Merge remote-tracking branch 'refs/remotes/origin/master' into jdreboot

2025-05-14 06:17:22 +00:00 · 2016-10-11 11:11:31 -07:00 · 2016-10-11 11:11:31 -07:00 · eb3768e889
commit eb3768e889
parent ef51268762 549df8dba4
17 changed files with 65 additions and 17 deletions
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@ -11,6 +11,11 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 ## October 2016
 | New or changed topic | Description |
 |----------------------|-------------|
 | [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) | New | 
 ## September 2016
 | New or changed topic | Description |
 |----------------------|-------------|
@ -29,11 +34,6 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 =======
 ## October 2016
 | New or changed topic | Description |
 |----------------------|-------------|
 | [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) | New | 
 ## August 2016
 | New or changed topic | Description |
 |----------------------|-------------|
--- a/windows/deploy/resolve-windows-10-upgrade-errors.md
+++ b/windows/deploy/resolve-windows-10-upgrade-errors.md
@ -102,7 +102,7 @@ Note: If only a result code is returned, this can be because a tool is being use
 ### Result codes
->A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. <BR>To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Other error codes](#other-error-codes) section later in this topic.
+>A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. <BR>To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic.
 Result codes can be matched to the type of error encountered. To match a result code to an error:
--- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@ -33,15 +33,53 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
-    a.  Click **Endpoint Management** on the **Navigation pane**.
+    a.  Select **Endpoint Management** on the **Navigation pane**.
-    b.  Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file.
+    b.  Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
      ![Endpoint onboarding](images/atp-onboard-mdm.png)
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named  *WindowsDefenderATP.onboarding*.
 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
-Onboarding - Use the onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
+  a. Select **Policy** > **Configuration Policies** > **Add**.
  ![Microsoft Intune Configuration Policies](images/atp-intune-add-policy.png)
  b. Under **Windows**, select **Custom Configuration (Windows 10 Desktop and Mobile and later)** > **Create and Deploy a Custom Policy** > **Create Policy**.
  ![Microsoft Intune Configuration Policies](images/atp-intune-new-policy.png)
  c. Type a name and description for the policy.
  ![Microsoft Intune Create Policy](images/atp-intune-policy-name.png)
  d. Under OMA-URI settings, select **Add...**.
  ![Microsoft Intune add OMC-URI](images/atp-intune-add-oma.png)
  e. Type the following values then select **OK**:
  ![Microsoft Intune save policy](images/atp-intune-oma-uri-setting.png)
  - **Setting name**: Type a name for the setting.
  - **Setting description**: Type a description for the setting.
  - **Data type**: Select **String**.
  - **OMA-URI**:  *./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding*
  - **Value**: Copy and paste the contents of the *WindowsDefenderATP.onboarding* file you downloaded.
  f. Save the policy.
  ![Microsoft Intune save policy](images/atp-intune-save-policy.png)
  g. Deploy the policy.
  ![Microsoft Intune deploy policy](images/atp-intune-deploy-policy.png)
  h. Select the device group to deploy the policy to:
  ![Microsoft Intune manage deployment](images/atp-intune-manage-deployment.png)
 When the policy is deployed and is propagated, endpoints will be shown in the **Machines view**.
 You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
 - Onboarding
 - Health Status for onboarded machines
 - Configuration for onboarded machines
@ -49,9 +87,9 @@ Onboarding - Use the onboarding policies to deploy configuration settings on end
 Policy | OMA-URI | Type | Value | Description
 :---|:---|:---|:---|:---
 Onboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding | String | Copy content from onboarding MDM file |  Onboarding
-Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE |  Windows Defender ATP service is running
+Health Status for onboarded machines: Sense Is Running | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE |  Windows Defender ATP service is running
- | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
+Health Status for onboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
-  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
+Health Status for onboarded machines: Organization ID | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
 Configuration for onboarded machines  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled
@ -83,8 +121,8 @@ Offboarding - Use the offboarding policies to remove configuration settings on e
 Policy | OMA-URI | Type | Value | Description
 :---|:---|:---|:---|:---
 Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding
- Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
+ Health Status for offboarded machines: Sense Is Running | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
-  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
+Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
 > [!NOTE]
 > The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated.
--- a/windows/keep-secure/images/atp-intune-add-oma.png
+++ b/windows/keep-secure/images/atp-intune-add-oma.png
--- a/windows/keep-secure/images/atp-intune-add-policy.png
+++ b/windows/keep-secure/images/atp-intune-add-policy.png
--- a/windows/keep-secure/images/atp-intune-deploy-policy.png
+++ b/windows/keep-secure/images/atp-intune-deploy-policy.png
--- a/windows/keep-secure/images/atp-intune-manage-deployment.png
+++ b/windows/keep-secure/images/atp-intune-manage-deployment.png
--- a/windows/keep-secure/images/atp-intune-new-policy.png
+++ b/windows/keep-secure/images/atp-intune-new-policy.png
--- a/windows/keep-secure/images/atp-intune-oma-uri-setting.png
+++ b/windows/keep-secure/images/atp-intune-oma-uri-setting.png
--- a/windows/keep-secure/images/atp-intune-policy-name.png
+++ b/windows/keep-secure/images/atp-intune-policy-name.png
--- a/windows/keep-secure/images/atp-intune-save-policy.png
+++ b/windows/keep-secure/images/atp-intune-save-policy.png
--- a/windows/keep-secure/images/atp-onboard-mdm.png
+++ b/windows/keep-secure/images/atp-onboard-mdm.png
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@ -19,7 +19,7 @@ localizationpriority: high
 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN.
 >[!NOTE]
-> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
 Hello addresses the following problems with passwords:
 -   Passwords can be difficult to remember, and users often reuse passwords on multiple sites.
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@ -17,6 +17,9 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 | New or changed topic | Description |
 | --- | --- |
 | [Manage device restarts after updates](waas-restart.md) | New |
 | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
 | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. |
 ## September 2016
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -1353,3 +1353,5 @@ You can turn off automatic updates by doing one of the following. This is not re
    -   **5**. Turn off automatic updates.
 To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
 To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying.
--- a/windows/manage/manage-cortana-in-enterprise.md
+++ b/windows/manage/manage-cortana-in-enterprise.md
@ -24,6 +24,10 @@ Cortana in Windows 10 is already great at letting your employees quickly see wh
 But Cortana works even harder when she connects to Office 365, helping employees prepare for meetings, learn about co-workers, and receive reminders about where they need to be so they won’t be late.
 >**Important**<br>
 >Before your employees can use Cortana with Office 365, they must sign into Cortana using a Microsoft account (such as, @outlook.com), and then they must go to the **Connected Accounts** section of Cortana’s notebook to turn on and connect to Office 365.
 **More info:**
 -   For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@ -67,12 +67,13 @@ Isolated User Mode is now included with Hyper-V so you don't have to install it
 ### Windows Hello for Business
-When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
+When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed Microsoft Passport for Work will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
 Additional changes for Windows Hello in Windows 10, version 1607:
 - Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
 - Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
 - Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
 <!--- Users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser.-->
 [Learn more about Windows Hello for Business.](../keep-secure/manage-identity-verification-using-microsoft-passport.md)