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps. For more information, see [Distribute apps to your employees from the Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md). @@ -137,7 +137,7 @@ For more information, see [Distribute apps to your employees from the Store for Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory. -**Manage Store for Business settings** +**Manage Microsoft Store for Business settings** - Assign and change roles for employees or groups - Device Guard signing - Register a management server to deploy and install content @@ -155,7 +155,7 @@ For more information, see [Manage settings in the Store for Business](manage-set ## Supported markets -Store for Business is currently available in these markets. +Microsoft Store for Business and Education is currently available in these markets. diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md index f991c3a1e0..ca39d9903b 100644 --- a/store-for-business/working-with-line-of-business-apps.md +++ b/store-for-business/working-with-line-of-business-apps.md @@ -17,7 +17,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school,business, or industry. +Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school, business, or industry. Developers within your organization, or ISVs that you invite, can become LOB publishers and submit apps to Microsoft Store for your company or school. Once an LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in the Store, and then can be managed or deployed using the same process as any other app that has been acquired through the Store. @@ -88,7 +88,7 @@ For more information, see [Organizational licensing options]( https://go.microso ## Add app to inventory (admin) -After an ISV submits the LOB app for your company or school, someone with Microsoft Store for Business and Eduction admin permissions needs to accept the app. +After an ISV submits the LOB app for your company or school, someone with Microsoft Store for Business and Education admin permissions needs to accept the app. **To add the LOB app to your inventory** diff --git a/windows/access-protection/configure-s-mime.md b/windows/access-protection/configure-s-mime.md index bce814e3d6..61abd34c67 100644 --- a/windows/access-protection/configure-s-mime.md +++ b/windows/access-protection/configure-s-mime.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md index 1e16d409a2..c6d37fa5e8 100644 --- a/windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md +++ b/windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-authentication.md b/windows/access-protection/vpn/vpn-authentication.md index e248b304f6..fa0b7a5592 100644 --- a/windows/access-protection/vpn/vpn-authentication.md +++ b/windows/access-protection/vpn/vpn-authentication.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-auto-trigger-profile.md b/windows/access-protection/vpn/vpn-auto-trigger-profile.md index 3b63ffa494..dbbe91c8cb 100644 --- a/windows/access-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/access-protection/vpn/vpn-auto-trigger-profile.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-conditional-access.md b/windows/access-protection/vpn/vpn-conditional-access.md index 4a4f96248d..073b24b8fd 100644 --- a/windows/access-protection/vpn/vpn-conditional-access.md +++ b/windows/access-protection/vpn/vpn-conditional-access.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-connection-type.md b/windows/access-protection/vpn/vpn-connection-type.md index bbf5c689d1..39f933d548 100644 --- a/windows/access-protection/vpn/vpn-connection-type.md +++ b/windows/access-protection/vpn/vpn-connection-type.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-guide.md b/windows/access-protection/vpn/vpn-guide.md index d77847b083..138b74295c 100644 --- a/windows/access-protection/vpn/vpn-guide.md +++ b/windows/access-protection/vpn/vpn-guide.md @@ -4,7 +4,7 @@ description: Use this guide to configure VPN deployment for Windows 10. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-name-resolution.md b/windows/access-protection/vpn/vpn-name-resolution.md index a167777105..1a40cd73b6 100644 --- a/windows/access-protection/vpn/vpn-name-resolution.md +++ b/windows/access-protection/vpn/vpn-name-resolution.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-profile-options.md b/windows/access-protection/vpn/vpn-profile-options.md index 77af3754f6..58f005e2be 100644 --- a/windows/access-protection/vpn/vpn-profile-options.md +++ b/windows/access-protection/vpn/vpn-profile-options.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-routing.md b/windows/access-protection/vpn/vpn-routing.md index 3372161696..597d5cad4a 100644 --- a/windows/access-protection/vpn/vpn-routing.md +++ b/windows/access-protection/vpn/vpn-routing.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/access-protection/vpn/vpn-security-features.md b/windows/access-protection/vpn/vpn-security-features.md index 5fd8b19932..ed34d30dc0 100644 --- a/windows/access-protection/vpn/vpn-security-features.md +++ b/windows/access-protection/vpn/vpn-security-features.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, networking -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/application-management/index.md b/windows/application-management/index.md index 9fd65e3fa8..b7ce77366d 100644 --- a/windows/application-management/index.md +++ b/windows/application-management/index.md @@ -4,7 +4,7 @@ description: Windows 10 application management ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index a7d5203f8a..60a5ca32e6 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -5,7 +5,7 @@ ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8 ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index e67fdf2234..cb6ad29962 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/client-management/index.md b/windows/client-management/index.md index 5ee8fc4e71..7dc6c63ae6 100644 --- a/windows/client-management/index.md +++ b/windows/client-management/index.md @@ -4,7 +4,7 @@ description: Windows 10 client management ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md index 1b2593fec1..a7c3befabe 100644 --- a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md +++ b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index a966ef1982..b5e9a331ae 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index ed2c748110..1607cad11f 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index f3344f6f15..78f0c04704 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -5,7 +5,7 @@ keywords: [".man","ntuser"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms --- # Create mandatory user profiles diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 2d0e3ccf37..29b5b23d90 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -6,7 +6,7 @@ keywords: ["MDM", "Group Policy"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/client-management/reset-a-windows-10-mobile-device.md b/windows/client-management/reset-a-windows-10-mobile-device.md index 7a18801dd0..ea6eb5cda2 100644 --- a/windows/client-management/reset-a-windows-10-mobile-device.md +++ b/windows/client-management/reset-a-windows-10-mobile-device.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 4236b5e7da..10733f5cf7 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Change history for Configure Windows 10 diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index f45dbd39c6..0cdcbc76fc 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -6,7 +6,7 @@ keywords: ["group policy", "start menu", "start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/configure-devices-without-mdm.md b/windows/configuration/configure-devices-without-mdm.md index 1c9093477b..93a12aba20 100644 --- a/windows/configuration/configure-devices-without-mdm.md +++ b/windows/configuration/configure-devices-without-mdm.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile, devices -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md index 9ba2624f45..7b332830bc 100644 --- a/windows/configuration/configure-windows-10-taskbar.md +++ b/windows/configuration/configure-windows-10-taskbar.md @@ -5,7 +5,7 @@ keywords: ["taskbar layout","pin apps"] ms.prod: W10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- # Configure Windows 10 taskbar diff --git a/windows/configuration/configure-windows-telemetry-in-your-organization.md b/windows/configuration/configure-windows-telemetry-in-your-organization.md index 3cc807c64a..10b155e2d8 100644 --- a/windows/configuration/configure-windows-telemetry-in-your-organization.md +++ b/windows/configuration/configure-windows-telemetry-in-your-organization.md @@ -98,7 +98,7 @@ Windows telemetry also helps Microsoft better understand how customers use (or d ### Insights into your own organization -Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Upgrade Readiness](/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). +Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). #### Upgrade Readiness diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index a7c154e348..adf99d68fe 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -6,7 +6,7 @@ keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 170d81d10d..816c2dfba0 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -6,7 +6,7 @@ keywords: ["Start layout", "start menu", "layout", "group policy"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md index 5255a639ff..3a731ffc48 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md @@ -6,7 +6,7 @@ keywords: ["start screen", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md index 842bde95de..2046f28cd5 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md @@ -6,7 +6,7 @@ keywords: ["Start layout", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index 0c36993eea..fc598eebe1 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -5,7 +5,7 @@ keywords: ["kiosk", "lockdown", "assigned access"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/index.md b/windows/configuration/index.md index 28bf0e8e33..1432e34058 100644 --- a/windows/configuration/index.md +++ b/windows/configuration/index.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Configure Windows 10 diff --git a/windows/configuration/kiosk-shared-pc.md b/windows/configuration/kiosk-shared-pc.md index d5d72c26b4..97daba286f 100644 --- a/windows/configuration/kiosk-shared-pc.md +++ b/windows/configuration/kiosk-shared-pc.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: medium -author: jdeckerMS +author: jdeckerms --- # Configure kiosk and shared devices running Windows desktop editions diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 4430902cec..fd04412683 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: edu, security -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/lock-down-windows-10.md b/windows/configuration/lock-down-windows-10.md index d4ab1e35cb..3d2b718c3d 100644 --- a/windows/configuration/lock-down-windows-10.md +++ b/windows/configuration/lock-down-windows-10.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security, mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index 7c72bb6e2b..c7ee249a2d 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerMS +author: jdeckerms localizationpriority: high --- @@ -36,12 +36,12 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be - + - + diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 713019ca33..18fc7be5b4 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -549,9 +549,11 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| | Browser/AllowAutoFill | Choose whether employees can use autofill on websites.
Default: Allowed | | Browser/AllowDoNotTrack | Choose whether employees can send Do Not Track headers.
Default: Not allowed | +| Browser/AllowMicrosoftCompatbilityList | Specify the Microsoft compatibility list in Microsoft Edge.
Default: Enabled | | Browser/AllowPasswordManager | Choose whether employees can save passwords locally on their devices.
Default: Allowed | | Browser/AllowSearchSuggestionsinAddressBar | Choose whether the address bar shows search suggestions..
Default: Allowed | | Browser/AllowSmartScreen | Choose whether SmartScreen is turned on or off.
Default: Allowed | +| Browser/FirstRunURL | Choose the home page for Microsoft Edge on Windows Mobile 10.
Default: blank | For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx). diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md index 4b28a45ad9..de1c017907 100644 --- a/windows/configuration/manage-tips-and-suggestions.md +++ b/windows/configuration/manage-tips-and-suggestions.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/configure-mobile.md b/windows/configuration/mobile-devices/configure-mobile.md index db4bb93e0f..ecb327e4a5 100644 --- a/windows/configuration/mobile-devices/configure-mobile.md +++ b/windows/configuration/mobile-devices/configure-mobile.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Configure Windows 10 Mobile devices diff --git a/windows/configuration/mobile-devices/lockdown-xml.md b/windows/configuration/mobile-devices/lockdown-xml.md index a6904b3499..054f2423b3 100644 --- a/windows/configuration/mobile-devices/lockdown-xml.md +++ b/windows/configuration/mobile-devices/lockdown-xml.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security, mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/mobile-lockdown-designer.md b/windows/configuration/mobile-devices/mobile-lockdown-designer.md index 4ae14d1eaa..33a512ae37 100644 --- a/windows/configuration/mobile-devices/mobile-lockdown-designer.md +++ b/windows/configuration/mobile-devices/mobile-lockdown-designer.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: medium -author: jdeckerMS +author: jdeckerms --- # Use the Lockdown Designer app to create a Lockdown XML file diff --git a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md index f2a3295ba9..a3076896bb 100644 --- a/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md +++ b/windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/provisioning-configure-mobile.md b/windows/configuration/mobile-devices/provisioning-configure-mobile.md index 40dbf0878d..07adaea24d 100644 --- a/windows/configuration/mobile-devices/provisioning-configure-mobile.md +++ b/windows/configuration/mobile-devices/provisioning-configure-mobile.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Use Windows Configuration Designer to configure Windows 10 Mobile devices diff --git a/windows/configuration/mobile-devices/provisioning-nfc.md b/windows/configuration/mobile-devices/provisioning-nfc.md index 96659b0229..e9da325a36 100644 --- a/windows/configuration/mobile-devices/provisioning-nfc.md +++ b/windows/configuration/mobile-devices/provisioning-nfc.md @@ -4,7 +4,7 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/provisioning-package-splitter.md b/windows/configuration/mobile-devices/provisioning-package-splitter.md index a6842ac37c..3204fd85b1 100644 --- a/windows/configuration/mobile-devices/provisioning-package-splitter.md +++ b/windows/configuration/mobile-devices/provisioning-package-splitter.md @@ -4,7 +4,7 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md index 6eb9545022..32ff70af9b 100644 --- a/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ b/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md index 6e0e342400..5f5c0e2193 100644 --- a/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md +++ b/windows/configuration/mobile-devices/settings-that-can-be-locked-down.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: mobile -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/mobile-devices/start-layout-xml-mobile.md b/windows/configuration/mobile-devices/start-layout-xml-mobile.md index 8096be33e4..fb967c625a 100644 --- a/windows/configuration/mobile-devices/start-layout-xml-mobile.md +++ b/windows/configuration/mobile-devices/start-layout-xml-mobile.md @@ -5,7 +5,7 @@ keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index 80b0bc6cb7..655266907f 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -5,7 +5,7 @@ ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6 ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index eba24fd12d..8c55fb568e 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -6,7 +6,7 @@ keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md index 65013e78c7..de91fcd4cb 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md @@ -5,7 +5,7 @@ keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 90927d2a53..835fa8a371 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -5,7 +5,7 @@ keywords: ["runtime provisioning", "provisioning package"] ms.prod: W10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md index bc88e92479..5ff8a5efe4 100644 --- a/windows/configuration/provisioning-packages/provisioning-apply-package.md +++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md @@ -4,7 +4,7 @@ description: Provisioning packages can be applied to a device during the first-r ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md index a2e16343b0..79a293c1b6 100644 --- a/windows/configuration/provisioning-packages/provisioning-command-line.md +++ b/windows/configuration/provisioning-packages/provisioning-command-line.md @@ -4,7 +4,7 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index 3beb70be19..6607c821d3 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -4,7 +4,7 @@ description: With Windows 10, you can create provisioning packages that let you ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index 4b9527c0a8..e5acff9568 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -4,7 +4,7 @@ description: A provisioning package (.ppkg) is a container for a collection of c ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index f403af024d..ba730bf0b5 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -4,7 +4,7 @@ description: Learn how to install and run Windows Configuration Designer. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index 77755fdf5a..9a54b72f77 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -4,7 +4,7 @@ description: Create a provisioning package with multivariant settings to customi ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index 41222e1796..3b50ac1ed9 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -5,7 +5,7 @@ ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md index 508bada17f..28621fa4b0 100644 --- a/windows/configuration/provisioning-packages/provisioning-powershell.md +++ b/windows/configuration/provisioning-packages/provisioning-powershell.md @@ -4,7 +4,7 @@ description: ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md index d4b208b83a..e53ee20836 100644 --- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md +++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md @@ -4,7 +4,7 @@ description: With Windows 10, you can create provisioning packages that let you ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md index e4ee9c442e..fcfca68990 100644 --- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md +++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md @@ -4,7 +4,7 @@ description: This topic lists the settings that are reverted when you uninstall ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/set-up-a-device-for-anyone-to-use.md b/windows/configuration/set-up-a-device-for-anyone-to-use.md index cecb14db32..cce5f6428b 100644 --- a/windows/configuration/set-up-a-device-for-anyone-to-use.md +++ b/windows/configuration/set-up-a-device-for-anyone-to-use.md @@ -6,7 +6,7 @@ keywords: ["kiosk", "lockdown", "assigned access"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index e45dd65373..e7a7a025ab 100644 --- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -6,7 +6,7 @@ keywords: ["assigned access", "kiosk", "lockdown"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index d89c6c3063..7a88e367cf 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -5,7 +5,7 @@ keywords: ["shared pc mode"] ms.prod: W10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index 5e6da82bec..c103eb3576 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -5,7 +5,7 @@ keywords: ["start screen"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md index 83495bc80c..7480c4532f 100644 --- a/windows/configuration/start-secondary-tiles.md +++ b/windows/configuration/start-secondary-tiles.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Add image for secondary Microsoft Edge tiles diff --git a/windows/configuration/start-taskbar-lockscreen.md b/windows/configuration/start-taskbar-lockscreen.md index 13d4aba28d..cad0f022bc 100644 --- a/windows/configuration/start-taskbar-lockscreen.md +++ b/windows/configuration/start-taskbar-lockscreen.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high -author: jdeckerMS +author: jdeckerms --- # Configure Start layout, taskbar, and lock screen for Windows 10 PCs diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index b43919e728..1f432594f7 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -6,7 +6,7 @@ keywords: ["start screen", "start menu"] ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md index 42bb79449f..c68dd7afa0 100644 --- a/windows/configuration/windows-spotlight.md +++ b/windows/configuration/windows-spotlight.md @@ -6,7 +6,7 @@ keywords: ["lockscreen"] ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index 2e289b8a5b..fa59c94780 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -68,7 +68,7 @@ To run the Upgrade Readiness deployment script: 5. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. -The deployment script displays the following exit codes to let ddfyou know if it was successful, or if an error was encountered. +The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.

[Hibernate Once/Resume Many (HORM)](https://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device

 N/A

HORM is supported in Windows 10, version 1607.

HORM is supported in Windows 10, version 1607 and later.

[Unified Write Filter](https://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media

 [Unified Write Filter](https://msdn.microsoft.com/en-us/library/windows/hardware/mt572001.aspx)

The Unified Write Filter is continued in Windows 10, with the exception of HORM which has been deprecated.

The Unified Write Filter is continued in Windows 10.

[Keyboard Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations

@@ -259,5 +259,26 @@ The deployment script displays the following exit codes to let ddfyou know if it + + + + + + + + + + + + + + + + + + + + +
43 - Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. Check the logs for the exception message and HResult.
44 - Diagtrack.dll version is old, so Auth Proxy will not work.Update the PC using Windows Update/Windows Server Update Services.
45 - Diagrack.dll was not found.Update the PC using Windows Update/Windows Server Update Services.
46 - **DisableEnterpriseAuthProxy** property should be set to **1** for **ClientProxy=Telemetry** to work.Set the **DisableEnterpriseAuthProxy** registry property to **1** at key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.
47 - **TelemetryProxyServer** is not present in key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.**ClientProxy** selected is **Telemetry**, but you need to add **TelemetryProxyServer** in key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**.
48 - **CommercialID** mentioned in RunConfig.bat should be a GUID.**CommercialID** is mentioned in RunConfig.bat, but it is not a GUID. Copy the commercialID from your workspace. To find the commercialID, in the OMS portal click **Upgrade Readiness > Settings**.
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index 1e852d5221..b4ee02d408 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Activate by Proxy an Active Directory Forest diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index 082bac639c..3e03e5a68b 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Activate an Active Directory Forest Online diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 14ca79684a..9b9225de42 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index e26a0f7fc6..acf1786ec8 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index 88d5145472..70623ebb01 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Add and Manage Products diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 2ad22c3d7f..5efb1a8409 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -5,7 +5,7 @@ ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: jdeckerMS +author: jdeckerms ms.pagetype: activation --- diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index d659ae2507..61f1cd59da 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Add and Remove a Product Key diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index c8b4b71449..1ea07efda6 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- # Appendix: Information sent to Microsoft during activation diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index c5334ea193..6168096a40 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Configure Client Computers diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index d33f27e139..91604fe914 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Import and Export VAMT Data diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index eb904768ad..3c4cd55263 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index f1774ca7c8..5a296869a0 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index eed5461a87..0418bd6a7c 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index e88d197a83..767086f01e 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 133b8e6966..06e3d0da40 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Introduction to VAMT diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index beed3fb86f..ed9eb06fee 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Perform KMS Activation diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index 72b132e799..00e5d02250 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Perform Local Reactivation diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index effac81fd1..ff91afb865 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Manage Activations diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index a495718fe7..dd978d039a 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Manage Product Keys diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index 00bbd3982f..5062e4e819 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Manage VAMT Data diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index 65311aa3e8..adfdc41abf 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Perform Online Activation diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index a4038a2e4d..93bf083b08 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: medium --- diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index ab273007b8..62def8d290 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Perform Proxy Activation diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index da875ea27e..5d72e09b0c 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Remove Products diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 385af084f9..6643bb09c6 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Scenario 3: KMS Client Activation diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index a5c448c186..2d818a946e 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Scenario 1: Online Activation diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index 8059e34cae..4298e90b11 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Scenario 2: Proxy Activation diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index 0e7af45fec..caf624b267 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Update Product Status diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index cc99819630..0322aa4208 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index 3d285f1e56..b461b29aa7 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Use VAMT in Windows PowerShell diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 2e9ac12d08..b2eaf3b2bc 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # VAMT Known Issues diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 99379424ef..6e4a94c8e3 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # VAMT Requirements diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 5582bd3417..7d6fd78f4d 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # VAMT Step-by-Step Scenarios diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index 887c116352..e315f32f6f 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms --- # Volume Activation Management Tool (VAMT) Technical Reference diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 2ed015e7ba..a9746eeb19 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -author: jdeckerMS +author: jdeckerms localizationpriority: high --- diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index bd6bc5f1e7..c0eb96f69d 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -25,7 +25,7 @@ #### [Investigate files](windows-defender-atp\investigate-files-windows-defender-advanced-threat-protection.md) #### [Investigate an IP address](windows-defender-atp\investigate-ip-windows-defender-advanced-threat-protection.md) #### [Investigate a domain](windows-defender-atp\investigate-domain-windows-defender-advanced-threat-protection.md) -#### [View and organize the Machines view](windows-defender-atp\machines-view-overview-windows-defender-advanced-threat-protection.md) +#### [View and organize the Machines list](windows-defender-atp\machines-view-overview-windows-defender-advanced-threat-protection.md) #### [Investigate machines](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md) ##### [Search for specific alerts](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-alerts) ##### [Filter events from a specific date](windows-defender-atp\investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) @@ -72,8 +72,10 @@ #### [Turn on advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md) #### [Turn on preview experience](windows-defender-atp\preview-settings-windows-defender-advanced-threat-protection.md) #### [Configure email notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md) +#### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md) +#### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md) ### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md) -### [Windows Defender ATP service status](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md) +### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md) ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md) ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md) ### [Windows Defender Antivirus compatibility](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md) @@ -156,4 +158,4 @@ ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) -## [Change history for Threat Protection](change-history-for-threat-protection.md) \ No newline at end of file +## [Change history for Threat Protection](change-history-for-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md index 22861fbaa2..eba6caa7cc 100644 --- a/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md @@ -24,16 +24,25 @@ localizationpriority: high The sensor health tile provides information on the individual endpoint’s ability to provide sensor data and communicate with the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues. -![Windows Defender ATP sensor health tile](images/atp-sensor-health-filter.png) +![Windows Defender ATP sensor health tile](images/atp-portal-sensor.png) There are two status indicators on the tile that provide information on the number of machines that are not reporting properly to the service: - **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month. - **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected. -Clicking any of the groups directs you to Machines view, filtered according to your choice. +Clicking any of the groups directs you to Machines list, filtered according to your choice. ![Windows Defender ATP sensor filter](images/atp-sensor-filter.png) + + +You can also download the entire list in CSV format using the **Export to CSV** feature. For more information on filters, see [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md). + You can filter the health state list by the following status: - **Active** - Machines that are actively reporting to the Windows Defender ATP service. - **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service. @@ -45,7 +54,7 @@ You can view the machine details when you click on a misconfigured or inactive m ![Windows Defender ATP sensor filter](images/atp-machine-health-details.png) -In the **Machines view**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page. +In the **Machines list**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page. >[!NOTE] >Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is. diff --git a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 8084bd32aa..494eb84889 100644 --- a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -35,7 +35,7 @@ The email notification includes basic information about the alert and a link to ## Set up email notifications for alerts The email notifications feature is turned off by default. Turn it on to start receiving email notifications. -1. On the navigation pane, select **Preferences Setup** > **Email Notifications**. +1. On the navigation pane, select **Preferences setup** > **Email Notifications**. 2. Toggle the setting between **On** and **Off**. 3. Select the alert severity level that you’d like your recipients to receive: - **High** – Select this level to send notifications for high-severity alerts. diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index c6e02becaf..703871c3fd 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -28,7 +28,7 @@ localizationpriority: high ## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Select **Group Policy**, click **Download package** and save the .zip file. @@ -74,6 +74,31 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa >[!NOTE] > If you don't set a value, the default value is to enable sample collection. +### Configure reporting frequency settings +Windows Defender ATP reporting frequency was tested over a large number of machines and is optimized to provide a recommended balance between speed and performance. + +In cases where high-value assets or machines are at high risk, you can configure the reporting frequency to expedite mode, allowing the machine to report at a higher frequency. + +> [!NOTE] +> Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical. + +For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal. + +The configuration is set through the following registry key entry: + +``` +Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” +Name: "latency" +Value: Normal or Expedite +``` +Where:
+Key type is a string.
+Possible values are: +- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance +- Expedite - sets reporting frequency from the endpoint to Expedite mode + +The default value in case the registry key doesn’t exist is Normal. + ### Offboard endpoints For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. @@ -82,7 +107,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Click the **Endpoint offboarding** section. @@ -104,16 +129,20 @@ For security reasons, the package used to offboard endpoints will expire 30 days 9. Click **OK** and close any open GPMC windows. +> [!IMPORTANT] +> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months. + + ## Monitor endpoint configuration With Group Policy there isn’t an option to monitor deployment of policies on the endpoints. Monitoring can be done directly on the portal, or by using the different deployment tools. ## Monitor endpoints using the portal 1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/). -2. Click **Machines view**. +2. Click **Machines list**. 3. Verify that endpoints are appearing. > [!NOTE] -> It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting. +> It can take several days for endpoints to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting. ## Related topics diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index d714ae09df..a17a666708 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -33,7 +33,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Select **Endpoint Management** on the **Navigation pane**. + a. Select **Endpoint management** on the **Navigation pane**. b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. @@ -80,7 +80,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre ![Microsoft Intune manage deployment](images/atp-intune-manage-deployment.png) -When the policy is deployed and is propagated, endpoints will be shown in the **Machines view**. +When the policy is deployed and is propagated, endpoints will be shown in the **Machines list**. You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to: - Onboarding @@ -99,12 +99,13 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V > [!NOTE] > - The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated. > - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703. +> - Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical. ### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Select **Endpoint Management** on the **Navigation pane**. + a. Select **Endpoint management** on the **Navigation pane**. b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. @@ -156,7 +157,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Click the **Endpoint offboarding** section. @@ -180,6 +181,8 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W > [!NOTE] > The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated. +> [!IMPORTANT] +> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months. ## Related topics - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index 89f4c7887d..8406829b2f 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -39,7 +39,7 @@ You can use System Center Configuration Manager’s existing functionality to cr 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. @@ -61,7 +61,7 @@ This rule should be a *remediating* compliance rule configuration item that sets The configuration is set through the following registry key entry: -```text +``` Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” Name: "AllowSampleCollection" Value: 0 or 1 @@ -76,6 +76,31 @@ The default value in case the registry key doesn’t exist is 1. For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx). +### Configure reporting frequency settings +Windows Defender ATP reporting frequency was tested over a large number of machines and is optimized to provide a recommended balance between speed and performance. + +In cases where high-value assets or machines are at high risk, you can configure the reporting frequency to expedite mode, allowing the machine to report at a higher frequency. + +> [!NOTE] +> Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical. + +For each endpoint, you can configure a registry key value that determines how frequent a machine reports sensor data to the portal. + +The configuration is set through the following registry key entry: + +``` +Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” +Name: "latency" +Value: Normal or Expedite +``` +Where:
+Key type is a string.
+Possible values are: +- Normal - sets reporting frequency from the endpoint to Normal mode for the optimal speed and performance balance +- Expedite - sets reporting frequency from the endpoint to Expedite mode + +The default value in case the registry key doesn’t exist is Normal. + ### Offboard endpoints @@ -86,7 +111,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Click the **Endpoint offboarding** section. @@ -94,12 +119,14 @@ For security reasons, the package used to offboard endpoints will expire 30 days 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. -3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic. - -4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. +3. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic. a. Choose a predefined device collection to deploy the package to. +> [!IMPORTANT] +> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months. + + ### Monitor endpoint configuration Monitoring with SCCM consists of two parts: diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 31b9b673c4..1bde6ab2f6 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -23,10 +23,13 @@ localizationpriority: high You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network. +> [!NOTE] +> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md). + ## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Select **Local Script**, click **Download package** and save the .zip file. @@ -54,7 +57,7 @@ You can manually configure the sample sharing setting on the endpoint by using * The configuration is set through the following registry key entry: -```text +``` Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” Name: "AllowSampleCollection" Value: 0 or 1 @@ -76,7 +79,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint Management** on the **Navigation pane**. + a. Click **Endpoint management** on the **Navigation pane**. b. Click the **Endpoint offboarding** section. @@ -96,6 +99,10 @@ For security reasons, the package used to offboard endpoints will expire 30 days 5. Press the **Enter** key or click **OK**. +> [!IMPORTANT] +> Offboarding causes the machine to stop sending sensor data to the portal but data from the machine, including reference to any alerts it has had will be retained for up to 6 months. + + ## Monitor endpoint configuration You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running. @@ -104,7 +111,7 @@ Monitoring can also be done directly on the portal, or by using the different de ### Monitor endpoints using the portal 1. Go to the Windows Defender ATP portal. -2. Click **Machines view**. +2. Click **Machines list**. 3. Verify that endpoints are appearing. diff --git a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 914544f7c1..6c9b1b4da5 100644 --- a/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -86,10 +86,6 @@ Europe |```*.blob.core.windows.net```
```crl.microsoft.com```
```eu.vorte If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. - If you selected US as your region, you should permit anonymous traffic for URLs listed in both Central US and East US (2). - - If you selected EU as your region, you should permit anonymous traffic for URLs listed in both West Europe and North Europe. - ## Verify client connectivity to Windows Defender ATP service URLs diff --git a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md index e8de1cb1b4..07eb913511 100644 --- a/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md @@ -24,10 +24,12 @@ localizationpriority: high The **Dashboard** displays a snapshot of: - The latest active alerts on your network -- Machines reporting -- Top machines with active alerts -- The overall status of Windows Defender ATP for the past 30 days -- Machines with active malware detections +- Daily machines reporting +- Machines at risk +- Users at risk +- Machines with active malware alerts +- Sensor health +- Service health You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in. @@ -38,7 +40,7 @@ It also has clickable tiles that give visual cues on the overall health state of ## ATP alerts You can view the overall number of active ATP alerts from the last 30 days in your network from the **ATP alerts** tile. Alerts are grouped into **New** and **In progress**. -![Click on each slice or severity to see a list of alerts from the past 30 days](images/atp.png) +![Click on each slice or severity to see a list of alerts from the past 30 days](images/atp-alerts-tile.png) Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**). @@ -51,9 +53,9 @@ This tile shows you a list of machines with the highest number of active alerts. ![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/atp-machines-at-risk.png) -Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). +Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md). -You can also click **Machines list** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). +You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md). ## Users at risk The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label). @@ -69,19 +71,20 @@ Active malware is defined as threats that were actively executing at the time of Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days. -![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/machines-active-threats-tile.png) +![The Machines with active malware detections tile shows the number of threats and machines for each threat category](images/atp-machines-active-threats-tile.png) The chart is sorted into five categories: -- **Password stealer** - threats that attempt to steal credentials. - **Ransomware** - threats that prevent user access to a machine or its files and demand payment to restore access. +- **Credential theft** - threats that attempt to steal credentials. - **Exploit** - threats that use software vulnerabilities to infect machines. -- **Threat** - all other threats that don't fit into the **Password stealer**, **Ransomware**, or **Exploit** categories. This includes trojans, worms, backdoors, and viruses. -- **Low severity** - threats with low severity, including adware and potentially unwanted software such as browser modifiers. +- **Backdoor** - threats that gives a malicious hacker access to and control of machines. +- **General** - threats that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. +- **PUA** - applications that install and perform undesirable activity without adequate user consent. Threats are considered "active" if there is a very high probability that the malware was executing on your network, as opposed to statically located on-disk. -Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. +Clicking on any of these categories will navigate to the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. > [!NOTE] > The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. @@ -93,21 +96,21 @@ The **Sensor health** tile provides information on the individual endpoint’s a There are two status indicators that provide information on the number of machines that are not reporting properly to the service: - **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month. -- **Misconfigured** – These machines might partially be reporting telemetry to the Windows Defender ATP service and might have configuration errors that need to be corrected. +- **Misconfigured** – These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected. -When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md). +When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md). ## Service health The **Service health** tile informs you if the service is active or if there are issues. ![The Service health tile shows an overall indicator of the service](images/status-tile.png) -For more information on the service status, see [Check the Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md). +For more information on the service health, see [Check the Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md). ## Daily machines reporting The **Daily machines reporting** tile shows a bar graph that represents the number of machines reporting alerts daily in the last 30 days. Hover over individual bars on the graph to see the exact number of machines reporting in each day. -![The Machines reporting tile shows the number of machines reporting each day for the past 30 days](images/machines-reporting-tile.png) +![Image of daily machines reporting tile](images/atp-daily-machines-reporting.png) ## Related topics - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md) @@ -115,8 +118,8 @@ The **Daily machines reporting** tile shows a bar graph that represents the numb - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index e995968888..53cc303fdd 100644 --- a/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -29,14 +29,14 @@ Enable security information and event management (SIEM) integration so you can p 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant. - WARNING:
- The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ > [!WARNING] + >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). 3. Choose the SIEM type you use in your organization. - NOTE:
- If you select HP ArcSight, you'll need to save these two configuration files:
+ > [!NOTE] + > If you select HP ArcSight, you'll need to save these two configuration files:
- WDATP-connector.jsonparser.properties - WDATP-connector.properties
diff --git a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index a301137ca4..8b5493c587 100644 --- a/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -36,7 +36,7 @@ A reinstalled or renamed machine will generate a new machine entity in Windows D **Machine was offboarded**
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive. -Do you expect a machine to be in ‘Active’ status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561). +Do you expect a machine to be in ‘Active’ status? [Open a support ticket ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561). ## Misconfigured machines Misconfigured machines can further be classified to: diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png new file mode 100644 index 0000000000..61ff260c38 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-queue-user.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png new file mode 100644 index 0000000000..8cf482904e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-selected.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alerts-tile.png b/windows/threat-protection/windows-defender-atp/images/atp-alerts-tile.png new file mode 100644 index 0000000000..ed3cf79941 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alerts-tile.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png b/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png new file mode 100644 index 0000000000..2b0253847e Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-alertsq2.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png b/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png index dd7fe7dc4d..f62d84df10 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png and b/windows/threat-protection/windows-defender-atp/images/atp-azure-ui-user-access.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png b/windows/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png new file mode 100644 index 0000000000..e46f058e86 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-daily-machines-reporting.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png new file mode 100644 index 0000000000..fd0625088a Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machines-active-threats-tile.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png index 219e958d7d..cfa3cbda3e 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png and b/windows/threat-protection/windows-defender-atp/images/atp-machines-at-risk.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-misconfigured.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-misconfigured.png new file mode 100644 index 0000000000..3de8f88a28 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-misconfigured.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png new file mode 100644 index 0000000000..746d043732 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-machines-list-view.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-main-portal.png b/windows/threat-protection/windows-defender-atp/images/atp-main-portal.png index 2aa75b7dca..3336f8a1ac 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-main-portal.png and b/windows/threat-protection/windows-defender-atp/images/atp-main-portal.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png b/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png new file mode 100644 index 0000000000..06ab5d849d Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-portal-sensor.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-portal.png b/windows/threat-protection/windows-defender-atp/images/atp-portal.png new file mode 100644 index 0000000000..fae0f45bd7 Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-portal.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png b/windows/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png index b82d66a85a..e59480d960 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png and b/windows/threat-protection/windows-defender-atp/images/atp-sensor-health-filter.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/atp-users-at-risk.png b/windows/threat-protection/windows-defender-atp/images/atp-users-at-risk.png index cd43cdf607..c2b81ca99a 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/atp-users-at-risk.png and b/windows/threat-protection/windows-defender-atp/images/atp-users-at-risk.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/components.png b/windows/threat-protection/windows-defender-atp/images/components.png index 840f1cb0df..04ab864727 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/components.png and b/windows/threat-protection/windows-defender-atp/images/components.png differ diff --git a/windows/threat-protection/windows-defender-atp/images/rules-legend.png b/windows/threat-protection/windows-defender-atp/images/rules-legend.png index a48783c6e3..7739ccfda2 100644 Binary files a/windows/threat-protection/windows-defender-atp/images/rules-legend.png and b/windows/threat-protection/windows-defender-atp/images/rules-legend.png differ diff --git a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index 58805fa39c..e456a18096 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -79,8 +79,8 @@ Selecting an alert detail brings up the **Details pane** where you'll be able to - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md index d0e04eabe5..b107b3b042 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md @@ -49,8 +49,8 @@ The **Communication with URL in organization** section provides a chronological - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md index e45a3d17d3..ebf5a67b89 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md @@ -57,8 +57,8 @@ This allows for greater accuracy in defining entities to display such as if and - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md index 1b792ae89e..b531ee93f6 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md @@ -57,8 +57,8 @@ Clicking any of the machine names will take you to that machine's view, where yo - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 5073e541f6..0c4eaeb6e2 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- -title: Investigate machines in the Windows Defender ATP Machines view -description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view. +title: Investigate machines in the Windows Defender ATP Machines list +description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines list. keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# Investigate machines in the Windows Defender ATP Machines view +# Investigate machines in the Windows Defender ATP Machines list **Applies to:** @@ -26,7 +26,7 @@ Investigate the details of an alert raised on a specific machine to identify oth You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas: -- The [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) - The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md) - Any individual alert @@ -97,7 +97,7 @@ You can also export detailed event data from the machine timeline to conduct off ### Navigate between pages Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**. -From the **Machines view**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line. +From the **Machines list**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line. From the list of events that are displayed in the timeline, you can examine the behaviors or events in to help identify indicators of interests such as files and IP addresses to help determine the scope of a breach. You can then use the information to respond to events and keep your system secure. @@ -117,7 +117,7 @@ This enhances the ‘in-context’ information across investigation and explorat - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md index e0b1346b9e..9f45aa0817 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md @@ -69,7 +69,7 @@ You can filter the results by the following time periods: - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md index 4f1523a324..9dd0f7d8b2 100644 --- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md @@ -105,7 +105,7 @@ Each rule shows: - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 6eb46cb27f..82efa42cc1 100644 --- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -41,9 +41,9 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us ### Network and data storage and configuration requirements When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: either in a European or United States datacenter. -> **Notes**   -- You cannot change your data storage location after the first-time setup. -- Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data. +> [!NOTE] +> - You cannot change your data storage location after the first-time setup. +> - Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data. ### Endpoint hardware and software requirements @@ -68,7 +68,7 @@ The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to com For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) . -Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10, but if it has been disabled you can turn it on by following the instructions in the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) section. +Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10. ### Telemetry and diagnostics settings You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization. diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 3e1b3c8a80..6104ea6ffb 100644 --- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -31,11 +31,11 @@ You can use the [Windows Defender ATP portal](https://securitycenter.windows.com ## Windows Defender ATP portal When you open the portal, you’ll see the main areas of the application: - ![Windows Defender Advanced Threat Protection portal](images/atp-main-portal.png) + ![Windows Defender Advanced Threat Protection portal](images/atp-portal.png) -- (1) Search, Feedback, Settings, Help and support -- (2) Navigation pane -- (3) Main portal +- (1) Navigation pane +- (2) Main portal Search +- (3) Feedback, Settings, Help and support > [!NOTE] > Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. @@ -45,14 +45,14 @@ You can navigate through the portal using the menu options available in all sect Area | Description :---|:--- (1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.
**Feedback** -Access the feedback button to provide comments about the portal.
**Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information.
**Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support. -(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**. +(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**. **Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization. **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts. -**Machines view** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. -**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues. +**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. +**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. **Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. -**Endpoint Management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. -(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view. +**Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. +(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list. ## Windows Defender ATP icons The following table provides information on the icons used all throughout the portal: diff --git a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index dab6725222..e2904380b5 100644 --- a/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -30,3 +30,5 @@ Topic | Description [Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products. [Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features. [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications. +[Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) | Enable security information and event management (SIEM) integration to pull alerts from the Windows Defender ATP portal using your SIEM solution. +[Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application. diff --git a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md index a22e882c62..597cefb9a1 100644 --- a/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ Topic | Description - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md) - [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md) - [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md) -- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md) -- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) +- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) - [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md) - [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index 6c8623a564..088b4ed61a 100644 --- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Check the Windows Defender ATP service status -description: Check Windows Defender ATP service status, see if the service is experiencing issues and review previous issues that have been resolved. -keywords: dashboard, service, issues, service status, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time +title: Check the Windows Defender ATP service health +description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved. +keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# Check the Windows Defender Advanced Threat Protection service status +# Check the Windows Defender Advanced Threat Protection service health **Applies to:** @@ -21,11 +21,11 @@ localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time. +The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time. You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status. -You can view details on the service status by clicking the tile from the **Dashboard** or selecting the **Service health** menu from the navigation pane. +You can view details on the service health by clicking the tile from the **Dashboard** or selecting the **Service health** menu from the navigation pane. The **Service health** details page has the following tabs: @@ -33,7 +33,7 @@ The **Service health** details page has the following tabs: - **Status History** ## Current issues -The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service status is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: +The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: - Date and time for when the issue was detected - A short description of the issue diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 85ad29fad8..6e7445cde4 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -24,12 +24,12 @@ localizationpriority: high You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints. -If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem. +If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem. ## Troubleshoot onboarding when deploying with Group Policy Deployment with Group Policy is done by running the onboarding script on the endpoints. The Group Policy console does not indicate if the deployment has succeeded or not. -If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). +If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. @@ -43,7 +43,7 @@ When onboarding endpoints using the following versions of System Center Configur Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the endpoints. You can track the deployment in the Configuration Manager Console. -If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). +If the deployment fails, you can check the output of the script on the endpoints. If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. @@ -64,7 +64,7 @@ Event ID | Error Type | Resolution steps :---|:---|:--- 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. 10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically
```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.
Verify that the script was ran as an administrator. -15 | Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). +15 | Failed to start SENSE service |Check the service health (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). 15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy) for instructions. 30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location
```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.
The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). @@ -82,13 +82,13 @@ Use the following tables to understand the possible causes of issues while onboa - Known issues with non-compliance table - Mobile Device Management (MDM) event logs table -If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt. +If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint management** section of the portal, and run it in an elevated command prompt. **Microsoft Intune error codes and OMA-URIs**: Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps :---|:---|:---|:---|:--- -0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). +0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields.

**Troubleshooting steps:**
Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

If it doesn't exist, open an elevated command and add the key. | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx). | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional.
Server is not supported. diff --git a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md index e614c969ca..6b8436e6ef 100644 --- a/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md @@ -44,7 +44,7 @@ Topic | Description [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach. [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses. [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain. -[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list. +[View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list. [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats. [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts. [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert. diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 183bf2bd6b..7d4f31f76b 100644 --- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -86,12 +86,19 @@ detect sophisticated cyber-attacks, providing: Topic | Description :---|:--- [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels. +[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and enable the preview experience. [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored. [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory. [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints. [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks. [Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise. +[Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) | Learn about pulling alerts from the Windows Defender ATP portal using supported security information and events management (SIEM) tools. +[Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) | Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. +[Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service. [Windows Defender Advanced Threat Protection settings](settings-windows-defender-advanced-threat-protection.md) | Learn about setting the time zone and configuring the suppression rules to configure the service to your requirements. +[Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. +[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information. +[Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues. [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP. [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required. [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender works in conjunction with Windows Defender ATP.